One common problem that we notice on the majority of WordPress websites that we audit are the number backup and old revision files stored on the website. This is a security problem because typically such files can be downloaded by anyone, and the information stored in them could aid malicious hackers craft a successful hack attack as explained in this article. What are Old Revision and WordPress Backup Files?
Old Revision Files
Not everyone has the commodity of a staging website. In such cases designers and administrators do troubleshooting and test changes on the live website. During such process it is of common practice to make a copy of files before editing them and renaming them with an old extension. For example before modifying wp-config.php, you make a copy of the file and rename it to wp-config.php.old, or wp-config.old, or wp-config.bak.
WordPress Backup Files
By default, the majority of the hosting providers store and WordPress plugins store the WordPress backup files on the website itself. Typically these backups are zip files and are stored in the /wp-content/uploads/ directory, or the plugin’s directory. Also, the filenames of these backup files are easy to guess
Source: https://managewp.org/articles/13712/store-wordpress-backup-files-offsite-delete-old-files
source https://williechiu40.wordpress.com/2016/10/28/store-wordpress-backup-files-offsite-delete-old-files/
No comments:
Post a Comment