Title: Security flaw: web accessible .sql dump
Last modified: August 21, 2016

---

# Security flaw: web accessible .sql dump

 *  Resolved [headonfire](https://wordpress.org/support/users/headonfire/)
 * (@headonfire)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/)
 * Hello,
    The plugin looks really promising! While I’m still trying to make it 
   work (at least on Windows it’s not working, the details are in another thread)
   I’ve already noticed a serious security breach – .sql dump file is saved in /
   wp-content/uploads/ folder and is accessible from web by anyone. You should instruct
   users how to limit access to this file via .htacces and Nginx conf, or (preferably)
   write it automatically (at least to .htaccess, with Nginx conf it might be impossible).
 * I’m not good in .htaccess directives, use this cheat sheet to write proper rule:
   [http://borkweb.com/story/apache-rewrite-cheatsheet](http://borkweb.com/story/apache-rewrite-cheatsheet)
 * For Nginx conf it will be this:
    `location ~ \.sql { deny all; }`
 * [https://wordpress.org/plugins/revisr/](https://wordpress.org/plugins/revisr/)

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [Expanded Fronts](https://wordpress.org/support/users/expandedfronts/)
 * (@expandedfronts)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/#post-5041503)
 * Hi Ihor,
 * We’re working on the documentation as we speak and I’ll be sure to include your
   suggestions above and credit where necessary. Thanks for your feedback!
 *  Plugin Author [Expanded Fronts](https://wordpress.org/support/users/expandedfronts/)
 * (@expandedfronts)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/#post-5041504)
 * Hi Ihor,
 * We’re working on the documentation as we speak and I’ll be sure to include your
   suggestions above and credit where necessary. Thanks for your feedback!
 *  Thread Starter [headonfire](https://wordpress.org/support/users/headonfire/)
 * (@headonfire)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/#post-5041505)
 * Cool! Let’s have this thread open for now and when docs are ready – post a link
   here so we can mark it as ‘resolved’ for a reason. For next generations)
 *  Plugin Author [Expanded Fronts](https://wordpress.org/support/users/expandedfronts/)
 * (@expandedfronts)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/#post-5041701)
 * Hi,
 * Marking this as resolved as this is in the documentation both here:
    [https://wordpress.org/plugins/revisr/installation/](https://wordpress.org/plugins/revisr/installation/)
 * And here: [http://revisr.io/documentation/](http://revisr.io/documentation/)
 * Noted on automatically writing to .htaccess. This will be included next release.
 *  Thread Starter [headonfire](https://wordpress.org/support/users/headonfire/)
 * (@headonfire)
 * [11 years, 8 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/#post-5041702)
 * Cool! I love your plugin more and more everyday 🙂

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Security flaw: web accessible .sql dump’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/revisr_ecf0f1.svg)
 * [Revisr](https://wordpress.org/plugins/revisr/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/revisr/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/revisr/)
 * [Active Topics](https://wordpress.org/support/plugin/revisr/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/revisr/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/revisr/reviews/)

## Tags

 * [dump](https://wordpress.org/support/topic-tag/dump/)
 * [htaccess](https://wordpress.org/support/topic-tag/htaccess/)
 * [nginx](https://wordpress.org/support/topic-tag/nginx/)

 * 5 replies
 * 2 participants
 * Last reply from: [headonfire](https://wordpress.org/support/users/headonfire/)
 * Last activity: [11 years, 8 months ago](https://wordpress.org/support/topic/security-flaw-web-accessible-sql-dump/#post-5041702)
 * Status: resolved