Hi Brad,
This was passed to me. I understand that you are concerned that the WordPress database will store your FTP password if you enter your FTP password in the settings.
This is inevitable if you want to carry out unattended backups. Any plugin that accesses any remote server (whether backups, or something else, via FTP or something else), necessarily needs a security token that gains them access. (With FTP, the ‘token’ is the password). And if you’re expecting that access to taken place unattended, then necessarily the token gets stored in the WP database.
If someone tells you that they have a encryption scheme that means that something can be stored inside WordPress such that a plugin can decrypt it, but that a human being can’t, then that person is selling snake oil. If a human being compromises your WP install then he can just run any code that is part of a plugin. The only means of storage capable of unattended retrieval are the filesystem or database. In all WP break-ins for practical purposes, the attacker has access to both.
If your threat model is off-site backups that a third-party has access to, then a) if the third-party already has access to the storage location, then it’ll be redundant for him to download the database and read the credentials out of it, since he apparently already had access and/or b) someone can use the database encryption feature in UpdraftPlus Premium.
Best wishes,
David
