Title: Security Implications when using wpb2d
Last modified: August 20, 2016

---

# Security Implications when using wpb2d

 *  Resolved [object81](https://wordpress.org/support/users/object81/)
 * (@object81)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/security-implications-when-using-wpb2d/)
 * After using this plugin for a while I today discovered that it makes a SQL dump
   and places this in `wp-content/backups/wordpress_SITENAME-backup-core.sql`.
 * This SQL dump can be downloaded by anyone. I’m actually not sure if the server
   or the plugin somehow is misconfigured or this is a default behaviour of wpb2d.
 * I disabled the plugin until I know what happens here.
 * [http://wordpress.org/extend/plugins/wordpress-backup-to-dropbox/](http://wordpress.org/extend/plugins/wordpress-backup-to-dropbox/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Contributor [Michael De Wildt](https://wordpress.org/support/users/michaeldewildt/)
 * (@michaeldewildt)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/security-implications-when-using-wpb2d/#post-3634976)
 * Gday,
 * The SQL removed when the backup completes so there is only a small window to 
   guess your site name and grab the file.
 * If you have .htaccess enabled on your server then you can add one to the backups
   directory containing ‘deny from all’.
 * This will make it impossible for users to download the SQL dump. The plugin used
   to write this file but I had to remove the feature because it was causing other
   issues.
 * Hmm, security by obscurity is probably the best option here and I will make some
   changes for the next release.
 * Cheers,
    Mikey
 *  Thread Starter [object81](https://wordpress.org/support/users/object81/)
 * (@object81)
 * [13 years, 1 month ago](https://wordpress.org/support/topic/security-implications-when-using-wpb2d/#post-3635038)
 * Thank you!
 * Will look into htaccess change and look forward for your next release. Nice work!
 *  Plugin Contributor [Michael De Wildt](https://wordpress.org/support/users/michaeldewildt/)
 * (@michaeldewildt)
 * [13 years ago](https://wordpress.org/support/topic/security-implications-when-using-wpb2d/#post-3635190)
 * Version 1.5 now appends a SHA1 secret to these files making it impossible to 
   guess.
 * Cheers,
    Mikey
 *  [Phantec](https://wordpress.org/support/users/phantec/)
 * (@phantec)
 * [12 years, 10 months ago](https://wordpress.org/support/topic/security-implications-when-using-wpb2d/#post-3635208)
 * this is not resolved beacause it is writen to log file which is very easy to 
   read:
    `Uploading large file 'blog-backup-core.sql.SHA1-wpb2d-secret' (xMB) in
   chunks`

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Security Implications when using wpb2d’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/wordpress-backup-to-dropbox_ffffff.
   svg)
 * [WordPress Backup to Dropbox](https://wordpress.org/plugins/wordpress-backup-to-dropbox/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wordpress-backup-to-dropbox/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wordpress-backup-to-dropbox/)
 * [Active Topics](https://wordpress.org/support/plugin/wordpress-backup-to-dropbox/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wordpress-backup-to-dropbox/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wordpress-backup-to-dropbox/reviews/)

## Tags

 * [wpb2d](https://wordpress.org/support/topic-tag/wpb2d/)

 * 4 replies
 * 3 participants
 * Last reply from: [Phantec](https://wordpress.org/support/users/phantec/)
 * Last activity: [12 years, 10 months ago](https://wordpress.org/support/topic/security-implications-when-using-wpb2d/#post-3635208)
 * Status: resolved