Akeeba increases backup security with hardened frontend authentication

safer Joomla backups

This morning Akeeba Backup 4.5.0 was released. This version includes some low-priority security fixes and a new feature to harden the frontend backup feature that we use here at Watchful to monitor and trigger remote backups. 

Specifically, Akeeba now checks if the secret word — the key used to validate the remote/frontend backup feature — may be easily guessed. If the secret word is too simple, it must be updated for backups to continue successfully. 

This is an excellent innovation by our colleagues at Akeeba and we estimate that only a very few sites will be affected.

Updating a single site

Despite this expectation, we recommend a measured approach — especially heading into the holidays — as follows:

  1. Update immediately to Akeeba 4.5.0.
  2. Test for any backup failures.
  3. Apply updated secret words in Akeeba's Options for any sites that fail to backup. 

Updating many sites in Watchful

  1. If you are managing your sites with Watchful, update all sites immediately to Akeeba 4.5.0. In this case, we recommend downloading and applying the update using our Remote Installer.
  2. Test for any backup failures.
  3. If just a few sites do not backup:
    1. Manually apply updated secret words in Akeeba's Options and in Watchful for any sites that fail to backup. 
  4. If many sites do not backup:
    1. Rollback the problematic sites to the previous version of Akeeba (4.4.3) using the Remote Installer.
    2. Await the release of our forthcoming tool to mass-update your sites with stronger secret words (expected early next week).
    3. Once all your sites have a strong secret word, re-apply the 4.5.0 update for Akeeba Backup. 

Testimonial

Kristoffer Sandven
Watchful.li saves me from manually monitoring dozens of websites - I can keep them updated with just a few clicks from a single, slick interface! Kristoffer Sandven / joomlablogger.net