Security Implications when using wpb2d

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Contributor Michael De Wildt

    (@michaeldewildt)

    Gday,

    The SQL removed when the backup completes so there is only a small window to guess your site name and grab the file.

    If you have .htaccess enabled on your server then you can add one to the backups directory containing ‘deny from all’.

    This will make it impossible for users to download the SQL dump. The plugin used to write this file but I had to remove the feature because it was causing other issues.

    Hmm, security by obscurity is probably the best option here and I will make some changes for the next release.

    Cheers,
    Mikey

    Thread Starter object81

    (@object81)

    Thank you!

    Will look into htaccess change and look forward for your next release. Nice work!

    Plugin Contributor Michael De Wildt

    (@michaeldewildt)

    Version 1.5 now appends a SHA1 secret to these files making it impossible to guess.

    Cheers,
    Mikey

    this is not resolved beacause it is writen to log file which is very easy to read:
    Uploading large file 'blog-backup-core.sql.SHA1-wpb2d-secret' (xMB) in chunks

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Security Implications when using wpb2d’ is closed to new replies.

Tags