WordPress.org

Forums

  1. Sith Lord Goz
    Member
    Posted 2 years ago #

    Hi!

    This is a really great plugin - probably the best one-click backup tool I've found. I noticed one security thing though: by default, any backups you create can be directly downloaded by ANYONE if they happen to know the URL.

    For example, you may do a backup of example.com, and the file could be:

    http://example.com/administrator/backups/backup_2012-11-15_09-05_example.com-sql-nodrop.tar

    Obviously, it's unlikely someone would guess this, but if they did - they can download your entire site!

    I usually drop a quick .htaccess file into the /administrator/ folder to prevent direct access:


    # Prevent direct browsing
    RewriteEngine On
    RewriteBase /
    RewriteRule .* - [F]

    Maybe you could include such a thing in the automated install process so that other people get this protection automatically?

    Just an idea for a small improvement to a great plugin.

    http://wordpress.org/extend/plugins/xcloner-backup-and-restore/

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • XCloner - Backup and Restore
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic