You need to backup the complete WordPress site on a regular basis.
You also need to store the WordPress backup safely outside of your hosting account.
In This Article
- Why WordPress Backup Is Important
- You Might Also Want To Read
- How You Complete This Security Checkpoint
- Rescue Plan
- Bonus Tips
- Further Resources
- Follow The White Rabbit
- Questions Or Comments?
No site will ever be 100% secure.
If your site is compromised you need to be able to restore it quickly. The quickest and safest way to recover after your site has been compromised is by restoring a good WordPress backup.
You need to keep a number of backups in case the attack on your site is discovered after some time.
These are related articles that you might also want to read (all open in new tabs):
- How To Test Your WordPress Backup
- How To Restore A WordPress Site
- Are WordPress Backups On Dropbox Safe?
- And if you have not done so already:
Download the WordPress Security Checklist now. It’s free!
It is important that your backup:
- Includes both your WordPress files and database.
- Is scheduled to run automatically.
- Stores backup files outside the public_html folder so they are not accessible from the Internet.
- A copy of your backup is stored safely outside your hosting account in case everything in your hosting account is erased.
BackWPup can store your backup files in many different places: Folder, FTP Server, Amazon S3, Google Storage, Microsoft Azure (Blob), RackSpaceCloud, DropBox, SugarSync and send by Email.
You can use any of these places to store your backups, however at least one place has to be outside your hosting account. We do not recommend that you email the backup. Email is not secure and your backup includes sensitive information about your WordPress site.
If you have no preference we recommend that you use Dropbox.
Don’t have Dropbox?
Sign up for a free account here.
(Affiliate link – you and we both get a little extra space)
This is a very good question. It really depends on how often your WordPress site is updated.
If your site is updated daily we recommend the following backup schedule:
- A daily backup job, where you keep the last 14 backup files.
This will allow you to go back two weeks with daily changes.
- A weekly backup job, where you keep the last 12 backup files.
This will allow you to go back three months with weekly changes.
- A monthly backup job, where you keep the last 24 backup files.
This will allow you to go back two years with monthly changes.
If your WordPress site only changes weekly you can consider not scheduling the daily backup job.
If your WordPress site contains a lot of media files that rarely change you can consider backing up those files manually or only in the monthly backup job to save space.
If you are using Datafeedr you should be storing your product image files locally (for performance reasons).
If you have many products in your store consider leaving out the store folder from your backup.
All files in this folder can be re-downloaded with very little effort.
Remember to backup your merchant logos if you have created any yourself!
Follow these steps to setup your backup correctly:
- The default setup for BackWPup is to store the backups in your wp-content folder.
The backup files contain sensitive information about your site, so you want to store the backups outside the public_html folder.
This way the backup files will not be accessible from the internet.
In your hosting account create a folder at the same level as the public_html folder to hold your backup files.
Then create a folder for each type of backup job you wish to create: daily, weekly and monthly.
- Install and activate the BackWPup plugin.
- Go to Settings.
Enter the path to your log files. Note that the log files from all three types of jobs will be stored in the same folder – the backups folder.
- Delete the folder(s) BackWPup automatically created in wp-content.
Note part of the name is random, so yours will be different.
If you have two folders with similar names delete both.
- Add a new job.
- Give the backup a name.
- For Job Type we recommend you only select Optimize Database Tables and Check Database Tables for the monthly job.
- Activate scheduling and select the time interval you require.
- Optionally exclude selected folders.
Tip! If you use a caching plugin exclude the folder for the cached files. They will typically be in the Content section.
Datafeedr! Exclude the store folder.
- Enter the location to store the backup files in. This is for the copy of the backup file stored in your hosting account.
Select the number of backup files to keep.
- Click Authenticate in the Dropbox section and follow any prompts to log in to Dropbox.
Enter the path you wish to store the backups in and the number of files to keep.
- Click Save Changes.
- Create jobs for the Weekly and Monthly backups. Keep 12 backup files for the weekly backup and 24 backup files for the monthly backup.
Remember to select Optimize Database Tables and Check Database Tables for the monthly job.
- Run each job once manually.
- Verify that the backup files are created successfully – both the file in the hosting account and in the Dropbox account.
Also check that the file sizes are not 0.
If your site is ever compromised you need to determine which backup is the most recent and safe to restore.
Please read The WordPress Rescue Plan - it will help you make the right decision.
And read How To Restore A WordPress Site.
If you have not done so already: Download the WordPress Security Checklist now. It’s free!
A couple of other points I always advise are:
1) Go through the exercise of taking a BackWPUp backup and restore it somewhere else to make sure you understand the recovery process. You can use your local host file to point to it for testing.
2) For larger sites, consider a yearly backup of everything and limiting your daily backup to this year’s /uploads/ (e.g. 2012) . Smaller backups have less of a chance of failure.
3) Keep a local copy of small, but critical files (e.g. most recent theme rendition and css ). No sense in going through a full site restore transfering a huge backup file for a tiny little css file that you botched up. It’s the difference between a 2 minute fix and a 2 hour exercise.
- 4800 Aussie sites evaporate after hack (or “why you should always store a copy of your backups out side your hosting account”)
- Tale of a Hacked Website
Please leave them below. Thanks!