The free forums are no longer in use. It remains available as read-only archive.
Log In
Home
9:07 pm
September 30, 2010
Offline
I use xCloner in multiple envirnoments (Joomla/Wordpress and other open source scripts) and want to make sure my backups and configs are secure as possible. I was going to add an htaccess file to the directory, but wasn't sure if this would cause problems. I did a search for the topic and found that there was mention of this in the old FAQ. Is there anyplace to read about security best practices and what I can safely put in an htaccess file in the xcloner directory without breaking abything - while still keeping everyting secure by blocking hackers?
Thanks again 🙂
6:12 am
September 26, 2010
Offline
You could try and use this online utility http://tools.dynamic.....sword/Â to generate a htpasswd rule and use that to protect your xcloner folder as well as the backups directory.
Â
This might help also /tutorials/how-to-further-secure-directories-on-your-site/
Â
Hope it helps! Ovidiu
5:52 pm
September 30, 2010
Offline
So are you saying it would be best to password protect the actual worpress plugin folder? I believe that might cause issues right?
Â
I have my backups outside of the root, I am mainly concerned about the xcloner config which has the DB information in it. I will add the htaccess to the folder though 🙂
Â
Edited to ask: Do you think it would be possible to include an htaccess file with:
Order Deny,Allow
Deny from All
</Directory>
in the plugin/component install? As I see it, it will get over written on each update if I manually add it.
6:20 pm
September 26, 2010
Offline
I was not referring to the actual wp-content/plugins folder, but the wp-contents/plugins/xcloner-backup-and-restore folder, you can protect that without issues.
Â
Ovidiu
6:51 pm
September 30, 2010
Offline
Password protecting wp-contents/plugins/xcloner-backup-and-restore gave a 404 error in the admin area of Wordpress. I added an htaccess with the above referenced content, but am afraid it will jsut be overwritten on the next update.
7:26 pm
September 26, 2010
Offline
You could add the changes inside your main .htaccess file by using either the RewriteCond to match the subfolder you want to protect as indicated here http://www.hacksar.c.....ed/Â Â for instance, this might be a little overly complicated however. You could also add ip banning if you like, so for that folder, only your ip has access.
Â
As you know, XCloner runs in standalone mode, so you could also simply rename the wp-contents/plugins/xcloner-backup-and-restore  folder to something else, it will make it harder to target.
Â
Anyway, if somebody does get access to your site, the main mysql details are also stored in the wp-config.php file, so best protection is to keep backups, and always try to keep the site code updated, as well as the server software.Â
Â
Ovidiu
All RSS1 Guest(s)
