There are so many critical safeguards to consider when securing a site that it's hard to say which are the most vital. For sure though, in the event of a worst case scenario, a site-saving backup tops the list. Preemption beats hindsight.
How often to backup depends on the volume of activity but, as a general rule of thumb, an automated schedule of daily database and weekly site backup makes sense. This gives peace of mind, requires little disk space and, should the worst happen, allows for a near-as-damn-it complete reversion.
The site and server logs aside, in most cases, we should at least be backing up:
- The database
- The wp-content directory tree
If in doubt, backup the lot: that's all the web files stemming from the root of your WordPress site, plus your database.
Also bear in mind that unless you use an online backup service such as VaultPress, which we'll touch on soon, you will need backup procedures both for the web files and for the database. That's because while web files can simply be copied, data must first be exported to a file before copying that to somewhere safe (which, as we shall see, is not your site's server, nor using unencrypted email).
Full, incremental and differential backups
It's worth understanding the differences between these backup types, then using some mix of them for your preferred strategy. The definitions of full, incremental and differential can vary a little from software to software but, on the whole, here's the heads-up.
Full backup copies everything specified in full so, for instance, just the wp-content directory tree or just a dumped data file is backed up once.
Incremental backup creates a series of full backups.
Differential backup again backs up everything but, subsequently, replaces only changed files.
Which of these methods we use, or mix into a system, tends to depend on a site's individual situation and how that relates to the considerations raised on this page. Clearly though the ideal objective at any given time would be to have a perfect copy of the site in production. This is generally very simple for the static files but can rarely be achieved for a busy WordPress database with, for example, new comments being regularly posted.
How and where to backup
Let's cover the bases by weighing up the pros and cons of the most common backup scenarios before getting into the nitty-gritty of the best methods in the ensuing tutorials, both for web files and data and regardless of your local and remote machines and your hosting type.
- Backing up db + files on the web server
This lazy option is, unfortunately, a bad idea.
Backing up directly to the web server is better than nothing, sure. Until the disk fails, aah!
… Or until you get a particularly nasty server compromise, exposing your plaintext MySQL data file to a hacker.
… Or if the web host, for instance, cocks up a server swap. Unlikely, you'd think, but this has happened to me.
So, really, the server-side backup option simply won't fly.
- Backing up db + files by your web host
It's worth checking with your web host to ensure that they carry out daily backups. This is fairly standard stuff with copies of web files and databases stored on a third party box.
That said, don't rely on this as any more than an extra, last resort, may-work protection.
Aside from the many tales of backups gone astray you will likely save on your site's downtime if you have your own backup system to restore from.
- Backing up db to (web)mail
Probably more of an option for smaller databases, automated backups can be sent off-server via e-mail.
A webmail account could even be dedicated for this, freeing up a local mail client but, bear in mind, the data tends to be transferred and stored in plain text which is wholly uncool.
Of the available plugins, WordPress Database Backup (aka WP DB Backup) is about the best no-hassle option and can be scheduled to run anything from hourly to weekly:
- Backing up db and/or files to cloud storage
Clouds, virtual storage or, to ditch the Dutch, online disk space can be an excellent location for WordPress backup because, unlike the average local PC, these destinations are accessible from anywhere and are always on.
A new wave of WordPress plugins, designed solely for backup-to-cloud , has subsequently drifted over. For some, these plugins are ideal for WordPress and other backup requirements. Here's the best of the lot:
SMEStorage Multi-Cloud WordPress Backup
Forked from the popular WordPress Database Backup plugin, this schedules database and files backup. There's a wide choice of clouds with limited packages starting at $sweet-diddly and others storing data with 256bit AES encryption, which we like:
Automatic WordPress Backup
A similar take on this concept can be found with the likes of Automatic WordPress Backup. The difference here is that, paying a few bucks a month for an Amazon S3 space, the plugin backs up all your custom web files as well as the database. Given this full copy it's possible for the plugin to have a site restoration feature, which it does. Rather nice:THIS IS A PLACEHOLDER FOR CONTENT IN THE MIDDLE
Similar again. This infant plugin tests pretty well both on a typical shared host and on a VPS box. As well as backing up files and data to Amazon, Updraft rather likes the Rackspace Cloud and there are plans to add more fluffy centers:
Same sort of stuff, BackWPup's also worth a look:
Then there's Automattic's tailor-made, hot-off-the-WordPress offering, VaultPress, that sings similarly again but, such is their powerbase, with more development clout:
Unclouding the issue
Whether or not you find a cloud solution to fit your needs quite yet, the use of such storage as a cheap-to-free, convenient-to-boot WordPress backup solution is expanding. We are seeing backup-to-cloud services become less beta and more alpha, swiftly debugged and offering a wider range of cloud, site restoration, and other backup options.
Backing up backup!
Finally in this backup round-up it should be said: it's not a good idea to rely on a single destination for backups. Have a couple, with at least one of those on a local, independent hard drive. The other may be held on a cloud, else on a virtual machine. This is just plain sensible.
Whether using a Windows system such as Cobian with Tunnelier or, for Macs and Linux, scp and rsync commands, backing up at once to separate places involves little more than duplicating and tweaking a destination or command, so the set up is no great stretch.
So that just about covers the cross-platform backup strategies. Personally, I'd ignore all the (unnecessary and often half-baked) plugins on this page, and the cloud services which could themselves end up hacked and, depending on your local machine flavor, follow the advanced backup guides as linked at the top of this page in the “wpCop’s comprehensive backup series” box.
… Jus' my 2 cents.