This is a really great plugin – probably the best one-click backup tool I’ve found. I noticed one security thing though: by default, any backups you create can be directly downloaded by ANYONE if they happen to know the URL.
For example, you may do a backup of example.com, and the file could be:
Obviously, it’s unlikely someone would guess this, but if they did – they can download your entire site!
I usually drop a quick .htaccess file into the /administrator/ folder to prevent direct access:
# Prevent direct browsing
RewriteRule .* - [F]
Maybe you could include such a thing in the automated install process so that other people get this protection automatically?
Just an idea for a small improvement to a great plugin.
- The topic ‘[Plugin: XCloner – Backup and Restore]’ is closed to new replies.