[wp-hackers] Backup, wp-content

Scott Merrill skippy at skippy.net
Tue Dec 20 01:38:07 GMT 2005

I alerted the Forum crew that the wp-db-backup plugin bundled with the
forthcoming WordPress 2.0 requires that /wp-content/ be writable.  The
reason it requires write access is to create a non-obvious backup
directory in which to store the temporary file(s) (it appends the last
five characters of the md5 hash of the password in wp-config.php).

I opened a ticket about this:
which Matt closed.  I'm less than thrilled, but ultimately don't care
enough to push further.

A few forum folks were taken aback by the requirement for /wp-content/
to be writable:

This goes against the recommended file permissions defined in the
"Hardening WordPress" Codex guide (disclaimer: I wrote the recommended
file permissions for that page):

I understand why this change was made, and I don't necessarily disagree
with it.  But it does substantially complicate support without providing
significantly improved security.  The current mechanism is still
susceptible to brute-force attacks to determine the specific characters
that make up the suffix for the backup directory.

I think one way to ease support, while simultaneously protecting the
backup directory, would be to stick an empty index.php inside the
/backup/ directory, and drop the use of the suffix.

I asked in #wordpress whether this is something I should bring to the
hackers list, to elicit more participation in the discussion, so here I am.

Do you all find it acceptable to require all of /wp-content/ to be
writable by the webserver (with the caveat that those that don't like it
don't need to use this plugin)?
Are there alternatives you might suggest?


skippy at skippy.net | http://skippy.net/

gpg --keyserver pgp.mit.edu --recv-keys 9CFA4B35
506C F8BB 17AE 8A05 0B49  3544 476A 7DEC 9CFA 4B35

More information about the wp-hackers mailing list