Does Your Backup Process Include Your Website?

Are you backing up your website?  If your web server crashed, how quickly could you get your site back online?  If your website is hijacked, compromised, or infected with a malicious download, how long would it take you to recover?

We have harped for years on the importance of backing up your data and files, and testing them to see if you can actually restore the backed up data.  This not only protects you from hard drive or other hardware failure, fire, flood, natural disaster, or malicious action by a disgruntled employee.  It is also a foundation element of good cybersecurity practice, and protects you from exploits such as the rash of crypto-ransomware exploits at large on the Internet.

Backing up your website is just as important, possibly more so if it is producing income for you.  If you are running a non-WordPress site, check with your hosting company to see what sort of backup options they might offer.  If you are using WordPress this is ridiculously easy to do if you install a backup plugin, something such as Updraft Plus, for instance.

But there are considerations to account for when designing your website backup strategy.

  • What to include – The database, any configuration files, and everything in the wp-content folder, which includes themes, plugins, and media files.  I usually back up the WordPress files once a week, but these can be restored by installing a fresh copy of WordPress.
  • Frequency – This depends a bit on your site, and how often the site content is changed. A good option is for a daily database backup and a weekly backup that includes everything else.
  • Retention – Another consideration is how long to keep your backups.  To recover from a site compromise or hijacking incident, you will need to go back to the last backup before your were compromised.  Sometimes site owners to not discover the incident for 6 months or more.  Having copies of every day from the last week, every week for the last month, every month for the last two years, might be one scheme to use.
  • Storage – Most WordPress backup plugins store backups on the same server the website is on.  They also provide for storage to other locations, including OneDrive, DropBox, or cloud locations provided by the Backup plugin company.  Do not keep all your eggs in one basket.  My recommendation is for a minimum of three copies in different locations with different service providers.  One on the hosting company server for speedy recovery, one in the cloud with a different company for good geographic separation, and one copy on your personal computer, or a hard drive you control locally.  By providing several copies in different physical locations, you should be able to weather most disasters.

Our next post on Friday will cover some of the feature consideration when looking a the spectrum of WordPress backup options.


About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.