Docs › Security details

Security details

For the technically minded. Here’s precisely how your credentials and your site are protected.

How your FTP password is handled

When you connect, your credentials are encrypted with AES-256-GCM, a strong authenticated cipher.
A fresh random encryption key is generated per session. Only the encrypted blob is stored server-side; the key itself is placed in a Secure, HttpOnly, SameSite=Strict cookie held by your browser.
This means the server’s session store contains only ciphertext that is useless without your browser’s key — and the key never lands on the server’s disk.
Credentials are never written to any log file.
On Disconnect, or after 15 minutes of inactivity, the session and key are destroyed.

Connections use FTPS (FTP over TLS) by default when your host supports it, encrypting your password and data in transit.
The tool itself is served over HTTPS.
If only plain FTP is available, the tool warns you that your password would be sent unencrypted, so you can decide.

Before editing any file, the original is copied into wp-repair-backups/ on your server, and an entry is written to a manifest.json.
Plugins are “disabled” by renaming their folder (e.g. akismet → akismet.wpr-disabled), never by deleting.
Undo all changes replays the manifest in reverse, restoring files and folder names to their original state.

All state-changing actions are protected by CSRF tokens.
The tool makes no connection to your database and performs no bulk downloads.
Access is gated by a per-site token, which is bound to the first website it’s used on and cannot be reused elsewhere.
Administrative functions are password-protected and kept separate from the public tool.

For the non-technical summary, see Is it safe?