Why does UpdraftPlus store my FTP/SFTP password unencrypted?

In order to upload backups to your server via SFTP or FTP, a security token is required to give the plugin access. In the case of FTP, this is a password, while SFTP can use a password or security key. To allow the plugin to access the server unattended, this password is stored in the WP database.

Due to how the FTP and SFTP protocols use and send passwords, this cannot be stored using one-way encryption like the WordPress password.

In this situation, UpdraftPlus does not encrypt the password in the database, as this would be redundant. The only persons who should have access to your WP database are yourself and any trusted administrators.

But doesn’t encrypting the password provide an extra level of security?

There are two methods by which an attacker or other malicious individual could gain access to the database, and therefore the password.

If they have accessed the database via the backups stored in your FTP/SFTP server, then apparently they already have access to your password or another method of accessing the server, thus reading the password from the database would be redundant.

If they instead have access to the live database, then they have complete access to your site and data, including any encryption scheme which could be used to encrypt the FTP password.

As such, encrypting the FTP/SFTP credentials in the database would not provide any real additional security. It is instead better to keep strong user passwords and up-to-date security plugins for the site.

Posted in: FTP, Other remote storage questions