Security issue: the default backup folder is not very safe | General Questions and Support | Forum Archive

The free forums are no longer in use. It remains available as read-only archive.

Lost password?
Advanced Search
Forum Scope


Forum Options

Minimum search word length is 3 characters - maximum search word length is 84 characters
The forums are currently locked and only available for read only access
Security issue: the default backup folder is not very safe
May 30, 2013
9:53 pm
Forum Posts: 14
Member Since:
May 24, 2013
sp_UserOfflineSmall Offline

Hi Ovidiu,

As you know, the XCloner default backup folder is:


All backup files have the same format (Date-Time-SiteName-sql-nodrop.tar),


So, this is why there is a kind of security hole.

A hacker could easily know that and set a robot trying multiple times and dates

combinations, until it finds an existing backup file, thus being able to

download the whole site.

This is the reason why I have chosen a personal folder with a very complicated name

which can’t be found.

Some other backup programs (I also use InfiniteWP) add a combination of random

characters at the end of the files, hence making them impossible to find.

Example of a backup generated with InfiniteWP:

As you can see, 32 random characters have been added at the end of the file’s name

making it impossible to find even for a robot.

How about adding such a security measure to XCloner backup files? Needless then

to choose a personal folder for backups?

Best regards,


May 31, 2013
6:00 am
Ovidiu Liuta
Forum Posts: 2484
Member Since:
September 26, 2010
sp_UserOfflineSmall Offline

Even better than that you could:


1. deny all access to that folder by using .htaccess

2. set the Backup Store Path to another location

Forum Timezone: America/Chicago
Most Users Ever Online: 867
Currently Online:
Guest(s) 1
Currently Browsing this Page:
1 Guest(s)
Top Posters:
mlguru: 30
Django29: 29
Andy: 21
D: 21
Marcus: 20
Jamie F: 19
Member Stats:
Guest Posters: 738
Members: 10004
Moderators: 2
Admins: 3
Forum Stats:
Groups: 3
Forums: 7
Topics: 2397
Posts: 8236
Newest Members:
Тая Найшаева
Moderators: TriP: 0, Steve Burge: 0
Administrators: Ovidiu Liuta: 2484, Victor Drover: 1, Valentin Barbu: 0