Local backup security

  • Resolved Alex Cicovic

    (@acicovic)


    7 years, 1 month ago

    Hi,

    Is storing local backup to /wp-content/ directory safe? Does UpdraftPlus do something to guarantee that your backup won’t get downloaded by a malicious user?

    Thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor DNutbourne

    (@dnutbourne)

    Hi,

    We don’t recommend storing the backup only in the local wp-content folder, as it is then susceptible to being lost if the site is deleted.

    Any backup files in the wp-content directory are as secure as the rest of the directory, and will share the same file permissions.

    Thread Starter Alex Cicovic

    (@acicovic)

    Hi DNutbourne,

    Thank you for your answer. My question was more about whether UpdraftPlus does something to randomize the filenames so the files can’t be directly downloaded by a third party. If the filename is predictable, then someone else could potentially download your zip files and have all your data.

    It would be good if we could actually store the backup in a non-public location on the server. Perhaps this is something worth considering as a feature?

    Thanks!

    Plugin Contributor DNutbourne

    (@dnutbourne)

    Hi,

    Yes, UpdraftPlus backup filenames include a randomised string. The structure of the filename is:

    backup_2017-10-5-0000_Wordpress_776a6c9a475a-plugins
    backup_<DATETIME>_<Site Name>_<Random String>-<section>

    This random string is also used to identify the log file.

    As such, a third party would need to know the exact time and random string to download the file.

    Thread Starter Alex Cicovic

    (@acicovic)

    OK, thanks!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Local backup security’ is closed to new replies.