Thanks for the explanation. At least I feel more comfortable using it now.

I don't presume to be a security expert, and I wouldn't advise anybody to do something that he or she feels is insecure. However, here are a few reasons why I don't think making the backup directory world-writable is too great a concern.

* No one should know the path to the backup directory, as it's a hash unique to your database password.
* If someone were to have the kind of access that listed your site's directories, they're likely going to be able to dump your database directly anyways.
* With safe_mode on, a malicious script could not operate on a file with a different owner; if the person planting the malicious script could set the appropriate ownership, directory permissions wouldn't be much of an issue.
* The backup folder has no scripts that are part of or included by WordPress, so there's no danger of someone modifying a core file.
* Backup files should be in the backup directory only for the minute or so it takes to create and download/email them.
* Making a directory world-writable for uploads seems to be a common practice.

Why do you say that? What scenario do you have in mind?

My understanding of 777 is that it allows anyone to perform said actions (read, write, execute). Which to me means that 1) They could load and run malicious scripts/whatever. And 2) they would be able to download one of my database backups. And thus have access to the sensitive information contained.

I do not store my database backups in that folder. But they are stored there temporarily during the backup process, which to me is a security vulnerability if someone has access.

1) Is there any way we can make whatever user WP Database uses part of a group so that public has no access whatsoever to that directory?

2) Isn’t 777 a huge security vulnerability?

Question. It seems the advice given for the "Backup" directory is to change the permissions to 777. I've managed to get it working using 773 (removing public read access).

I have two questions...

1) Is there any way we can make whatever user WP Database uses part of a group so that public has no access whatsoever to that directory?

2) Isn't 777 a huge security vulnerability?

Thank you for your respond. It works. ;-)

Try changing the ownership. One way to do that is to delete backup-7061b using your FTP program, then re-create it.

I just tried to backup my database but your plugin won't work unfortunately. Everytime there is a popup with the text: "The backup file couldn't be saved. Please check the permissions for writing to your backup directory and try again. Couldn't open the backup file for writing!"
I've changed the permissions for /wp-content/backup-7061b to 777, but it still not work. Could I do something else?