• Version 8.8.0
  • Download 7
  • Platform WordPress
  • Software Framework WordPress
  • Software Version PHP 8.x, PHP 7.x, MySQL 8.x, MySQL 5.x
  • File Size 7.69 MB
  • File Count 1
  • Create Date November 1, 2022
  • Last Updated November 1, 2022

IThemes BackupBuddy WordPress Plugin

Why Backup Your WordPress Site & Protect Your Online Work?


Your WordPress website needs a reliable backup method the use of a depended on WordPress backup plugin like BackupBuddy. WordPress doesn’t encompass built-in backups, then we timbered BackupBuddy within 2010 in accordance with forgather the necessity for a solid WordPress backup solution.
Even you army backup can also now not stay sufficient proviso thou trip a server crash. Other WordPress protection troubles consist of hacks, malware, user error, deleted archives yet strolling incorrect commands. All concerning this matters execute absolutely swab abroad thine WordPress web site forever. Having a cutting-edge backup over you WordPress website is vital because defending you website. BackupBuddy is right here to help.


iThemes Patches Vulnerability in BackupBuddy, Wordfence Tracks 5 Million Exploit Attempts

BackupBuddy, a commercial plugin from iThemes that performs scheduled backups with remote storage options, has patched a vulnerability that allowed for arbitrary file download by unauthenticated users. iThemes published an advisory for its users, indicating that the vulnerability affects versions through and is being actively exploited.

Wordfence reviewed its data and found that attackers began targeting this vulnerability on August 26, 2022. The company has blocked nearly 5 million attacks targeting the vulnerability since that time.

Wordfence found that the method BackupBuddy used to download locally stored files was insecurely implemented, making it possible for unauthenticated users to download any file stored on the server.

“Due to this vulnerability being actively exploited, and its ease of exploitation, we are sharing minimal details about this vulnerability,” Wordfence threat analyst Chloe Chamberland said.

Wordfence found the majority of the attacks are attempting to read sensitive files, including the following:

  • /etc/passwd
  • /wp-config.php
  • .my.cnf
  • .accesshash

iThemes published specific indicators of compromise and detailed steps to detect if a site was attacked. The company outlined additional steps for sites that have been compromised.

All BackupBuddy users are advised to update to the patched version 8.7.5. iThemes made it available to all users, regardless of their current BackupBuddy licensing status, due to the severity of the vulnerability.


    1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

    Leave a Comment

    Your email address will not be published. Required fields are marked *