Recently, I was sent an e-mail from a ‘cyber agent’ informing my blog software has a flaw in it, that this ‘cyber agent’ had gained access to the administration panel, to prove this I was provided with the encrypted password and my username with login details. While, it turned out that this was not my main blog and just some blog software I was testing at some stage and never bothered to upgrade – so I was always safe – in that respect, as I always stay up to date with software renewals on my main sites.
This did start me thinking about blog security, or perhaps more importantly if something did happen are my backups ready if the worst happens, and if so does this mean I can turn back the clock and have my blog fully restored. As a wordpress user there is a few simple options you can utilise, but no matter what software you use the following rule is golden.
Check with your web-host, how often do they do full backups of your sites data, meaning your database and all files you have associated with your website, and should you need access to these files to restore the data ,what is the required process. If you are in Ireland check out Letshost.ie who have a great backup policy. Some hosts have cPanel installed which will allow you to run a full backup also.
Step 1 – The database
The wordpress backup plugin, is a great tool for backing up your wordpress database – that is everything you have written on your blog, and the actual database that supports this. You can use this plugin to schedule a regular backup – which is e-mailed to you on a specified basis. Once activated you will find a backup option under the manage menu, I would strongly recommend against saving the backup to the server, as this may be publicly accessible, having it e-mailed is a good idea, or better still saving to your PC. I find deleting spam before backup is a great idea to speed up the download, particularly relevant for those with slower connections and you really don’t need a spam backup, easy to do if you use Askimet. Remember this backup process does not include any themes, plugins, images, or wordpress php and config files.
Step 2 – The files
Getting the rest of the files is the next part, using your favorite FTP client, such as FileZilla (free), log on via FTP to your wordpress installation and copy the entire folder including subdirectories, ensuring your themes, uploaded images, plugins and modified files are all in there, which they should be anyway, and copy to your PC. This process may take a while depending on the amount of data and your broadband connection.
The files should then be backed-up to a CD or external hard-drive , it seems unlikely but a server and a PC going down does happen. You should backup your wordpress database often using the schedule on the plugin (or manually if you prefer), unless you do not post very often, every week/month is a good starting point, and also backup your wordpress files, this – maybe once a month is ok, but if you make template changes and wordpress changes you’ll want this reflected in your backups and so backing up at that point is wise.
Points to note
You don’t need to become a backup freak, but just remember to do it, a simply entry to Google calendar to remind you when to do it is a nice idea, they even send you text reminders, you have no excuse really.
Unless you do both steps above you really only have a partial backup of your blog.