Does Your Backup Process Include Your Website?

Are you backing up your website?  If your web server crashed, how quickly could you get your site back online?  If your website is hijacked, compromised, or infected with a malicious download, how long would it take you to recover?

We have harped for years on the importance of backing up your data and files, and testing them to see if you can actually restore the backed up data.  This not only protects you from hard drive or other hardware failure, fire, flood, natural disaster, or malicious action by a disgruntled employee.  It is also a foundation element of good cybersecurity practice, and protects you from exploits such as the rash of crypto-ransomware exploits at large on the Internet.

Backing up your website is just as important, possibly more so if it is producing income for you.  If you are running a non-WordPress site, check with your hosting company to see what sort of backup options they might offer.  If you are using WordPress this is ridiculously easy to do if you install a backup plugin, something such as Updraft Plus, for instance.

But there are considerations to account for when designing your website backup strategy.

  • What to include – The database, any configuration files, and everything in the wp-content folder, which includes themes, plugins, and media files.  I usually back up the WordPress files once a week, but these can be restored by installing a fresh copy of WordPress.
  • Frequency – This depends a bit on your site, and how often the site content is changed. A good option is for a daily database backup and a weekly backup that includes everything else.
  • Retention – Another consideration is how long to keep your backups.  To recover from a site compromise or hijacking incident, you will need to go back to the last backup before your were compromised.  Sometimes site owners to not discover the incident for 6 months or more.  Having copies of every day from the last week, every week for the last month, every month for the last two years, might be one scheme to use.
  • Storage – Most WordPress backup plugins store backups on the same server the website is on.  They also provide for storage to other locations, including OneDrive, DropBox, or cloud locations provided by the Backup plugin company.  Do not keep all your eggs in one basket.  My recommendation is for a minimum of three copies in different locations with different service providers.  One on the hosting company server for speedy recovery, one in the cloud with a different company for good geographic separation, and one copy on your personal computer, or a hard drive you control locally.  By providing several copies in different physical locations, you should be able to weather most disasters.

Our next post on Friday will cover some of the feature consideration when looking a the spectrum of WordPress backup options.


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.