Securing backup folder

  • Resolved More Than God

    (@more-than-god)


    7 months ago

    Good day, I’ve observed that /wp-content/updraft/ content is publicly available if knowing the exact filename. I think the folder should be locked for non-admin access. Is it possible to make the content permission for admin only users, otherwise return HTTP 401/403?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support vupdraft

    (@vupdraft)

    7 months ago

    Hi,

    You can add something like this to your .htaccess (if you are on apache)

    RewriteEngine on

RewriteRule ^folder/?$ - [F,L]

    or you can change the folder that the backups go to in Settings >> Show expert settings >> Backup directory

    Thread Starter More Than God

    (@more-than-god)

    6 months, 4 weeks ago

    I have this (custom backup directory) but I’d prefer to have permission control on the backup folder –

    full access from ftp
    full access from php (via internal file path)
    forbidden access via fully qualified url (https://mydomain.com/wp-content/updraftplus/backupfile.zip)

    I see there’s an attempt from the plugin creator to achieve this by putting .htaccess file with “deny from all” inside, but testing the access with anonymous request by curl successfully fetches any file within. If it’s supported by OpenLiteSpeed servers maybe I need to adjust it to work?

    • This reply was modified 6 months, 4 weeks ago by More Than God.
Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Securing backup folder’ is closed to new replies.