WordPress.org

Plugin Reviews

WP Database Backup

WP Database Backup plugin helps you to create Database Backup and Restore Database Backup easily on single click.Manual or automated backups.

3 reviews
Average Rating
3.8 out of 5 stars
You are currently viewing the reviews that provided a rating of 1 star. Click here to see all reviews.
Insecure, do not use until author updates
By ,

Backup files created with this plugin are stored in plain text with no read protections. If anyone knew you were using this plugin, they could guess the URL of your backups easily and download your entire database, giving them your password hashes, users, everything. DO NOT USE THIS PLUGIN until a patch is issued.

The author should, at the very least, include a .htaccess file in the backup directory that prevents public HTTP access (this would only help apache hosts, but it's better than nothing). A better way to secure the files would be to store them in PHP files that require a nonce to access, or include a random string in the file name. The current plugin uses the epoch time as a pseudo-random number included in the file name, which is totally acceptable, especially for a plugin that can schedule backups.

Aside from the security issues, I like your plugin. If you would like help securing it, I'd be happy to offer advice or contribute code.

Awful, author should be more careful when writing such plugins.
By , for WP 3.9.2

Man, I relied on your plugin and had to work one whole day to rebuild the database.

Even after the 2.1 update, the backup files are kinda empty, they contain the structure and empty inserts:

INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
INSERT INTO wp_postmeta VALUES("","","","");
Illegal string warning
By , for WP 3.9.1

Gives an "illegal string offset" warning (WP 3.9.1) so needs work.

You must log in to submit a review. You can also log in or register using the form near the top of this page.