Why are we writing about WordPress backups?
WordPress is the most used CMS platform in the world. According to BuiltWith data, WordPress has a 38% share amongst the top 1 million websites that use CMS technologies. WordPress is a widely used platform for building blogs and portfolios, online communities, big news portals, corporate pages, and e-commerce websites.
Another reason is more pragmatic – we are WordPress experts. When looking after any website, you need to be up-to-date with the latest knowledge in a specific software environment. You need to track hundreds of plugin changes, abandoned and unsupported plugins, and popular vulnerabilities. You also have to keep track of security gaps, popular forms of attacks, and more. This is why we only deal with WordPress.
The information in this article can also be applied to other website platforms, because the risks and activities are very similar. Only a few sections will be relative exclusively to WordPress.
The most common threats to your website
WordPress websites collect data every day, which you rely on when conducting your business and engaging with your customers. You must consistently make copies of your website in case things go wrong. Regular backups are a vital insurance against a data-loss catastrophe.
The most common risks of website data loss are:
- Broken authentication & broken access control
- Website breakdown due to software failure
- Infection or malware
- Hosting server crash due to defect or natural disaster
- Website hack, injection flaws (PHP injections), Cross-Site Scripting (XSS), brute-force attacks, DDoS, and other external threats
- Insider threat (malicious or by mistake)
- Unsuccessful updates
- Website migration (as a risk factor)
From a business perspective, such as for e-commerce websites for example, protecting crucial assets is critical. Making regular backups to your website is one of the tasks associated with website maintenance.
What is website maintenance?
Website maintenance is the routine checkup of your website to ensure that it’s healthy, secure, and performing well. It is a general term that refers to several tasks usually performed weekly, monthly, and quarterly to keep your website free of errors, safe from cyberattacks, and updated and relevant. You can read more about it in our article “Website maintenance“.
Why are WordPress backups important?
Backups allow you to resume business quickly whenever your website has a problem.
Prevent loss of income
These days, a downed website can mean a significant loss of income, loss of customers and transactions data, or even a drop in search rankings. Some studies have shown the cost of a website’s downtime, and it varies from $4000 to $ 10,000 lost revenue per minute. For small e-commerce websites, the cost can easily be $3000 – $5000 per day. With these numbers, a 3-5 day website breakdown can lead to a loss of up to $25,000 in revenue. These calculations assume that the website will eventually be restored and downtime only results in a short business interruption.
The worst-case scenario, however, is less pleasant. This is when all data is lost, which can be disastrous for a business. While it’s possible to rebuild a website with products and other assets, it is much harder to rebuild all customers, transactions and other instances.
Prevent loss of SEO rankings
Another threat is the loss of search rankings. When your website is down, the process of de-indexing starts and users attempting to reach the website generate 404 errors. If somebody hacks your website, you lose control and it can be used as a spam server to send infected or spammy messages. After a hack/spam attack, bots add your website/domain name to blacklists. The recovery from this process is long and results are uncertain. When your website is put on a blacklist, search engines will expel your site from their ranking and it can lose almost 95% of its organic traffic. This will again impact revenue.
With a proper backup, it is easy to restore your website to a previous, uncorrupted version. As a result, business won’t have to suffer if you suddenly lost your website for any reason. Even if your website is hacked, you can easily set up new hosting, restore your website (cleaned from malware or viruses and secured), and redirect the domain to a new server.
Saving time by spending time.
Developing a solid backup plan requires an investment of time and money, but the cost is far less than the very long work of recreating data that hasn’t been backed up.
What is a WordPress backup?
In information technology, a backup or data backup is a copy of computer data that has been taken and stored elsewhere. You can use this to restore the original after a data-loss event. WordPress website backup is a data backup that is a copy of all files and databases.
What does a standard WordPress backup include?
The typical WordPress installation contains thousands of files, including:
- Media files (images, videos, audio, etc.)
What do website backups do?
A website backup creates a complete copy of your WordPress files and your database.
You can restore your website to the point/date the last backup was made. You will lose any changes made from your last backup to the present time. Only Real-time Backups, CDP (Continuous Data Protection), or Near-CDP backups allow you to have a continuous backup of data flow.
Frequent backups are critical in a website risk management process. The frequency of your backups should be based on how often your website changes. A good practice is to make a website backup after every significant change to your site. You also need to create a backup before a website or plugin update (or upgrade), except if it ha been deployed and tested on a staging server.
My hosting provider already does backups, why do I need to do it?
Many WordPress hosts provide backups as part of their service. However it’s not recommended to rely on an organisation that has no vested interest in your company or business. Even the biggest hosting providers can have catastrophic failures where they lose all their data, sometimes irrecoverably if it’s due to a natural disaster or fire. Read the story about the OVH server room fire.
Hosting companies have limited resources for storing backups. They may only keep one or two versions of your website for days, weeks, or a month at most.
Reasons why you shouldn’t use a hosting provider for your backups include:
- No guarantee that you will restore your website (check your hosting T&C)
- Most hosting providers deny any responsibility for backups of your website
- The process and quality of backups are out of your control
- You can’t set up an individual frequency of backups
- You don’t have a backup on demand (e.g. after a significant change on the website)
- Hosting level backups (agreement) are costly
- Hosting backups usually have limited functionality
- The host is doing backups using your storage space which means that you have a live website and backup files in the same place
- You are losing independence; you already depend enough on your hosting provider as it is.
It’s good to take a closer look at the terms and conditions of your hosting platform. Backups are usually a complimentary service on shared hosting.
How to make WordPress backups?
There are a few ways to ensure you have good quality and up-to-date WordPress backups. Evaluate the methods below to determine which one will be right for your business.
Most shared hosting providers create backups of your website as part of their service. As discussed, that strategy comes with risks. You can always download the zip files to your computer to reduce the risk of hazards. You can consider using hosting level backups only when it is an additional service and personalised to your needs.
You can perform manual backups using different tools. It can be:
- FTP client and phpMyAdmin
- Hosting management panel (cPanel, DirectAdmin, Plesk, vDesk, Ensim, Ferozo)
You will need to understand how WordPress works to be able to perform manual backups successfully.
Plugins, tools and automation.
WordPress plugins can help you handle your website backups. These usually work on the site level. If you are an advanced user, you can perform a backup at the server level using Cron tasks and scripts. This is a better solution that doesn’t burden your website performance, but you need to have sufficient server resources.
Examples of popular plugins for website backups:
- Jetpack Backups
- Percona XtraBackup
After creating a backup, you need to download files from your hosting server and save them in one of the off-site data repositories. Some plugins can integrate with cloud storage for off-site backups. For external tools, you need to follow the user’s manual. Some of the services have paid pro versions.
Use a WordPress managed service.
When you’re busy running a company, backups can often be a low priority and it’s easy to forget to do them regularly. Large backup repositories can also become hard to manage when you constantly rotate old backups to make space for new files.
Managed WordPress services can automate the entire backup process, so you always have access to a working WordPress installation should disaster strike. Another advantage of a WordPress maintenance service is that your WordPress files are stored off-site, which means they are safe if your host’s backups get destroyed or corrupted.
Types of WordPress backups.
- Incremental backup creates a copy of only the data and files that have changed since the previous backup.
- Differential Backup captures the changes since the last full backup.
- Full backup is a complete copy of your WordPress site, including the database, core files, themes, plugins, posts, pages, and all media on your site.
- Real-time Backups for WooCommerce (CDP or Near-CDP backups)
How often should I back up my WordPress website?
How often you should back up your website depends on how often you make changes to the site. A small business collecting user data through an e-commerce site with tens or hundreds of transactions in a day would benefit from a daily backup. If you update the site once or twice a week, then the frequency of your backups will be as often as your website changes. Backups that keep daily, weekly, and monthly versions of your website guarantee you can restore your website without any data loss.
Can WordPress backups be automated?
Cron tasks and scripts can automate your backup procedure from the server-side. They consume your server resources. You should check with your hosting provider to see if and how often can you schedule cron tasks. Some of the WordPress plugins also have inbuilt automation capabilities. Automation is a great timesaver, but it is good practice to check it periodically to ensure everything is working correctly.
Where to store WordPress backups.
Backups must be saved in independent and different locations so that they are unaffected by your site. Plugins that store backups on the client’s web server reduce the existing storage space and expose backups to external threats.
The best practice for securing backups is to keep them in at least three different and independent locations. You can consider the following locations:
- Hard disks
- Solid State Drives (SSDs)
- Optical storage
- Remote backup service – cloud storage provider, e.g. Google, Dropbox, Amazon AWS, etc.
The more locations you have for storing your backups off-site, the more secure your website will be.
Plan your backup strategy. Develop a written backup plan that tells you:
- What you should back up
- Where you will store backups
- What is the backup frequency
- Who’s in charge of performing backups
- Who is in charge of monitoring and testing backups
Compliance security of backup data .
Data compliance is the practice of ensuring that sensitive data is organised and managed in a way that allows organisations to meet enterprise business rules as well as legal and governmental regulations. Check your local country or state rules in terms of data compliance.
Backup checks and testing.
Manual backup testing needs a staging environment. This is to create a fully functioning duplicate of your site that can be tested extensively to ensure everything works well.
Companies that use a staging environment can also use it to test backups.
It’s also essential to perform malware checks on your backups to be 100% sure that files are free from infection.
Key takeaways for website owners.
Performing regular backups is crucial to WordPress security and critical to your business. A WordPress website is a complex environment, and website backups and restores are complicated procedures for an inexperienced user.
We mentioned before that “Saving time by spending time” and developing a solid backup plan requires an investment of time and money. The cost of this is far less than the very long work of recreating data after a website disaster.
If you’re an inexperienced user and don’t have a team of dedicated specialists, we strongly advise engaging our WordPress care and maintenance services to perform this crucial task for your business.