Bucket keys/info are stored in plain view in the database of each child-site and are common amongst all children from the mainwp dashboard settings.
This means that if someone gets access to one of your clients sites and are able to read the wp_options table, they have access to all the backups of the other mainwp children sites.
This need to be rethought.
I commend the ease of use, but this is just a no go for security reasons.
- The topic ‘Terrible security practice’ is closed to new replies.