How to Backup Your WordPress Site

As your WordPress site is your online presence, you want to make sure you have a backup of all the key items. Those items are likely the custom file modifications, and the database. WordPress core, plugins, and themes could all be downloaded again if you needed to, which is why I consider them a nice to have in the backup process.

There are multiple ways to create backups of these files from manual, to plugin automation, to vendor provided solutions.

Manual: Who wants this? It is time consuming and a hassle to login to multuple locations, download files, and archive them.

WordPress Backup Plugins: These will automate the process and save you time and frustration.

  • BackWPup (free plugin) – Can save to multiple locations such as directory, ftp, dropbox, amazon s3, etc.
  • BackUpWordPress (free plugin) – Saves backup locally.
  • BackupBuddy (paid plugin) – Can save to multiple locations such as directory, ftp, dropbox, rackspace cloud, amazon s3, etc.
  • VaultPress (paid plugin + monthly service) – Does everything you want and provides the storage space as well so you don’t have to worry about where to backups are stored either.

Also note that some web providers / hosts perform backups on your behalf already, so you might want to investigate the built in options at a server and host level too.

Additional Backup Strategies

Today I will cover some additional backup strategies that I have used in the past.

Best practices regarding backups:

  • Store them encrypted! This is very important as your backups contain all your data and sensitive files and you don’t want it to fall into the wrong hands and open yourself up to identity theft right?
  • Sanitize and/or destroy your backups before discarding them.
  • Verify the file contents and integrity of the backups so that you know it is retrievable.

Where to keep your backups:

  • Same physical location – But if you want to have a contingency plan for fire, theft, or other related scenarios, then you probably want to store them in one of the following areas as well.
  • Separate physical location – Trusted family member, friend, safe deposit box, etc.
  • Online – Trusted cloud provider, self hosted NAS, etc

What Should I Backup?

What should you backup is a personal question and I can’t answer it for you definitively, but you should backup any information that is important to you. Any data that you created, obtained, hard to find, contact lists, bookmarks, passwords, etc.

On a daily basis I backup the following:

  • “My Documents” folder
  • “My Images” folder
  • “My Downloads” folder
  • Internet Browser files such as a bookmarks, plugins, settings
  • Email files such as files and settings

I also have a system setup for monthly and yearly backups which involve a different set of lists. You want to create a system to reduce the risks you identify (you can see a sample list of scenarios in my Why Backup Your Data post).

Why Backup Your Data?

Your data is the most important asset of in your computer. Hardware and software could be replaced, but if you don’t have a backup of your data and something were to happen to your computer, you will likely be in a lot of pain from the data loss. You would need to recreate all that information, and likely some of the data was irreplaceable and couldn’t be recreated.

There are multiple reasons for why you want to have a backup, here are some of the most common events:

  • Accidental deletion of files. (I’ve done this multiple times!)
  • Hard drive failure – The computer can’t read anything anymore.
  • Computer is lost or stolen – You are completely out of reach to it.
  • Environmental issues such as a fire or flood – Similar to a hard drive failure, your data is just no longer accessible.
  • Viruses and malware – Destroys your system and you don’t have access anymore.

This is why it is essential that you always back up your data and have a plan in place for recovery.

Backup Post Series

Coming up is a post series about backups. As usual I will cover fundamentals first, and then have specific tactical information when it comes to your own backups and WordPress sites. The post series will contain the following:

  • Why Backup Your Data?
  • What Should I Backup?
  • Additional Backup Strategies
  • Validate Your Backup Integrity With Restore
  • How to Backup Your WordPress Site

Finding Secure WordPress Plugins

Having an updated WordPress core site doesn’t do anything for security if you are running plugins that are not secure. Plugins run at the same authority as WordPress itself and it only takes one bad plugin to risk your whole site’s security so you want to be sure that the plugins that you have are not risky. While there is no good assurance for plugin security other than a security code review which could be very costly, there are some basic due diligence items that you can research and determine a plugin’s stance in relation to security and vulnerabilities.

  • Review the author’s homepage and background. Do they have a history of secure code? Do they have independent 3rd parties review the code for security vulnerabilities? Do they state that the code is secure?
  • Identify who is behind the plugin. Is it a professional plugin author that has time and expertise to create a secure plugin and maintain it? Is it someone that is learning how to code by providing a neat plugin?
  • Are there any open vulnerabilities for the plugin? Use your favorite search engine and search for [plugin name] + vulnerability or [plugin name] + exploit. Not every plugin will have a vulnerability so don’t be fearful if you don’t find anything.
  • Review the plugin’s changelog. Does it involve patching of security vulnerabilities? Once again, not every plugin will have a vulnerability so don’t be fearful if nothing is listed.
  • Determine if the plugin is maintained. If the author(s) don’t update it to maintain compatibility or feature updates, then it might be abandoned and in the case of a security issue were to come up, you would be out of luck for a provided fix and left to address it yourself.
  • Review the user ratings and comments. Are they responsive and have high support levels? While this is not specifically a security question, it does provide insight into the responsiveness and professionalism of a company. It could translate into security responsiveness if an issue were to come up.

What other due diligence review items do you go through?