Support » Plugin: BackUpWordPress » [Plugin: BackUpWordPress] New version 2.0.1 removes .htaccess file!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Tom Willmot


    I’ve removed the reliance on using a .htaccess file for security as it didn’t work in all cases (e.g. non apache servers).

    Instead the backups directory is protected from directory browsing by an index.php file and the backup filenames contain a long string of random characters making them very difficult / impossible to guess.

    BackUpWordPress is still secure.

    Dear Tom,

    thanks for you reply. I must disagree with you, because:

    – over 80% of WordPress installations are powered by Apache, hence presence of .htaccess file is meaningful
    – file names of backups do not contain any random characters, but time data. In case I backup every day, an attacker can easily guess the file name by running an automated tool that will check all 86400 (24*60*60) combinations, which is not that many. Don’t you agree?

    Kind regards
    Erich Szabo

    Plugin Author Tom Willmot


    Both good points,

    I’ll likely bring back the .htaccess in the next version as that will increase security for all Apache installs.

    Thanks for your points.


Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘[Plugin: BackUpWordPress] New version 2.0.1 removes .htaccess file!’ is closed to new replies.