[Plugin: WP-DB-Backup] huge security hole

  • hello, i tried creating a backup that would be emailed, but the email failed.
    I created a backup to server. But is the folder is writable then it is publicly available, right?

    I searched the net and found lots of peoples backups. Someone could use these to steal content including private posts and passwords.

    See this google search

Viewing 7 replies - 16 through 22 (of 22 total)

  • GAMERZ and FILOSOFO:

    What do you think of each/other’s plugins?.

    Right now, if the backup directory is not writable, the “Backup now!” button is not visible – even if you are not using the “Save to server” option.

    How about making the “Backup now!” button visible if either the “Download to your computer” or “Email backup” is set, and ignore the writable condition of the backup folder for these options. This way, people who don’t want an all-everything directory on their server can still do a backup if they want it sent to their computer or by email.

    @aguitta: read the readme.html, you are supposed to move the htaccess which is included in the plugin to the backup directory. Also in the next version, I will check for whether the htaccess is inside the directory, if not it will display an error for the user.

    Hi Gamerz, is the new version moving the htaccess already online or not yet?

    Great work by the way…

    i can’t find the .htaccess file in any where

    Hope this helps. Thx GaMerZ for the forum post:

    Re: Warning: Your backup folder MIGHT be visible to the public!

    Find and Delete:Code:
    add_action(‘admin_notices’, ‘dbmanager_admin_notices’); in wp-dbmanager.php

    Gamerz, Thank you.

Viewing 7 replies - 16 through 22 (of 22 total)
  • The topic ‘[Plugin: WP-DB-Backup] huge security hole’ is closed to new replies.