
HejBit Decentralised Backup Security & Risk Analysis
wordpress.org/plugins/hejbit-decentralised-backupSecurely back up your WordPress site to decentralized storage via Nextcloud and HejBit.
Is HejBit Decentralised Backup Safe to Use in 2026?
Generally Safe
Score 100/100HejBit Decentralised Backup has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "hejbit-decentralised-backup" plugin version 1.0.7 exhibits a generally good security posture, with several positive indicators. The extensive use of prepared statements for all SQL queries (100%) and a very high rate of properly escaped output (98%) are significant strengths. The absence of dangerous functions, file operations, and any recorded vulnerabilities (CVEs) in its history further bolster this positive assessment. The plugin also demonstrates an understanding of WordPress security best practices by including nonce and capability checks.
However, there is a notable concern regarding its attack surface. Out of 3 total entry points, 1 is unprotected. This unprotected entry point is an AJAX handler. While the taint analysis did not reveal any unsanitized paths, the presence of an unprotected AJAX handler presents a potential risk. An attacker could potentially exploit this handler to trigger unintended actions or gain unauthorized access if the handler itself doesn't implement sufficient internal validation or relies on the user being logged in without a proper capability check.
In conclusion, the plugin has a solid foundation in secure coding practices, particularly concerning data handling. The primary area for improvement lies in ensuring all entry points, especially AJAX handlers, are properly authenticated and authorized. The absence of historical vulnerabilities is encouraging but doesn't negate the need to address the identified unprotected entry point.
Key Concerns
- Unprotected AJAX handler entry point
HejBit Decentralised Backup Security Vulnerabilities
HejBit Decentralised Backup Release Timeline
HejBit Decentralised Backup Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
HejBit Decentralised Backup Attack Surface
AJAX Handlers 1
REST API Routes 2
WordPress Hooks 11
Scheduled Events 10
Maintenance & Trust
HejBit Decentralised Backup Maintenance & Trust
Maintenance Signals
Community Trust
HejBit Decentralised Backup Alternatives
Luzid Backup to Nextcloud
luzid-backup-to-nextcloud
Upload WordPress backup files to Nextcloud via WebDAV, with optional rotation and retention management.
STN- SAVE TO NEXTCLOUD
stn-save-to-nextcloud
Ce plugin est un outil simple et efficace pour sauvegarder votre site WordPress et sa base de données directement sur votre compte NextCloud.
WC Next Sync
wc-next-sync
Live backup for WooCommerce orders, products, customers and coupons as spreadsheets on Nextcloud.
All-in-One WP Migration and Backup
all-in-one-wp-migration
Trusted by 60M+ sites: The gold standard for WordPress migration and backup. Migrate, backup, and restore your WordPress site with one click.
Jetpack – WP Security, Backup, Speed, & Growth
jetpack
Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.
HejBit Decentralised Backup Developer Profile
1 plugin · 0 total installs
How We Detect HejBit Decentralised Backup
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/hejbit-decentralised-backup/css/style.css/wp-content/plugins/hejbit-decentralised-backup/js/script.js/wp-content/plugins/hejbit-decentralised-backup/js/script.jshejbit-decentralised-backup/style.css?ver=hejbit-decentralised-backup/script.js?ver=HTML / DOM Fingerprints
data-nextcloud-logindata-nextcloud-passworddata-nextcloud-urlhejbit_settings