Backup Plugin — no longer included?

Hopefully not, since implementation of it meant leaving a hole you could drive a mack truck through on both your install and your host-server….

vkaryl – Do you have any recommendations for a more secure way of backing up the database?

Download the phpmyadmin plugin and you can do it from inside your WP admin:
https://www.silpstream.com/blog/wp-phpmyadmin/

if not try my WP-DBManager. https://www.lesterchan.net/wordpress/readme/wp-dbmanager.html

As far as secure: yes, set up a cron to run within your host control panel. Or do it manually through phpmyadmin (which is what I do, on a weekly basis, for upwards of 30 blogs for my clients and myself).

This is your data; what’s more important? Making sure you have a good backup, or letting an insecure setup in your program handle it (and possibly allow your whole domain and potentially your host server to be compromised)?

I don’t know about how secure the other two plugins mentioned above are – I don’t use plugins to handle backups.

vkaryl – Can you explain a bit more about the security hole? I’m curious what, exactly, the hole is so I can learn a bit more about how my blogs can be hacked.

There won’t be any talk of security holes around here. We can’t give this stuff out for obvious reasons.

I understand that it’s not something that should be talked about in too public a forum. At the same time I have an interest in learning more so I can improve the way I think about security when I’m coding. That’s the angle my question comes from. I’m open to talking off of this forum so I can learn more about this if that is possible.

The backup plugin is mostly no longer needed because of the Import + Export functionality that you’ll now find on the Manage panel. Export will let you create an XML file of your blog which Import will read and rebuild your blog from.

And I don’t know about security holes, but you can download the updated backup plugin from here:
https://www.ilfilosofo.com/blog/2007/01/22/wordpress-database-backup-re-release-version-20/

The main problem with it, as I understand it, is that if you have it backing up the database to your server, and that backup is not secure, somebody could find it, read it, and get enough info from it to take over your blog.

Obviously the backup file itself will contain sensitive information. Based on how it was said I assumed that the security issue was in the plugin itself as opposed to the backup file. I guess I misunderstood.

Some versions of the plugin did have more serious security holes, but there were none like that in version 1.8 that I am aware of. And 1.8 was in the last few 2.0.x downloads, so as long as you were up to date, I don’t think it was any major deal. The only problem I’m really aware of required admin access to the WordPress install anyway.