I recently spoke about backups on the Josh Hall Podcast and stressed the importance of ‘offsite backups’. There are several things to consider with backups – from frequency to secure storage. It’s a rather boring topic, but at some point you’ll be glad for your backups..
The 321 backup strategy
I’m a big fan of the 321 strategy as a starting point for backing up any form of data. In the context of a WordPress site, it means having:
- At least 3 copies of the entire site and database (your live site counts as 1 copy!)
- At least 2 forms of media (e.g. a USB drive and Dropbox) to store the backups on
- 1 copy stored off-site (e.g. at a friends house).
Copy 1 – your live site
Your live site counts as 1 version of the data. A WordPress website consists of a MySQL database and several folders of files. Your theme, plugins, media and settings are all stored here. In most cases, the website files and database are hosted on the same server.
You don’t normally see the folders and database – the WordPress backend and editor save you from messing around with files and SQL queries.
Copy 2 – cloud backups
My favourite WordPress hosts allow you to automatically backup a website to cloud storage – e.g. AWS S3, Google Drive, Dropbox etc. These hosts usually have a 1-click restore process, allowing you to revert changes if things go wrong.
I must stress the importance of these backups being stored on a different server to your website. This means you can restore backups on a new server if your hosting hits an issue. I’ve seen sites get lost forever when hosts run into issues. Don’t trust your host to keep copies of your site!
Copy 3 – offsite backup on different media
These backups will save the day if your cloud accounts get compromised, infected with malware or lost.
Imagine your laptop gets infected with malware, which allows attackers to destroy live sites and delete cloud backups. This is a rather extreme and bleak scenario, but is worth defending against.
So download your site data at a frequency you’re happy with and store them on a USB drive, CD, floppy disk, hard drive or other media form of your choice!
Store the backups at a second location (e.g. a friend’s house) in case a disaster strikes at home.
It’s worth encrypting your backup drives and keeping recovery information (e.g. the password) handy. You can use Bitlocker on Windows to encrypt external drives – see Bitlocker to Go.
It’s hard to state frequency (hourly, daily, weekly) for taking backups, as each site will have different usage. A blog which rarely gets modified won’t need backing up as frequently as a busy ecommerce site.
A good frequency for low traffic sites could be 1 backup per day to cloud storage (automate this!) and 1 backup per month to your external storage.
If any of the following apply, you might need more frequent backups:
- the site processes orders
- the blog receives lots of comments
- the site gets edited daily
- data only gets stored on the site.
You should discuss backup frequency with your client and agree on something that works best for their needs and budget.
Ensure cloud backups can only be accessed by authorised users e.g yourself and the client that owns the site. If the cloud storage provider supports encryption at rest (like AWS S3 does), enable this!
Encrypt the external storage drive too, either by using Bitlocker or a 3rd party encryption software.