[LINK] Security Risks of Storing WordPress Backup Files & Old Files Onsite

The Scarlet Pimp

Supreme Member
Apr 2, 2008
1,211
4,155
an article (too long to post) about storing blog files online and the risks involved. this is timely because last month i caught hackers scanning my blog folders for backup files. see below:

/wp-config.php.bak
/wp-config.php.save
/wp-config.php~


---

One common problem that we notice on the majority of WordPress websites that we audit are the number backup and old revision files stored on the website. This is a security problem because typically such files can be downloaded by anyone, and the information stored in them could aid malicious hackers craft a successful hack attack as explained in this article.

What are Old Revision and WordPress Backup Files?

Old Revision Files
Not everyone has the commodity of a staging website. In such cases designers and administrators do troubleshooting and test changes on the live website. During such process it is of common practice to make a copy of files before editing them and renaming them with an old extension. For example before modifying wp-config.php, you make a copy of the file and rename it to wp-config.php.old, or wp-config.old, or wp-config.bak.
WordPress Backup Files

By default, the majority of the hosting providers store and WordPress plugins store the WordPress backup files on the website itself. Typically these backups are zip files and are stored in the /wp-content/uploads/ directory, or the plugin’s directory. Also, the filenames of these backup files are easy to guess or predict, using formats such as [websitename]_[yyyymmdd].zip, or backup_[websitename]_[yyyymmdd].zip.

read more...
https://www.wpwhitesecurity.com/wor...ress-backup-files-old-revision-files-offsite/
 
Back
Top
AdBlock Detected

We get it, advertisements are annoying!

Sure, ad-blocking software does a great job at blocking ads, but it also blocks useful features and essential functions on BlackHatWorld and other forums. These functions are unrelated to ads, such as internal links and images. For the best site experience please disable your AdBlocker.

I've Disabled AdBlock