It has come to our attention that Wordpress installations duplicated with the plugin "Duplicator" can leave behind files that may allow compromise when accessed.
The install process/documentation, for "Duplicator" does list the following information, which is often not complete by the user after duplication:
Its very important to remove the following files when you're done with an installation:
Leaving these files on your server could pose a potential security risk and will also cause issues if you try to re-deloy.
Click the 'File Cleanup' link to remove the install files, which requires admin login.
We highly suggest that if you have used the "Duplicator" plugin, that you remove these files if they exist in your Webspace currently.
In addition, considering that we have identified some websites that meet this criteria, and some have been compromised already, we have taken steps to mitigate websites from being compromised in this manner; to accomplish this we have set a script to run daily which will set 000 permissions on the following files:
The file "database.sql" was added to the script also as it would be a common file targeted for compromise.
If you need to re-enable access to those files you can do so via FTP; where you would typically set the permissions to 644.
Refer to the following article for how to obtain your FTP details:
If you have any queries on this, please contact our Support team - see the following for our contact details:
Please sign in to leave a comment.