Compromised Website Backup Deletion Protection

Scenario:
1. The Updrafts Backup and Restore plugin is installed and configured in the following method:

• The Updrafts Plus settings are password protected via the lock settings.
• Backups are being stored on Google Drive (or similar like DropBox or OneDrive)

2. Regardless of how, the hacker, rogue employee, or contractor gain access to a WordPress admin web interface or access to the website file directory.

Suggestion:

When a backup is performed, can it be protected with a different encrypted password or 2FA method?
For example:

1. All is normal for the website and the website administrator (before any adverse events)
2. The website administrator goes to the advance area to toggle this setting
3. Enter a different unique password for backup deletion protection (the password would be an one-way hash encrypted or require Two form authentications for deletion.

If the website every become compromised, the person cannot effortlessly delete the precious backups from within the WordPress Management module or at the directory file level.

Summary:

To some degree in a different scenario, a product I am using to image servers and workstations have this feature. If Updrafts Plus has this feature, please point me in the right direction to review the data; if not, please consider adding this valuable feature to your product that would offer your customers some additional protection and peace of mind.

Thank you.

twitterlinkedinFacebook

3 Comments

  1. Paul Littlewood

    This seems quite important. Here’s a couple of other suggestions to achieve similar protection:

    1. Have an optional setting in the remote storage setup where the user has to reenter the remote storage account password/key to be able to delete a backup.

    2. Have an option when making the backup which prohibits deletion from UpDraftPlus plugin (can only be deleted from the storage itself).

  2. Paul Littlewood

    After a bit of thought and research. It needs to be the storage provider themselves that provides this feature. Even if UDP writes a feature on the plugin to restrict deletion a hacker could just write their own code to delete files using the access credentials saved by UDP for the storage provider.

    It seems the way around this is to use S3 storage which is able to be setup to have custom permissions to prevent deletions. UDP has a wizard to create an S3 user and bucket to achieve this more secure setup.

    • Mike

      I use versioning in S3. Even if the backup is deleted from the site, an S3 admin can restore the deletion before the S3 rule to permanently delete it kicks in.

Submit a Comment