We’ve talked before about the importance of WordPress security and keeping your site safe from outside attacks. By performing all the necessary tasks to secure your site, you are virtually protecting yourself in advance from a lot of potential hacks and trouble. However, there are times when you might have to face a hack into your WordPress site, losing valuable data in the process. For that reason, you must have at all times a good backup policy in place.
Performing WordPress Backups
While there are many things you can do to protect your site, almost all security measures boil down to one of two categories: damage prevention and disaster recovery. Damage prevention is dedicated to avoiding trouble happening on your site, such as limiting login attempts to prevent brute forcing, or even using Akismet to catch all comment spam.
Disaster recovery, on the other hand, comes in after your site has been struck by an attack. Since no amount of security in the world is impenetrable, you should think about having ways to recover from a hacked site, and doing it quickly to get back online as soon as you can.
For that, you should always have a series of backups at hand, which you can use to restore your site at once. As making sure the backups will be available when you most need them is essential to your site’s security, here are a number of things to keep in mind when designing your own backup policy.
Scope of the backup
To put it bluntly, your WordPress backups should encompass your entire site. Period. Since we’re talking about keeping your whole installation safe and running, you should always assume the worst case scenario could happen. This means your site could be lost to something other than a hack: either the hard drive holding your website could break, or the datacenter your server is located in could suffer unexpected physical damage. For that very reason, you should back up absolutely all your files, your database, and even your server configuration if possible. If you only have a backup of your site but the entire server is gone, chances are it’ll take much longer to restore everything back to how it was.
Interval of backups
If possible, you should always have a backup of the latest version of your website. There is no point on having a good backup strategy if your most recent copies are a month old, which means you will have lost valuable data for good. For sites that receive a lot of traffic and are updated constantly, this could mean you will need to create a backup every day, or every 12 hours. Nowadays there are plenty of solutions to achieve almost-real-time backups, so there is no reason to skimp on resources to maintain your emergency copies fresh and updated.
Integrity And Redundancy Of backups
Much like your site, a backup file can also be lost to unexpected events. If they are stored on the same machine as your live website, a system failure will take both of them out regardless of how many you have prepared, so make sure you will always have access to them, no matter what the circumstances are. For this reason, you need to make your data as redundant as possible, keeping multiple copies of the same file on different places. That way, if one of the servers hosting your backups fails, you will still be able to recover without issue.
Backing Up Your WordPress Site
In the case of WordPress, there are a number of services that will help you safeguard your site against unexpected data losses.
Use A Specialized Backup Service
For starters, you can make use of VaultPress to back your whole site every day. This service works by installing a plugin on your website, which then sends all the data from your WordPress installation to their servers. The files are then stored in VaultPress’ servers, meaning you can take off the burden of safekeeping the backups once they’re made. This comes with the added benefit of having them stored in a completely separate location, so even if you face the worst possible outcome, you can still recover your WordPress installation. The more expensive plans of VaultPress will even let you perform real-time backups, which are a must if your site generates lots of new content every day.
Use a Backup Plugin
While a service like VaultPress will keep your website fairly secure, you can also boost your backup strategy by sending your files to a location of your choosing. To do so, you can use a plugin such as Backup Buddy to automatically create copies of your site, and send them to places such as Amazon, Dropbox, or another server of your own through FTP. Using one of these solutions is great for recovering individual files as well, since there may be times when you might need and older version of a particular file.
Perform Backups At server Level
Besides backing up your WordPress install, you should also keep your server environment safe and sound. Nowadays, a lot of web hosting services will offer you a daily backup service included with the hosting plan. For example, the managed WordPress hosting offered by WPEngine does this right out of the box. This kind of backup is a lot more efficient and thorough, since it will work at the server level and have a dedicated program. Should you not have one of these services in place, you can always talk with your hosting provider to see if it can be done.
Doing An Emergency Drill
Just having your site backed up is not enough. If possible, you should simulate a server loss and try restoring your site from scratch. You can do this on a separate environment, or at least doing so locally on your computer. Putting your backup strategy to the test is the best way to ensure it is good enough, and that it won’t falter when the moment you need it the most. It is also a good way of practicing your methods for restoring the site– you will want to have the least amount of downtime possible, and to do so you need to act fast.
There Is No Such Thing As Enough Security
Remember: Only you can decide when your site is safe enough. Since it all depends on how valuable your website is, and how much downtime you can afford to have, it’s up to you to determine the frequency and level of redundancy of your backups. One thing is clear though: you should at least strive to have a single backup that you can resort to in case of emergency.
What is your backup strategy? Which service do you use for your WordPress hosting?