- This topic has 2 replies, 2 voices, and was last updated 8 years, 5 months ago by .
- The topic ‘Opinions on automatic backup plugins and security’ is closed to new replies.
These forums are for general discussion on WordPress and Genesis. Official support for StudioPress themes is offered exclusively at My StudioPress. Responses in this forum are not guaranteed. Please note that this forum will require a new username, separate from the one used for My.StudioPress.
Any opinions about using plugins such as Updraft, that backup databases and files? I've hesitated to use plugins like this due to security concerns.
However, the frequency of plugin updates is becoming time-consuming to manage. I still backup databases and files manually with each plugin update.
Would appreciate any comments on how others manage keeping WP sites up to date. Thanks.
I don't have any experience with Updraft, so I can't comment on it specifically. Backup plugins can introduce security issues, but in that sense they're like other plugins. WP DB-Backup had a security issue a few years ago, but it was resolved by the plugin author very quickly. In and of themselves, backup plugins are no more of a security risk than other plugins, if you do reasonable due diligence on the plugin itself.
What prompted me to comment was your combination of updating plugins and security. Good security really starts with proper site configuration. (I've made a number of old posts on this topic that are probably findable via the search function.) In this regard, the vast majority of WP self-hosted sites are configured to compromise security to make plugin and WP updates easier. That's because to enable updating via the dashboard, the wp-content folder must be writable, but making the folder writable is the single biggest security vulnerability. You can't have easy updates and best security practices.
On your general security concern and keeping WP sites up to date and backed up, we do managed WP hosting, where we handle updates and backups. Our wp-content folder is not writable except through highly secure SSH, and that closes the door on a lot of potential attacks. If security is a big concern, you may want to consider hardening your site or having it hosted in a more secure environment. Otherwise, you're trading security for ease of use, which may not be a good trade over the long haul.
Bill, thanks for your thoughtful reply. I'll check out your other posts on this topic.
© 2023 WPEngine, Inc.