Currently backup files location is very predictable - a dedicated individual would only need to check every second from a selected time frame. In most cases the right target would be moments immediately after installing the plugin (often the date can be extracted from directory listing of the plugin).
I suggest restricting non-administrator users from downloading backup files or at least changing the naming scheme to include an unpredictable random sequence.
Currently backup files location is very predictable - a dedicated individual would only need to check every second from a selected time frame. In most cases the right target would be moments immediately after installing the plugin (often the date can be extracted from directory listing of the plugin).
I suggest restricting non-administrator users from downloading backup files or at least changing the naming scheme to include an unpredictable random sequence.