Support

Access to the backup restoration script should be limited only to trusted persons. Your backup may contain your database connection information, and possibly other privileged information you do not want to be visible by anyone while you are restoring your site. There are two ways to do that.

One, is to use Kickstart's "Stealth Mode". This is also available when restoring your site from the web interface. This limits access to your site only to your IP address. However, this will not work if your IP address is changing frequently (e.g. on a mobile connection), if your server cannot see your real IP address (e.g. your site is behind a caching proxy, load balancer, CDN, …), or if you are using an incompatible web server, or a web server configured to not allow this kind of user-configured access control.

Which brings us to the second option, password-protecting the restoration script. This is something you can enable in the backup profile configuration, in the Restoration script password option. When you enter a non-empty password in that field the file installation/password.php is created. When this file exists, BRS will show you the page depicted above. You need to enter the password and click on Unlock to proceed with the restoration.

Please note that the password is stored in the installation/password.php file using a very simple hashing scheme, and there is no limit to how many attempts a user can make. It's not meant to be an airtight solution, it's only meant to prevent random people from accessing the restoration script for the limited time it takes to complete the site restoration.

In some cases you may not have entered a password, but your browser (or password manager) autocompleted a password into that field in the backup profile's Configuration page. If this happens, or if you have simply forgotten what the password is, you can restore your site; just delete the file installation/password.php, then visit the /installation/index.php URL again.