Title: Local backup security Last modified: October 4, 2017 --- # Local backup security * Resolved [Alex Cicovic](https://wordpress.org/support/users/acicovic/) * (@acicovic) * [8 years, 7 months ago](https://wordpress.org/support/topic/local-backup-security/) * Hi, * Is storing local backup to /wp-content/ directory safe? Does UpdraftPlus do something to guarantee that your backup won’t get downloaded by a malicious user? * Thanks! Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Contributor [DNutbourne](https://wordpress.org/support/users/dnutbourne/) * (@dnutbourne) * [8 years, 7 months ago](https://wordpress.org/support/topic/local-backup-security/#post-9556152) * Hi, * We don’t recommend storing the backup only in the local wp-content folder, as it is then susceptible to being lost if the site is deleted. * Any backup files in the wp-content directory are as secure as the rest of the directory, and will share the same file permissions. * Thread Starter [Alex Cicovic](https://wordpress.org/support/users/acicovic/) * (@acicovic) * [8 years, 7 months ago](https://wordpress.org/support/topic/local-backup-security/#post-9558111) * Hi DNutbourne, * Thank you for your answer. My question was more about whether UpdraftPlus does something to randomize the filenames so the files can’t be directly downloaded by a third party. If the filename is predictable, then someone else could potentially download your zip files and have all your data. * It would be good if we could actually store the backup in a non-public location on the server. Perhaps this is something worth considering as a feature? * Thanks! * Plugin Contributor [DNutbourne](https://wordpress.org/support/users/dnutbourne/) * (@dnutbourne) * [8 years, 7 months ago](https://wordpress.org/support/topic/local-backup-security/#post-9559968) * Hi, * Yes, UpdraftPlus backup filenames include a randomised string. The structure of the filename is: * backup_2017-10-5-0000_Wordpress_776a6c9a475a-plugins backup___-
* This random string is also used to identify the log file. * As such, a third party would need to know the exact time and random string to download the file. * Thread Starter [Alex Cicovic](https://wordpress.org/support/users/acicovic/) * (@acicovic) * [8 years, 7 months ago](https://wordpress.org/support/topic/local-backup-security/#post-9562351) * OK, thanks! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Local backup security’ is closed to new replies. * ![](https://ps.w.org/updraftplus/assets/icon-256x256.jpg?rev=1686200) * [UpdraftPlus: WP Backup & Migration Plugin](https://wordpress.org/plugins/updraftplus/) * [Frequently Asked Questions](https://wordpress.org/plugins/updraftplus/#faq) * [Support Threads](https://wordpress.org/support/plugin/updraftplus/) * [Active Topics](https://wordpress.org/support/plugin/updraftplus/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/updraftplus/unresolved/) * [Reviews](https://wordpress.org/support/plugin/updraftplus/reviews/) ## Tags * [backup location](https://wordpress.org/support/topic-tag/backup-location/) * [download](https://wordpress.org/support/topic-tag/download/) * 4 replies * 2 participants * Last reply from: [Alex Cicovic](https://wordpress.org/support/users/acicovic/) * Last activity: [8 years, 7 months ago](https://wordpress.org/support/topic/local-backup-security/#post-9562351) * Status: resolved