Most of the popular free and paid WordPress backup plugins such as Backup Buddy or Updraft Plus come with the ability to store the backups on a cloud service like Amazon S3. Offsite storage of the backup is a critical requirement for any good backup solution. If you are not using offsite backups, do so right away – sign up for our 7 day trial now.

The way these plugins implement this important feature however creates a security hole in your system. Your backups may not be as safe as you think.

Leaving the key in the open

Consider a scenario, where you have valuables that you would like to protect. You get a bank locker to safely store the valuables. Ideally you would like to keep the key to this locker in a safe place. Instead, just imagine if you keep these keys at your home, and not only that, you also put a nice, big label on the keys.

The above is obviously not a very smart thing to do. When someone breaks into your home they will not only get the stuff in your home, but they will also get the keys to the safe. Your locker will no longer protect you.

Hackers can steal your Amazon S3 key

The same problem exists with the free and paid backup plugins. While they will help you upload the data to your S3 account, they store the S3 key, which is used to copy your backups, on your site itself.

WordPress sites are often targeted by hackers. If your site gets hacked, the hackers will get the keys to your S3 account. The hackers will not only ruin your site, but they can also destroy your backups.

Robbing the whole neighborhood

WordPress Security

This problem is further exacerbated in the following situation. Imagine a scenario, where everyone in your neighborhood has a master key, which can be used to access every home in the neighborhood. You might trust your neighbors, and have no problem with such an arrangement. If you are away on a holiday, you can ask any of the neighbors to check that the gas is turned off at your home. There are other benefits with such an arrangement. However the downside is also very obvious. Even if one of the master keys is lost, the entire neighborhood will be vulnerable.

One key to rule them all

The above situation is exactly what happens when you use the same S3 or Dropbox account to back up multiple sites. This is a very common practice among designers or those with many websites. To backup multiple sites, it is economical to buy a developers license of any of the backup plugins. The big mistake will be to use the same S3 account to backup all the sites. Even if one of the sites is hacked, all the other sites will be compromised too.

Solution – Separate the backup from the original data

We recommend evaluating these plugins very carefully. A good WordPress backup service, will completely separate the backups from the original data. Losing the actual site should in no way compromise the backups. We at blogVault follow the best practices, and completely separate the backup from the actual site.

We keep copies of the data on 2 of our servers. Further we backup all of this data again onto our own S3 account. Finally, our servers are kept completely independent of the actual sites. Even if a site is hacked, there is no way for the hacker to access our servers or the backups.

Try out blogVault – sign up for our 7 day trial now.

Takeaways

  • Offsite storage is critical to any backup solution

  • Backup plugins store the S3 key in the WordPress site itself

  • The S3 key needs to be kept safely. If the site gets hacked the key will be stolen.

  • Use a complete WordPress backup service which separates backups from the original site.

EDIT: David from UpdraftPlus has mentioned that there are advanced settings in S3 which can reduce the risk associated with the S3 key being exposed. While these security measures do alleviate the problems a bit, and we do recommend them, they come at a cost. They lead to dramatically poorer user experience. They also can be further exploited by hackers to make it much more difficult to restore the site. The hackers can even exploit the hack to increase your S3 storage charges. We hence continue to advice against sharing using your S3 key in your backup plugins.