Backup Options for WordPress Websites

On Wednesday we discussed the importance of backing up your website as part of a larger cybersecurity strategy.  Today we are going to look at feature considerations for you as you decide which backup plugin is right for you.

Personally, I have used both Backup WordPress and Updraft Plus, and I have been satisfied with both of them.  When you search for backup plugins, WordPress offers 1325 options.  How to choose from this huge selection?

  • Plug-in Rating – When on the WordPress plugin page, look at the star rating.  I wouldn’t bother with anything under 4 stars.  Look at the number of comments, which is the number in parenthesis after the stars.  You can click through to read the comments if you wish.  Take a look at the number of active installs.  More installations usually means more satisfied customers.  Your choice needs to be compatible with your version of WordPress.  (Do we need to tell you your version of WordPress should be the latest version?)

  • Free vs. Premium – There are usually free versions of most WordPress plugins, but the free version may be missing the functionality you need for your site.  Comparing prices for premium versions may be an important part of your decision process.
  • Secure Backup Administration – You want authentication to happen using TLS or some other encryption method to keep your user ID and password secure.  It is a good idea to require a different user and password for restoration than for backup, or for general site administration.
  • Restore Capability – You will want a backup solution that provides automatic restore capability.  If your site goes down, you will want it back as quickly as possible, without having to wade through a bunch of technical processes.
  • Backup Encryption – We are members of the “encrypt everything” camp, and this should apply to your backup files as well.  That way your files cannot be used by a cyber-thief.
  • Database Encryption Support – If you are collecting personal information from your site visitors or having them set up accounts controlled by user name and password, your WordPress database needs to be encrypted.  Make sure your backup solution will support this.
  • Encrypted File Transfer – If you are storing your backups to the cloud, make sure they are encrypted with TLS, SFTP, or SCP while in transit.
  • Migration Support  – What if you are moving your site to a new host?  Make sure your backup supports hosting site migration.
  • Multisite Support – If you are using the WordPress multisite functionality, make sure your backup solution can support it.

This should help you make a good choice from the many available options.  As I mentioned, I recently moved to Updraft Plus, and I can recommend this product for most of you.  Ask other WordPress site owners you know what they use, and ask them why they chose it.  But do something about backup for your website.  The saddest calls I get are from people who lost their site but have no backups.  There is nothing they can do but redesign the entire site from scratch.




About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.