The free forums are no longer in use. It remains available as read-only archive.
9:07 pm
September 30, 2010
I use xCloner in multiple envirnoments (Joomla/Wordpress and other open source scripts) and want to make sure my backups and configs are secure as possible. I was going to add an htaccess file to the directory, but wasn't sure if this would cause problems. I did a search for the topic and found that there was mention of this in the old FAQ. Is there anyplace to read about security best practices and what I can safely put in an htaccess file in the xcloner directory without breaking abything - while still keeping everyting secure by blocking hackers?
Thanks again 🙂
You could try and use this online utility http://tools.dynamic.....sword/Â to generate a htpasswd rule and use that to protect your xcloner folder as well as the backups directory.
Â
This might help also /tutorials/how-to-further-secure-directories-on-your-site/
Â
Hope it helps! Ovidiu
5:52 pm
September 30, 2010
So are you saying it would be best to password protect the actual worpress plugin folder? I believe that might cause issues right?
Â
I have my backups outside of the root, I am mainly concerned about the xcloner config which has the DB information in it. I will add the htaccess to the folder though 🙂
Â
Edited to ask: Do you think it would be possible to include an htaccess file with:
Order Deny,Allow
Deny from All
</Directory>
in the plugin/component install? As I see it, it will get over written on each update if I manually add it.
You could add the changes inside your main .htaccess file by using either the RewriteCond to match the subfolder you want to protect as indicated here http://www.hacksar.c.....ed/Â Â for instance, this might be a little overly complicated however. You could also add ip banning if you like, so for that folder, only your ip has access.
Â
As you know, XCloner runs in standalone mode, so you could also simply rename the wp-contents/plugins/xcloner-backup-and-restore  folder to something else, it will make it harder to target.
Â
Anyway, if somebody does get access to your site, the main mysql details are also stored in the wp-config.php file, so best protection is to keep backups, and always try to keep the site code updated, as well as the server software.Â
Â
Ovidiu
1 Guest(s)