Support » Plugin: UpdraftPlus WordPress Backup Plugin » Rescan Remote Storage

  • 368durham

    (@368durham)


    For years I used updraftplus as my go-to for client backups. The plugin was synced with Google Drive and it saved me several times, especially when clients would use subpar hosts prone to issues or crashes. I always considered this to be an essential plugin for ANY wordpress install.

    A while back, they added a free feature to rescan remote storage. Using this plugin with multiple client websites, any website can see every single backup. Website A can grab the SQL file for Website B and download it locally. A few people on the support forms have complained about this feature but it has always be discussed as an issue on the Google Drive end. However, the feature could just an easily be removed completely from the updraft core. Maybe other users have found this to be useful, but on my end it’s a massive security concern. The amount of data that could be exported through these databases in massive.

    If a single website was hacked, or a ex-employee with admin login uses the rescan remote storage, the damage would be overwhelming. I’ve spent the last two days moving every single client website off of Updraftplus and to a seperate backup system that doesn’t have this feature.

    I understand that the paid Google Drive addon allows you to create seperate folders and that’s fine. I’m just not a big fan of adding features like this that suddenly require you to purchase a plugin for multiple websites or in my case, hundreds.

    Hopefully this gets adjusted in the future as the plugin authors have created a great plugin, and you can tell they take great pride in their work.

Viewing 1 replies (of 1 total)
  • Plugin Author David Anderson

    (@davidanderson)

    Hi @368durham,

    It sounds like you are trying to use the free Google Drive to service dozens of clients. There are several reasons given by Google why you should and must not do this. Google Drive’s terms and conditions on your individual Google account explicitly forbid using your Google Drive for commercial usage. In keeping with that, Google Drive does not have (at their end) security features to segregate one set data from another’s. It does not comply with data protection laws, and does scan all your uploaded data to boost Google’s profile of you. https://updraftplus.com/google-drive-have-you-read-those-terms-and-conditions/

    If you read the Google Drive security token out of the WordPress database then, regardless of what UpdraftPlus were to show in the user interface, you can use it to access all that you’ve stored on Google Drive with UpdraftPlus. i.e. If the feature was removed from the UpdraftPlus user interface, it would make no difference to what Google forbids/permits. As I say, this is Google’s design + intention.

    For corporate usage, Google offer Google Cloud. It incorporates the security features that allow true segregation. Google Cloud, unlike Google Drive, also allows you to comply with data protection laws, and doesn’t scan all your uploaded data.

    The situation is similar with other cloud providers’ offerings. They have offerings pitched at single users (e.g. Microsoft OneDrive, Amazon Drive (N.B. we don’t support Amazon Drive)), and different ones pitched at corporate entities (Microsoft Azure, Amazon S3). The ones pitched at people with clients, like yourself, provide the proper security controls.

    The ‘remote scan’ storage (part of UD since March 2014, BTW, so not “suddenly” added), has an important intended function – to allow you to import a backup set not created on the current WP install. e.g. If you need to re-install and pull something back from remote storage; or if you are cloning another site for development or staging purposes.

    Please do ask any further questions you have in our support forum: https://wordpress.org/support/plugin/updraftplus

    David

Viewing 1 replies (of 1 total)
  • The topic ‘Rescan Remote Storage’ is closed to new replies.