I am using object storage and similar solutions for testing WordPress offsite backup. It all works well, saves me NVMe SSD storage for the backup, I am getting closer to a better backup strategy.
But all of the backups are stored in the same bucket. I think read/write access is necessary, because of retention, i.e. the backup plugin in WordPress is taking care of it to get older backups deleted
That could mean if one single site gets compromised / hacked, then there is access to the entire bucket. So perhaps there is a way to access/delete all the backups of all websites.
Is it actually possible that someone could access all the other backups of the same bucket?
​
I think it could depend a lot on the chosen S3 storage as well, e.g. AWS. Wasabi, Backblaze, Cloudflare R3. Currently using S3 compatible iDrive e2 and Storj for the offsite backups
​
[ad_2]