The next release of UpdraftPlus is due out on Monday. This includes some tweaks necessary for our “automatic backups” feature (whereby a backup is taken just before a WordPress update, so that you’re covered if the update is bad) to work well with WP 4.2. (WP 4.2 made some more changes to its updating functionality since our previous release).

One other thing that it will contain (for UpdraftPlus Premium users) is a new wizard to make it easier to use a more secure Amazon S3 setup.

Amazon Web Services (AWS) is very good in that it allows you to create lots of different users (each of which has its own access credentials – which in AWS are an access key and a secret key), each of which has its own permissions. So, with one AWS account, you can set up lots of separate S3 buckets, each with its own user. This means that if someone gets the access details for one bucket, then that’s all they have – they can’t reach any of your other buckets. They’re segregated.

We’ve had an FAQ on how to set this up for a long time, here. However, the process is still quite fiddly and intimidating to many users. The next release of UpdraftPlus Premium now adds a wizard. If you have an all-powerful administrative account in your Amazon S3 setup (which is the default – or at least, was when I set up my AWS account), then instead of entering those details into your UpdraftPlus settings (which would put your whole S3 account at risk if those keys were stolen), and instead of having to go through the fiddly steps, you can now use our wizard.

You’ll enter those all-powerful keys once… and then UpdraftPlus will deploy them to create a less powerful user that can only access the backup bucket – and nothing else in your Amazon AWS account. It then never saves the admin credentials – only the less powerful ones. So, you can get the better security, without needing to face the rather intimidating bucket policy generator in Amazon’s console, etcetera.

Create Amazon S3 user wizard

You can also use this wizard with existing buckets. So, if you’d previously been storing your root AWS keys in UpdraftPlus, then after the next UpdraftPlus release hits, you can just make a few clicks in the wizard for an instantly more secure setup. (Don’t forget to save settings after changing them!).

David Anderson (founder, lead developer, UpdraftPlus)

twitterlinkedinFacebook