Is it secure to leave a database dump in the site folder?

Personally, I would never leave a data dump on my server especially in a publicly available directory.

not a good idea felix, your DB dump contains all sorts of goodies that hackers might want to get their hands on. create the back up, store it offline somewhere and only use it when you need it. (make regular backups too!)

Well I want to store a backup of the database in the same git repo as the wordpress site. (I haven’t found a way to keep track of the database synchronized with updates to the site’s code except by doing this) So what would be the most secure way to do this? If I put the dump in a subfolder with permissions 700 I can’t get to it through the browser, same goes if I set the permissions on the file to 700. (600 works too and my understanding is that they would have to hack the server to access the file)

leaving it anywhere in plain sight is taking an unholy risk. you shouldn’t put your faith in permissions and other web tricks to stop a determined hacker, they’ll only deter the casual nosey parker. if you leave things like DB usernames and passwords laying about in the open then someone can access the server you’re on and compromise other sites.

the only way to stop a bear from ruining your picnic is to keep your food sealed.

ok ok ok! I’m scared now you can all lay off ?? ?? also this is a really good thing to read: https://blog.sucuri.net/2015/06/websites-hacked-via-website-backups.html

Thanks guys, I appreciate the well deserved warning.

Is the git repo a dotted folder, as in .git  ? If so, that’s a folder invisble to browsers and search engines. Still not the greatest idea, but better than a “visible” folder.

No it’s not a .git. Good to know, thanks.