It’s critical you remove the installer files after an install to ensure your site is secure. Removing the plugin does not remove the installer files nor do you need to remove the plugin after the install unless you want to.
Post-install file cleanup can be done by one of three ways:
Option 1Log into the newly installed site admin and click “Remove Installation Files Now!” link at the top.
Option 2From the wp-admin, go to Duplicator > Tools > Stored Data > “Remove Installation Files” button
Option 3Delete the files shown below using either FTP, SFTP, or your host’s file manager.
The following files below should be removed after install. The location of these files will reside at the root of the wp sitenormally where the wp-config.php file exists or folders like wp-includes and wp-amdin.
PRO and LITE 1.3+
- dup-installer (directory)
- installer.php
- installer-backup.php
- installer-bootlog_[HASH].txt
- [HASH]_archive.zip/daf
LITE 1.2 (older versions)
- installer.php
- installer-backup.php
- dup-installer-data_[HASH].sql
- dup-installer-log_[HASH].txt
- dup-database_[HASH].sql
- [HASH]_archive.zip/daf
- In older version the file names may have been named installer-data.sql, database.sql, installer-log.txt
NOTE: Even though the installer has a password word protection feature, it should only be used for the short term. All installer files should and must be removedafter the install is completed.