[LINK] Security Risks of Storing WordPress Backup Files & Old Files Onsite

Discussion in 'Blogging' started by The Scarlet Pimp, Oct 26, 2016.

  1. The Scarlet Pimp

    The Scarlet Pimp Senior Member

    Apr 2, 2008
    Likes Received:
    Chair moistener.
    an article (too long to post) about storing blog files online and the risks involved. this is timely because last month i caught hackers scanning my blog folders for backup files. see below:



    One common problem that we notice on the majority of WordPress websites that we audit are the number backup and old revision files stored on the website. This is a security problem because typically such files can be downloaded by anyone, and the information stored in them could aid malicious hackers craft a successful hack attack as explained in this article.

    What are Old Revision and WordPress Backup Files?

    Old Revision Files
    Not everyone has the commodity of a staging website. In such cases designers and administrators do troubleshooting and test changes on the live website. During such process it is of common practice to make a copy of files before editing them and renaming them with an old extension. For example before modifying wp-config.php, you make a copy of the file and rename it to wp-config.php.old, or wp-config.old, or wp-config.bak.
    WordPress Backup Files

    By default, the majority of the hosting providers store and WordPress plugins store the WordPress backup files on the website itself. Typically these backups are zip files and are stored in the /wp-content/uploads/ directory, or the plugin’s directory. Also, the filenames of these backup files are easy to guess or predict, using formats such as [websitename]_[yyyymmdd].zip, or backup_[websitename]_[yyyymmdd].zip.