WP Backup script with encryption support

By
Mitko Haralanov
April 25, 2010Posted in: Featured, WP Backup
Version 0.4.0 of the WP Backup script adds several new security features to the script: Password protection – allows the user to add a password to the BackupFile. The password is [...]

Version 0.4.0 of the WP Backup script adds several new security features to the script:

  • Password protection – allows the user to add a password to the BackupFile. The password is used when extracting data from the backup. While the password will be required when extracting the data using the script, it is still written without any encryption and a malicious person with some time and and text editor knowledge can still get to your data. For that reason, the next feature should help a lot
  • Data encryption – allows the user to encrypt the data portion of the BackupFile. Both the “files” porting and the “database” portion will be encrypted using the a portion of the password hash as the key. For security, a different one-way hash is used when generating the key then the hash used to store the password in the BackupFile header. This was, the header can’t be used to obtain the encryption key.
  • Remove content from verbose messages – certain portions of the message displayed at higher verbosity levels have been removed in order to prevent giving out any clues about the MySQL password to anyone who could be peeking over our shoulder.

Important Notes

There are a couple of important things that I wanted to mention about the Data Encryption feature:

  1. Only the data portions of the BackupFile are encrypted. The header is still stored clear, without any encryption. The key used for the encryption is not stored in the header at all. Rather, the password (which is required when encrypting) is used to generate the key.
  2. The encryption is handled by the PyCrypto module. The module is not included with this script on purpose. There are very strict rules about distributing cryptography code and I am neither familiar with it, nor do I ever want to be. Therefore, if you want to use the encryption feature, you’ll have download and install the PyCrypto module yourself.

While I have attempted to test the new features and make sure that most bugs have been worked out, additional testing is surely appreciated. If you run into any problems with the script, please, let me know.

Download the new version of the script from the WP Backup project page.

VN:F [1.9.13_1145]
Rating: 0.0/5 (0 votes cast)
VN:F [1.9.13_1145]
Rating: 0 (from 0 votes)

Related Posts

  • wp_backup_thumbnail_1 Version 0.3.6 of the WordPress Backup Script is out
    08 April 2010 11:22 AM | No Comments

    I have put up the next version of the WordPress Backup script. This new version (0.3.6) adds a new header version, which includes a new field – comment. The comment [...]

    Read More
  • document-thumbnail Using the WordPress backup script
    05 February 2010 3:28 PM | No Comments

    I have had a request from a user of the WordPress backup script to provide more information about the usage of the script. As a result, I have expanded the [...]

    Read More
  • code WordPress backup script
    20 January 2010 2:56 PM | 2 Comments

    While setting up my WordPress site, I was looking for backup solutions in the case where something goes wrong. WordPress offers a lot of plugins which will create and manage [...]

    Read More
  • wp_backup_thumbnail_1 WordPress backup script v0.3.2
    24 January 2010 1:36 PM | No Comments

    I have updated and made some changes to the WordPress backup script – the backup files now record the command line used to create the file, I have also added [...]

    Read More
  • python_thumbnail WordPress Backup v0.3.3
    01 February 2010 11:10 AM | No Comments

    I have posted a new version of the WP Backup Script (v0.3.3). The reason why I am posting this script is that I have changed the internal structure of the [...]

    Read More
Tags: , , , , ,