I know the content of a Kirby site is easy to backup, by simply dragging the folder from the server to your local system.
###Why a backup function?###
But my client wanted an even more easy workflow, for backing-up all his / her files (text / images), without the need to struggle with sFTP-accounts, Dropbox-sync, etc…
He was used to Wordpress, which has a default file-revision function (you can track all the changes made in your text, from within the panel and roll back if needed).
So I created a custom field which allows you to back-up the complete
\content folder with one click on a button…
###How it works###
Download the plugin from my Github page - and be sure to check the
readme.md file before using it.
Is it secure?###
I tried to secure this new function as best as possible;
- Only one .zip-file is created at most (older files are automatically deleted).
- The .zip-file has an unique, random file-name (preventing direct downloads).
- The backup-creation script must be called from the same server - direct access is forbidden.
- Only POST-requests are valid - and must match some standard syntax-settings.
- Hot-linking to every file in the
\backup\directory is forbidden.
- A .htaccess file in the
\backup\directory secures all actions and files.
- After creating and downloading the .zip (which contains all the content) you can delete the original at once.
###Please, report any bugs###
I do realize this extra feature can introduce a new attack-vector (like all functions on a website can)…
…so I hope someone will check the source-code and do a basic security audit on it (just to be sure, in order to prevent leaks I did not see myself).