StudioPress

Forum navigation

Are You Using The WordPress Block Editor?

Genesis now offers plugins that help you build better sites faster with the WordPress block editor (Gutenberg). Try the feature-rich free versions of each plugin for yourself!

Genesis Blocks Genesis Custom Blocks

Opinions on automatic backup plugins and security

Welcome!

These forums are for general discussion on WordPress and Genesis. Official support for StudioPress themes is offered exclusively at My StudioPress. Responses in this forum are not guaranteed. Please note that this forum will require a new username, separate from the one used for My.StudioPress.

Community Forums Forums Archived Forums General Discussion Opinions on automatic backup plugins and security

This topic is: resolved

Tagged: ,

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • August 8, 2014 at 12:59 pm #117803
    Jumpringer
    Member

    Any opinions about using plugins such as Updraft, that backup databases and files? I've hesitated to use plugins like this due to security concerns.

    However, the frequency of plugin updates is becoming time-consuming to manage. I still backup databases and files manually with each plugin update.

    Would appreciate any comments on how others manage keeping WP sites up to date. Thanks.

    August 8, 2014 at 3:37 pm #117822
    Bill Murray
    Member

    I don't have any experience with Updraft, so I can't comment on it specifically. Backup plugins can introduce security issues, but in that sense they're like other plugins. WP DB-Backup had a security issue a few years ago, but it was resolved by the plugin author very quickly. In and of themselves, backup plugins are no more of a security risk than other plugins, if you do reasonable due diligence on the plugin itself.

    What prompted me to comment was your combination of updating plugins and security. Good security really starts with proper site configuration. (I've made a number of old posts on this topic that are probably findable via the search function.) In this regard, the vast majority of WP self-hosted sites are configured to compromise security to make plugin and WP updates easier. That's because to enable updating via the dashboard, the wp-content folder must be writable, but making the folder writable is the single biggest security vulnerability. You can't have easy updates and best security practices.

    On your general security concern and keeping WP sites up to date and backed up, we do managed WP hosting, where we handle updates and backups. Our wp-content folder is not writable except through highly secure SSH, and that closes the door on a lot of potential attacks. If security is a big concern, you may want to consider hardening your site or having it hosted in a more secure environment. Otherwise, you're trading security for ease of use, which may not be a good trade over the long haul.

    Web: https://wpperform.com or Twitter: @wpperform

    We do managed WordPress hosting.

    August 26, 2014 at 2:37 pm #121193
    Jumpringer
    Member

    Bill, thanks for your thoughtful reply. I'll check out your other posts on this topic.

  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • The topic ‘Opinions on automatic backup plugins and security’ is closed to new replies.