Hibiscus Technolab

WordPress – Backuply Plugin DoS Vulnerability Exposes Over 200,000 Sites

Leading Digital Agency Since 2001.

Imagine waking up to your website unresponsive, visitors met with error messages, and your online presence vanishing into thin air. This chilling scenario became a reality for over 200,000 websites recently due to a critical Denial-of-Service (DoS) vulnerability discovered in the popular WordPress backup plugin, Backuply.

But fear not, website owners! This article dives deep into the issue, equipping you with the knowledge and steps to protect your site from potential harm.

Understanding the Threat:

The vulnerability, identified by Wordfence and assigned a CVSS severity score of 7.5, allowed attackers to trigger excessive backup processes, overwhelming website resources and rendering them inaccessible. This not only disrupts user experience but also exposes the site to further exploitation attempts.

Affected Sites:

If you’re among the 200,000+ websites using Backuply, it’s crucial to act immediately. Check your WordPress plugin versions:

Vulnerable versions: Backuply versions prior to 8.7.4.
Patched versions: Backuply versions 8.7.4 and later.

Taking Action:

  1. Update Immediately: The most critical step is to update your Backuply plugin to version 8.7.4 or later as soon as possible. This patch effectively addresses the vulnerability and safeguards your site.
  2. Verify the Update: Once updated, double-check your plugin version in your WordPress dashboard to ensure the patch is applied successfully.
  3. Monitor Your Site: Keep a close eye on your website performance and uptime in the coming days. If you encounter any unusual activity or downtime, investigate further and seek support if needed.
  4. Consider Alternatives: While updating is essential, it’s also wise to evaluate alternative backup solutions in the long run. Research other reputable plugins with strong security practices and features that align with your website’s needs.

Staying Secure:

This incident highlights the importance of proactive website security and managed wordpress maintenance service. Here are some additional tips to keep your site safe:

Regularly update all plugins and themes.
Use strong passwords and enable two-factor authentication.
Implement website security measures like firewalls and malware scanners.
Have a robust backup plan in place with regular backups stored offsite.


By staying informed and taking preventative actions, you can minimize the risk of vulnerabilities impacting your website’s security and accessibility. Remember, website security is an ongoing process, not a one-time fix. Vigilance and proactive measures are key to protecting your online presence.

Sharing is caring!