by Akshat Choudhary

BlogVault Security Update

On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results.

 

No Data Breached

In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.

We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.

 

BlogVault Plugin Vulnerability Fixed in Version 1.45

On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.

However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.

Since then, we have thoroughly investigated the issue and analyzed our entire system. We have found that the the above mentioned vulnerability was the only entry point that allowed malware to be injected into sites on which the BlogVault plugin was reachable.

The BlogVault plugin has been secure ever since the updates on version 1.45.

However, we have continued to strengthen the security of our plugin and as of the date on which this post is published, the latest version of the BlogVault plugin is 1.46. If your BlogVault plugin is older than 1.46, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).

 

Your data and backups are safe

As mentioned in our previous communication, your backups and data were safe and continue to be safe. They were never at risk. This includes:

  • Your backups
  • Your passwords
  • Your payment details

Please find below the details of the measures we have taken during the investigation to bolster the security of our service:

 

Preventive Security Measures Implemented

As a reflection of our commitment to security best practices, we have taken a list of preventive security measures during the investigation to ensure that this incident doesn’t repeat itself.

  • Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
  • We have actively scanned all sites to identify websites affected by this issue and to get them cleaned and secure.
  • We have also pushed an automatic update to the BlogVault plugin on most sites.
  • Moreover, we have taken and continue to take measures to ensure that neither the BlogVault plugin nor the servers can be exploited.

 

Your Trust Continues to Be Important to Us

During this period, many of you who have reached out to us via our chat channels, email or even Twitter. We realize that you have not received the level of service on which we pride ourselves, and for this we apologize.

At BlogVault we are committed to being transparent and accountable to you. I know that we had received some questions about details regarding the issue. We were unable to respond to them because we had prioritized the security of the affected sites of our customers. We also wanted to ensure that we would refrain from adding to any speculations and only communicate facts.

We have set up an FAQs page that addresses some of the questions you might have regarding the security issue (these are different from the FAQs we received at first), and address the measures we have taken to secure sites. Please find the link to this page here. https://blogvault.net/security-updates-faqs/

The security of your sites and your trust is of utmost importance to us at BlogVault. Please reach out to us with any further queries you might have.

 

Thank You

You have been extremely understanding and generous to me and my entire team over this period; and we want to personally thank you for that.

Security is an ongoing process and we remain committed to making our service more robust.

 

by Akshat Choudhary

Security Notification

We recently discovered a security breach at BlogVault which led to some data being exposed. Here are some details about the issue. We are currently in the middle of an extensive investigation and we will share updates with more detail as and when we learn more about the issue.

 

Update to The Latest Version

To mitigate risks from the data exposure we have updated our plugin with additional security measures. If you are learning about this for the first time and you are a BlogVault user then please update to BlogVault plugin version 1.45 from the WordPress plugin repository.

 

An ‘Updates Page’ for Clear Communication

We have reached out to all our customers informing them about the situation. We have also set up a ‘Security Updates’ page to be communicative throughout the process. The page also has some FAQs and contact details. Please follow this link for more details: https://blogvault.net/help/info

 

We understand that it can be frustrating for you; as it is for us, to not have all the information. We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete we will be able to share more details.

 

Lastly, we have reached out all BlogVault customers and we are deeply moved by the patience and understanding displayed by many of them. We are working round the clock and have prioritized safeguarding your data.

by Ruby Paulson

What You Should Takeaway from GitLab’s Database Deletion and Its Backups

GitLab deleted the wrong database, but when ineffective backup solutions got added to the mix, the site’s system admins had to battle the perfect storm to get the site online. The takeaway from this situation? Choose your backup solutions carefully.

 

GitLab's system admins battle the perfect storm of system errors and inefficient backups to get the site back online
GitLab’s system admins battle the perfect storm of system errors and inefficient backups to get the site back online

 

GitLab, the online tech hub, is facing issues as a result of an accidental database deletion that happened in the wee hours of last night. A tired, frustrated system administrator thought that deleting a database would solve the lag-related issues that had cropped up… only to discover too late that he’d executed the command for the wrong database.

What Went Wrong with GitLabs’ Backups

While the horror of the incident might have been mitigated by the fact that GitLab had not one but five backup methods in place, the problem was that all  of them were discovered to be ineffective. Here’s a quick run-through of the different backup methods GitLab had, and what went wrong with each of them:

  • The LVM snapshot backup wasn’t up-to-date– the last snapshot was manually created by the system admin 6 hours before the database deletion.
  • The backup furnished on a staging environment was not functional– it automatically had the webhooks removed, and the replication process from this source wasn’t trustworthy since it was prone to errors.
  • Their automatic backup solution was storing backups in an unknown location, and to top it, it seemed that older backups had been cleaned out.
  • Backups stored on Azure were incomplete: they only had data from the NFS server but not from the DB server
  • Another solution that was supposed to upload backups to Amazon S3 wasn’t working; so there were no backups in the bucket

 

As a result of these issues, the system admins are struggling to get the 6-hour old backup online. The progress of the data restoration has been closely followed by well-wishers, and many have appreciated the website’s transparency, especially under such duress.

 

How to Identify a Good Backup Solution

It’s certainly freaky that all the five backup solutions that GitLab had were ineffective, but this incident demonstrates that a number of things can go wrong with backups. The real aim for any backup solution, is to be able to restore data with ease… but simple oversights could render backup solutions useless. This is why you should watch out for the following traits in any backup solution:

  1. Backup solutions should match your need
    In the case of GitLabs, automatic backups were made once in every 24 hours. Considering the amount of data being added every minute, however, real-time backups would have been perfect for them. While not being the best in terms of data-conservation, the last manual backup was performed by the system admin 6 hours before the crash, and so was the most viable option. Choosing the right backup solution for your need requires the consideration of the frequency of data-addition, the levels of user activity, and the server load.
  2. Backup solutions should allow easy, quick restoration
    The problem with GitLab’s backups stored on its staging environment, was that the replication process was difficult to manage. When you’re already burdened with the responsibility of getting your site back up, you shouldn’t be worrying about the restoration process.
  3. The backup solution should be completely independent of your site… in a known location
    In the GitLab situation, the problem was not knowing the backup destination. This isn’t a problem with WordPress backup solutions,since they usually store backups on your site’s server… or on a personal storage account (such as Dropbox, Drive or Amazon S3). However, this means most of the time, they either require you to access your crashed site for backups… or they store the API key to these accounts on your site (which poses its own problems). Both these options present Catch-22 situations of ‘site is down so need backups, can’t access backups because site is down’. It’s important for you to know all there is to know about your backup destinations.
  4. The backup solution should backup your entire site
    Backups that only contain part of your site (such as GitLabs’ Azure backups) aren’t really reliable when your site goes down. In the case of WordPress backups, some solutions might backup your site except for custom tables (such as those installed by WooCommerce), so you need to be wary of such situations.
  5. You should be able to easily test your backups
    The real problem with all the backup solutions GitLabs had, was that they hadn’t previously tested them… and hence had to give them a hard second look after encountering restoration-related problems. The real concern is that their backups weren’t discovered to be inefficient until they actually needed them. This is why testing backups should be a part of your backup strategy.

 

We’re all human at the end of the day, and the job of a systems admin, especially when overloaded with spam, can never be taken lightly. This is why backups exist– to have an easy ‘undo’ in case there ever is an error, and your site goes down, or data is lost.
We can only hope that things go well for the GitLab team, as they rush to get their data back.

GitLab’s status can be monitored via this Twitter feed. (When this article was published, 73% of the database copy had been made).

by Suhas Udayakumar

Why Real-time Backup Are Really Important for WooCommerce Sites

 

Losing a single order has significant financial costs for online stores. Real-time backup for WooCommerce sites is the answer; but only if you know for what it is that you’re signing up.

For online stores, the clock does not confine business hours. The window is open 24/7 and users place orders at all times of the day. You cannot afford for either your site to go down or to lose even one of those orders. Both these scenarios will harm your revenue.

Despite all the security measures you take there is no fool-proof plan. For this reason, having a robust backup plan plays a key role in an online store’s strategy to safeguard orders, payments and other data.

 

You can't afford to lose any information on your WooCommerce points. This is why you need real-time backups

 

Online stores built on WordPress; the most popular CMS in the World, mostly use the WooCommerce plugin. If you too operate your business via the ‘WooCommerce window’ then it is important to know the challenges of backing up WooCommerce sites and the backup solutions available to you. Between 2010 and 2013, the average cost of downtime per minute increased by 54% from $5,000 to $8,000. While the average downtime during the same period decreased by only 11%, the cost of being offline is rising all the time.

 

What is WooCommerce?

A quick introduction— WooCommerce is a popular e-commerce platform for WordPress sites. The platform offers many extensions and themes to transform WordPress sites into online stores. As part of this, WooCommerce offers extensions for accounting, marketing, inventory, customer service, and payment gateways among others; to easily build e-commerce sites.

 

Regular Backups Aren’t Ideal for WooCommerce Sites

Regular backup solutions are not an ideal fit for WooCommerce sites. Transactions on online stores don’t occur at regular intervals. However, when they do happen, they are important and all of the data related to the transactions needs to be backed up. This cannot wait till the end of the interval which may be at the end of the day or the end of the hour.

Losing Orders– The “Oh, NO!” Moment

As we mentioned, on online stores orders trickle round-the-clock. The rate of orders received may vary through any given day, but all orders are equally important.

Just like, orders, the “Oh, NO!” moment can occur at any time of the day. Your website may start malfunctioning or crash at any given point of the day. Waiting for regular backups to backup hourly or daily would mean losing details about orders and transactions made on your website.

Frequent Backups Can Be Resource Intensive

If you decide to run regular backups frequently to avoid losing orders, then you will end up slowing down your site. If your backup plugin is performing backups every few minutes, then your server resources are split between making backups and responding to requests made by the visitors to your site. This will harm the user-experience. Lags in page load times or site performance is as good as turning away potential customers.

 

Real-time Backup for WooCommerce Sites Is the Answer

A backup solution needs to be comprehensive in backing up all the changes while making efficient use of resources to ensure that user-experience is not affected. Real-time backups is the answer for WooCommerce sites. However, not all real-time backup solutions are the same. Knowing what real-time backups do and knowing how different real-time backup solutions perform backups may make or break your site’s backup strategy.

What Are Real-time Backups?

Real-time backup tracks and save the changes to your site as and when they happen. For example, if a customer places an order on your website then that change is immediately tracked and saved. This ensures that you have the most up-to-date backups from which you can restore your site; and more importantly not lose any orders.

 

The Challenge of Backing Up WooCommerce Sites

WooCommerce sites cannot be backed up like regular WordPress sites.

A WordPress site has two parts– Files & Database. Database contains information about posts, pages and users apart from other things. In short, the database contains all the content on your site. Such information is stored in the form of tables on your WordPress site. These tables are known as standard tables and come with every WordPress installation.

However, a WooCommerce site has additional information to store which are all important to your business. To store this information, WooCommerce installs custom tables on your WordPress site when the WooCommerce plugin is installed. This is in addition to the standard WordPress tables. Below is a list of some WooCommerce tables and the information they contain.

WooCommerce installs custom tables to store information related to e-commerce stores

You cannot afford to not have backups because piecing together items, payment and shipping information for every order can be laborious and it is time that you simply cannot afford.

The immediate financial loss resulting from downtime is only around 1/5th of the overall loss according to estimates. The loss of trust in a potential buyer in returning to your site will continue to harm your revenues even after your site is up and running. This dip in trust, and orders; as part of the after-effect of downtime is said to account for the remaining 4/5th of the loss resulting from downtime.

 

Regular Real-time Backups Don’t Do the Trick for WooCommerce Sites

To be up and running as quickly as possible without losing data is the goal. To completely backup your WooCommerce site, it is obvious that your backup solution will need to backup both standard tables and WooCommerce custom tables in real-time.

Regular real-time backup solutions; however, do not backup custom tables installed by the WooCommerce plugin. This is a big problem because all the orders and payments are stored on the custom tables installed by the WooCommerce plugin. This renders regular real-time backups completely ineffective for WooCommerce sites.

Ask About the Method of Making Real-time Backups

Even if you find a real-time backup solution which backs up standard tables and WooCommerce custom tables; like BlogVault does, the method of making backups may impact the performance of your website and the efficacy of your backups. Broadly, there are two models of making real-time backups– the push model and the pull model.

First let us take a look at the push model…

Push Model of Making Real-time Backups

With the push model, your site ‘pings’ the backup server that an ‘event’ has occurred. The backup server then checks for what changes have occurred and then saves them to the backup server.

The Problem

With the push model, your site ‘pings’ the backup server that an ‘event’ has occurred

You can see that the push model requires constant communication between your site and the backup server. Although this seems like a good idea, chances are that the performance of the WordPress site may be suffering.

As in the case of frequent regular backups, with the push model your server resources are split between responding to requests made by your visitors and performing backups. This adversely impacts your site load times, and in turn your bottom line. Only 12% of people will wait an additional 5 seconds for a website to load.

Along with your site performance your backup speed may also suffer. If servers are overloaded, then there may be delays in performing backups; or worse backups may not happen at all. Such delays mean that the push model may not always offer ‘real-time’ backups after all.

The alternative is the pull model of real-time backups; and this where BlogVault comes into the picture.

 

Intelligent Real-time Backups by BlogVault

BlogVault’s real-time backup follows the pull model; and focuses on being comprehensive and efficient. Changes to your WordPress site are immediately tracked and saved on the site itself. The BlogVault (BV) servers checks for changes every 5 mins. and ‘pulls’ those changes to BV servers. Once the changes are securely saved to BV’s servers, then the next set of changes on the site are tracked and saved.

The pull model ensures that all the changes are saved without making excessive demands on your site’s server resources.

The pull model ensures that all the changes are saved without making excessive demands on your site’s server resources. The backup process doesn’t affect your site performance.

BlogVault Backs Up WooCommerce Tables As Well

Apart from utilizing the resource-efficient pull model for real-time backups, BlogVault backs up custom WooCommerce tables as well. This ensures that none of the data related to your orders is lost upon restoring your site.

If your backup solution does not automatically backup WooCommerce tables as well then it is not a viable option for e-commerce sites.

 

You Can’t Afford Not to Have Real-time Backups

Real-time backups are a real need for WooCommerce sites. While calculating the cost of downtime it is also important to understand the cost of not having an efficient solution for WooCommerce backups.

 

by Suhas Udayakumar

Cloud WordPress Backups Are Only Good When They’re Independent

Cloud WordPress backups are good when they are independent. They might not be if you’re using your personal cloud storage accounts(for example on Dropbox, Drive or Amazon S3). Read on to know how and why you shouldn’t do it.

 

Are your cloud storage accounts safe?

 

 

We know that following best practices to make WordPress backups means that your backups should not be dependent on your website/server/web host. This means that you must be able access and use your backups without having to access your WordPress site/server/web host. These kind of backups are known as independent backups and are according to best practices of performing WordPress backups.
However, it is easy to think that off-site backups are the same as independent backups. They are not. This is because off-site WordPress backups are not necessarily independent. This is has to do with how WordPress plugins upload backups to your accounts.

 

 

 

WordPress Backups Compromised by API Keys

Plugins which upload your WordPress backups to your Amazon S3, Drive, or Dropbox accounts usually store a copy of your account’s API key on your site. This is what allows those plugins to interact with your accounts, and upload backups. This is part of the setup procedure for many (if not all) backup plugins.

While making automatic uploads to an off-site location is a convenient option, doing so by storing API keys may not be the safest option for you. The simple reason for this is that it is the same as leaving the keys to your bank vault in your living room. The whole point of a vault is to secure whatever you store in there from being burgled. If you leave the keys to the vault, then you have granted access. Backups are also like your most precious possessions. They are what you depend on in your hour of need; hence they must be completely independent of your site.

Continuing from the previous point, if you are using a security key from your Amazon S3 account in multiple locations then your backups may be in trouble even if your site is safe. Even  if one of the sites using that particular security key is hacked then the hacker has access to all the contents on that account.

This is why BlogVault does not ask users for personal accounts but automatically stores multiple copies of backups in different destinations. All these copies are also encrypted; providing your data and additional layer of security. You can access them independent of your web host or WordPress site via your BlogVault dashboard.

 

Limited Storage Space

One of the major attractions of using these storage services as destinations for your WordPress backups is that they offer free storage space. However, if you make backups daily (as you should), and you have large site, then this may not be enough.

This is even more true if you are using the account for reasons other than backups or you are backing up multiple WordPress sites with the same account. Pretty soon you may find yourself paying extra for storage space. So, the economic benefits of not paying for storage may not stand for long; and these economic benefits are anyway diminished when compared to security concerns.

 

Cloud WordPress Backups in Personal Accounts May Equal Personal Data

In case of a hack, losing your backups and your business or blog data may be bad enough but that will certainly not be the end of it. The risk of using a personal storage account is simply too great when you consider that other information you store on the account which may be of a personal nature can also be at risk.

 

Restoring WordPress Backups

All backups have one purpose; restores– to recreate your site using your WordPress backup. Firstly you must have backups to use. Secondly, those backups must be functional and easy to restore. When you are using your personal accounts configured with the backup plugin on your site, both cannot be taken for granted.

The first point has been addressed in the very beginning of this list. As for the second point, even though you may have backup files, if they are altered in any way or are not secure, then using those backups to restore your WordPress site will do more harm than good to your business. BlogVault allows you to Test Restore your backups with a single-click. This way you will not be in doubt.

Even if the files are functional, backups are often uploaded in .zip folders. You may have to spend a considerable amount of time finding the right backup version to restore your site and then upload then .zip folder to your plugin to restore your site. However, this is not possible when your entire site is down because your backup plugin was on your site too. This is why you must be able to access and restore/migrate your backups completely independent of your WordPress site.

On the other hand if you manage to get your site running, then there still may be issues. Restoring a large site takes time and server resources. For this reason, they are, many times cut off. This makes full restores of large sites nearly impossible on some accounts; especially on shared hosting.

 

Cloud WordPress Backups Must Be Independent

If you have not checked your backups because your WordPress site is working fine at the moment, then you may be left with an unwanted surprise when your website goes down in the future.

Use best practices and opt for a service which will provide a comprehensive WordPress backup solution that will keep you worry-free, allowing you to enjoy the ride.

 

by Suhas Udayakumar

6 Points to Help You Choose the Best WordPress Backup Solution

An ideal WordPress backup solution offers a number of features. However, there are two questions you can ask that will help you choose the best WordPress backup plugin for you. They are , what features does the plugin have, and how do they work?

What Makes an Ideal WordPress Backup Plugin?

There is a long list of features which make an ideal WordPress backup plugin.

  • Multiple versions
  • Multiple copies of each version
  • Encrypted backups
  • Independent storage and access
  • Test Restore
  • One-click restore
  • One-click migration
  • Secure site settings

A combination of all of the above sounds like a good deal; doesn’t it?

Most of these features are covered between the popular backup options available on the market. Also, most premium options have most of the above mentioned features. However, it is not useful to say this. It is like saying that every car has an engine, seats, wheels and steering. Just like cars, when it comes to backup solutions, it is all about how they perform; and you really need to do your homework first.

 

Choosing the Best WordPress Backup Plugin

 

There are two points of entry to the debate on the best WordPress backup plugin. One is the differences in features between all the different plugins; despite the uniform titles. The other point of debate is the user experience. What does a good WordPress backup solution do, and how does it do it? Both these questions should be equally relevant.

In this article we explore how following best practices as well as being efficient can answer both: the ‘what’ and the ‘how’ questions.

 

1. WordPress Incremental Backup Plugin

Increased load times or frequent timeouts is highly undesirable in today’s competitive environment. This is is particularly a problem for WordPress sites on shared hosting. Incremental backups is perfect for such circumstances.

For example, let us say that you have photography focused website with high resolution images uploaded everyday. If your entire site had to be backed up daily, then chances are that the backups ruin the user experience of you site’s visitors or your backups may cut off for taking up too much server resources.

On the other hand, consider that automatic incremental backups of your WordPress site are done daily. After the first initial full backup, each day only the latest updates are backed up. This ensures that you don’t lose any data while the backup solution does not unnecessarily load your server resources. The plugin can scan the site for changes, recognize that the high resolution images are backed up, and only add the changes to the latest version of the backups. This means that, media – images and videos which are generally the the most heavy files on a site do not become an extra burden with incremental backups.

 

2. Control over entire WordPress database & all WordPress files

A WordPress sites contain files and tables. You must be able to know that all the tables, and files on your site have been backed up. If not you must be able to add them. This is possible when you have access to a list which gives you this kind of information; a good WordPress backup solution must offer such access. From such a list, you may also be able to download specific files from WordPress backup. The same applies to specific tables in your WordPress database as well. This depends on your requirements but you need to have the option.

Such a feature along with versioned backups allows for restoration of specific files instead of the entire site. This is important if you know the exact pain point on your site. It can be fixed with ease and minimize down-times. This type of granular control is essential when choosing a WordPress backup solution.

The dread of having to sift through thousands of files; when you’re running against the clock to get your site back up and get around to doing business, is unacceptable.

 

3. One-click Restore/Migrate

When you pay for a solution to do the work for you, then you shouldn’t have to manually restore or migrate your site. Otherwise, there is little point to lightening your wallet, is there? A plugin must allow for one-click WordPress restore and one-click migrate options. Managing your site’s functionality in the most critical hours must not be your headache. Usually in such instances inputting your SFTP credentials, destination URL and email id should be enough to easily migrate your WordPress site.

 

4. Test restore option

Apart from restores and migrations, it is equally important for you to be able to ensure that your backups or migrations work as desired. Allowing for a test environment to verify the functionality of different backup versions of your WordPress is just a good practice but unfortunately, most plugins don’t offer this. It boosts your confidence in your backups and ensures that the reputation of your blog/business is intact.

 

5. Great customer support

A service or product which does not allow you to track all the activities from the dashboard, notify you by email will only worry you about routine processes. If the time comes when you have to get your hands dirty, then you should not do the work yourself when you are paying for a service. This is reason you need great customer support.

 

6. Completely independent dashboard

With a completely independent dashboard you have access to and control over your backups always. This means that, unlike other plugins which store backups in your site’s files, you don’t have to restore your site to get your hands on your safety net a.k.a. your backups. Besides, the whole point of backups is to restore your site. If that is not supported well enough then backups are not good enough by themselves. You need to know that you have access to secure backups. Multiple copies of encrypted off-site backups is a must.

All the above mentioned best practices will ensure that you’ll find the right value for your money when you need the best WordPress backup plugin.

by Suhas Udayakumar

Beginner’s Guide: How to Manually Backup WordPress Database with phpMyAdmin

WordPress comprises two parts- files and database. WordPress core, plugins, themes, and uploads are saved as files. On the other hand, posts, comments, settings and users are stored as database. This article is a guide of how to manually backup WordPress database using phpMyAdmin. To know how to backup WordPress files check our article on how to manually backup WordPress files.

 

All WordPress posts, comments, etc are part of the database

 

Why backup your WordPress Database?

WordPress database stores your posts, pages, users and other information. In short, all the content you put up on the site. Without backing up the database you’ll lose all the content and users’ information  of your site. When it is time to restore all you’ll have is WordPress files with plugins and themes but no content.

 

How to Backup your WordPress Database?

Most web hosts have phpMyAdmin installed in their cPanel, so manually backing up your WordPress database is a simple 5-step process to download and backup the database on your entire site. In case you want to download specific files only, then you might have to go through a couple of more steps.

 

Steps to make WordPress database backup

Step 1:

Access phpMyAdmin through your cPanel dashboard. At this point, you’ll need to have your FTP details, username and password for the SQL database. Input the the username and password which was used to save your SQL database.

 

Input your your FTP details, username and password for the SQL database

 

Step 2:

Clicking on WordPress (or whatever is the name of the database you wish to backup) in the left hand column on your screen must reveal the tables.

 

Click on your database's name

 

Step 3:

Click on Export among the tabs on the top of your screen. This must reveal two simple options- Quick & Custom.

 

The Quick option

 

Choosing the Quick option would mean making the default choice to backup your entire database.

 

If this is not what you want to do and you want to backup specific tables, then you pick the Custom option. Here is where the options kick in. Having completed Step 2 you must now see a list of tables. You can select the specific ones you want to download and backup.

 

The Custom option

 

Step 4:

Choosing the file format of the database backup. You can do this, regardless of which option you pick in Step 3. Data is available in different file formats. You can choose the default option- SQL or pick any of the other formats in which to save your WordPress database. Click on GO and you are done.

 

Choosing the file format of the database backup

 

The download itself may take a few minutes depending on the size of your site. Remember, WordPress database backup covers only covers comments and users and so on. It is not a full backup of your WordPress site.

 

Backups are a means to an end. The end is always restoring your site. In your hour of need you should not have to fiddle with manual restores or deal with surprises. Backup both WordPress database and files and do one-click restore of your WordPress site with BlogVault.

 

by Suhas Udayakumar

Beginner’s Guide: How to Manually Backup WordPress Files Using FTP

Backing up your WordPress site means to backup both WordPress files as well as WordPress database. All WordPress sites contain both these parts. They store different sets of information and missing out on one or the other may mean that you’ll have a tough time restoring your site. While database stores posts, pages and users, among other things, WordPress files store all the plugins and themes, WP core installation, images and other files. In short, WordPress files are responsible for the look and feel of your site. Here, we show you how to manually backup WordPress files via FTP.

 

WordPress files affect the look and feel of your WordPress site

 

Clarification:

This article only deals with manually backing up your WordPress files using FTP. Backing up the WordPress database is a separate process; to know more about this process, refer to our guide How to Manually Backup WordPress Database Using phpMyAdmin.

Neither of these articles will help you restore your actual site.

Setup to Make WordPress Backups Using FTP

Let’s dive straight into it. To make WordPress backups using FTP, first you must have access to your site files. You can achieve this by setting up an FTP account. To setup an account, typically, you have to use ‘FTP Accounts’ via your cPanel dashboard. cPanel access is usually given by your web hosting provider when you sign up for the service.

Tip: If finding FTP Accounts in cPanel is proving difficult due to a cluttered dashboard then simply use  CTRL+F to make it easier.

To set up an FTP account you will need to input a login ID and password. Along with this, a directory will be created in your site files. Once you hit the ‘create FTP account’ button you must have access to your website files. (If you have trouble doing this then contact your web host service provider for assistance.)

 

Step 1: Install an FTP Client

In order to manipulate or act on the files you now have access to via your FTP account, you will need a tool. That tool is an FTP Client. FTP clients provide the interface for you to access your WordPress files. You can do so by entering your FTP account credentials.

For the purposes of demonstration, this article uses FileZilla. Download and install FileZilla.

 

Step 2: Manual Setup

In the case of FileZilla you’ll see a form at the top of the page to fill in your site IP address, your FTP account username, and password. Inputting these details and clicking on ‘Connect’ must allow the FTP client (in this case FileZilla) to connect to the server on which your site is hosted.

 

You can connect to your WordPress files via FTP

 

Once the FTP client establishes a connection you should be able to see your site directory on the right hand column- “Remote Site”. The left hand side shows the local folders and files (in this case, the files on your computer).

 

Creating a destination folder

 

Tip:

If you are not sure of which files you have to download then a useful guideline is to search for a directory containing folders such as “wp-admin” and “wp-content”. There will also be a bunch of files in that directory, such as “index.php” and “wp-config.php”.

 

Step 3: Create a Destination Folder for making WordPress Backup

Ensure that you have a destination folder on your computer to which you want to download the files. Usually it is best to create a new folder for each backup. It allows you to be organised and be more efficient when you want to restore from one of these backups.

You can create a new folder in the dashboard of the FTP client itself. Right click on the folder in which you wish to create the new folder and choose create new directory. Input a name for the folder and hit “Enter” and you’re done.

 

Step 4: Drag and Drop

From here on simply choose the WordPress files you want to backup by clicking on them. Holding the down the CTRL key when clicking will allow you to choose multiple files at once. Drag the chosen files from the ‘Remote Site section and drop them in the directory you just created in the ‘Local Site’ section. The download process must begin as soon as you do this.

 

The download will take a while

 

Fair warning… Downloading all the files may take a while. Grab a quick bite to eat or take walk. Before that ensure that your system has power and that your internet connection is stable.

If making manual backups it not feasible for you because of the time and effort it entails, then you can choose and WordPress backups services which automate the process for you.

You can not only track if all the files in your site and the tables in your database are getting backed up, but add/remove them to/from backups; and even download them whenever you desire. All by just clicking a couple of buttons- backup with ease and stay safe.

 

by Suhas Udayakumar

Why Managed WordPress Backups Are Better Than Standalone Backup Plugins

Reaching for your spare tire, only to find out that it is not working; or worse, that it is missing altogether is unacceptable. WordPress backups are a little more complicated than changing car tires and just like your car tires, there is a lot riding on them too. Your lifetime’s work or the hard-earned reputation of your business is at stake.

 

Building a WordPress website, and maintaining it along with its backups, is no joke.

 

The number of WordPress (WP) backup plugins that are available in the market today must make it seem that problems regarding backups are a thing of the past. But, as we said, backups are complicated. A lot can go wrong when you are using stand-alone plugins (meaning ones that operate on the Software-as-a-Product model).

The  WordPress Backup Plugins vs. managed WordPress Backup Service debate can be framed as Standalone Plugin vs. Software as a Service model (Saas).

Many articles refer to how the SaaS model economically benefits the end user, however, there are many use-case benefits too. In this article we’ll look at some common issues with stand-alone WP backup plugins, and how a managed WP backup service is a better option.

 

Why Your WordPress Backups Will Fail With the SaaP Model

Installing the plugin is the beginning. Once installed, a stand-alone WordPress backup plugin must be configured. Very often people underestimate how backup plugins may become relatively labor-intensive and accrue more expenditure over time. These may come in different forms including add-ons and premium account features that may be essential to your business.

Some problems you may run into when you’re using a stand-alone WP backup plugin include:

Configuration issues

  • Getting Started: Once a plugin is installed, a remote backup destination must be selected. You can select services like your Google Drive account, Dropbox, or Amazon S3 servers. After this, you must input the login credentials of those accounts.
  • Add-ons: To get the desired setup for your backups, your plugin may require that you buy an add-on. Add-ons can soon build up to become a considerable list. While calculating the cost of a plugin, add-ons must be accounted for, in order to get a fair estimate.
    • Saving backups in more than one destination may need an add-on, and extra charges may be applied.
    • Other features like encrypted backups of your website’s database may not be available unless you pay more for add-ons or upgrade to premium accounts. This means your backups are not really secure even after investing all this time, energy and money.
  • Tracking: Ensuring that backups are happening is important so that you know exactly what resources you have to draw upon in your hour of need.
    • If you’re storing backups on your Amazon S3 account, it needs to be configured to send you notifications when backups occur or when changes are made to files (these are called ‘event’ notifications).
    • Otherwise, you may have to pay more to your plugin company for email notifications. An alternative option is to login to WP website dashboard each time.
  • Key to Your Backups: While backing up your website to your Dropbox account or your own Amazon S3 account, most plugins store a copy of the API key/S3 access key on your WordPress site. The key is how the WordPress backup plugin on your site accesses the backup destination. This may not be in keeping with best practices of performing WordPress backups. In such cases, a hacker who has access to your site, may also have access to your backups via the security key.
  • Know-how: Managing your own Amazon S3 account requires you to know how the account stores your information (buckets, objects) and other points like access control, and versioning so that you can make sure that your data is secure.
  • When You Need to Restore: Apart from all these points, when you need to use your backups to restore your site, you’ll need to unzip the folders and manually restore the files correctly. This may not be the best option for everyone.
  • Storage Options: The plugin company may provide storage space. This option, like in the case of Amazon S3 servers, is an extra charge over the plugin that you must bear. It is a recurring cost to you, which must be paid periodically (monthly/quarterly).

Notification Issues
Like we mentioned backups are complicated. If for any reason backups stop happening or problem occurs, then it is important that you’re notified immediately. For example, an error in the plugin has stopped it from backing up your site without notifying you. Otherwise if you have exceeded the storage limit of your backup destination then backups may stop occurring. Regardless of the scenario immediate notifications are very important.

The burden of solving all of these issues; on top of running your business/blog, fall on you, when you purchase a software product.

Regardless of the cause, the net result is that you’re stranded on the freeway, with no (usable) spare and your tire is a software product. This means, it’s likely that you may not have anyone to call for ‘tech support’. This is not a scenario you want to be caught in when you look for your backups.

Now consider that an expert is looking after your tires, maintaining the air pressure, checking the rims and upgrading the tire as the weather and the terrain changes; along with making sure that it is in the boot of your car. This would simplify and enhance your business, wouldn’t it?

 

How to Ensure That Your WordPress Backup Always Works

And, how can the SaaS model solve the issues mentioned above, for you?

 

When you get a subscription to a software, you are getting a service. A team of experts are managing and maintaining the software and the hardware. They are responsible for granting you access.

Let us clarify, SaaS doesn’t mean that there is no need to download and install a plugin. As in the case of BlogVault, the plugin can be very light as all the complexity sits on the provider’s server, where the heavy-lifting is done. For the user this means:

  • Zero-configuration: Install the plugin and it begins its work. You are ready to use BlogVault from the moment your subscription is active. The backup process starts automatically when you first login.

(This is the main reason this list is relatively short. Remember the long list of configuration issues with standalone backup plugins? Web-hosted software means, all of that responsibility for the managing the plugin and off-site storage is off your hands. Everything is covered for in the subscription.)

  • Lesser load on the site, better performance–  Site performance and page load times are crucial to delivering good user experience cannot be overstated, as even marginal differences show measurable changes in results.
  • Rapid Updates: Updates happen mostly on the service provider’s server, reducing the frequency of updates required on your site.
  • Backups are safe even when your site is compromised: Backups; because they are completely independent of your website, are accessible even when your website is down. You don’t need to get your site running to access your backups.
  • Incremental Backups: This means large sites are also completely backed up without hassle. Backing up only the changes means faster and more efficient backups.
  • Expert Tech Support: A team of experts maintain the software and the hardware. You can not only count on tech support, but know that the team can be highly responsive as they are maintaining the backups themselves. This can help at times of Test Restore, Auto Restore and Migrations. For more on these features you can check out BlogVault.

 
Now you know the differences between SaaP and SaaS models in the context of WordPress Backup. Make an informed choice that gives you the most scope for developing your business, without adding to your task list or financial burden.

 

by Suhas Udayakumar

The Importance of Testing WordPress Backups and How to Do It Easily

Testing WordPress backups is simply a necessary part of a good backup solution. However, testing multiple backup versions can be a technical and cumbersome. (Find out) How to best test WordPress backups?

 

When you have multiple backups, it's important to test them.
When you have multiple backups, it’s important to test them.

 

The Problem: How Do You Know If Your Backups Work?

One of the most important tenets of a backup solution is the ability to test the backups. Backups serve one main purpose– restores. When your site goes down, the worst that can happen is that, at the time of restoring your site you find out that the backup is not proper.

The one way to avoid that problem is to regularly test your backups and to definitely test your backups before you restore them. The one reason why many may not venture to do it is simply because testing backups is not always easy.

 

Backups Can Go Wrong: Testing Backups is Important

Testing backups, however, is a very important part of  having a robust backup solution. This is because, a number of things can and do go wrong with backups; and the consequence is that you cannot restore your site quickly and efficiently. What is the point of having a defunct spare tire when the tire on your car gets punctured?

Running out of storage space, leaving out necessary or important files are only some of the things which can affect your backups and eventually your site. When you use a backup solution; like a WordPress backup plugin, or the backups provided by your hosting service, you never really know if the backup contains all the files or even if the backups have happened correctly. You may say that you are getting notifications but that does is not the same as verifying that backups are occurring properly. Even when you download a backup it is generally in a .zip folder. How can you be sure that the .zip folder will function correctly once the backup is restored?

 

Restore Only After Testing WordPress Backups

Trust is a big aspect of online business. A survey says that 88% of respondents don’t trust sites that crash often; and only 12% of respondent will wait an additional 5 secs for your site to load. This means your restore must be quick and you should also be sure that your site will function correctly.

A WordPress site functions on a mixture of plugins and themes; together they form a precariously balanced ecosystem– your WordPress site. Many times, when something on your WordPress site is not functioning correctly it may not be a direct result of an update or a newly installed plugin. If it is so, then it is easy to pinpoint the problem. However, it is rarely that simple. Sometimes, the problem surfaces after a few days or even after a couple of weeks. Chances are that you have done a few changes to your site in that time.

Let us say that you have

  • Updated some plugins
  • Installed a new theme
  • Installed 2 new plugins

These changes are all spread over different versions over the last month. The challenge is to pinpoint the change which caused the issue. You can’t set up a separate environment to test all of the versions. It is simply not feasible. On the other hand if you restore without testing the probable backup versions you will end with the same problems as before.

 

The Challenge: Testing Backups is Technical & Laborious

To test backups you need an environment to which you can upload the backup and test it. This means you will need to:

  • Create a testing environment
  • Set up a new URL
  • Restore the backup to that environment

All of this is laborious and technical work. Engaging in this activity along with your everyday business is cumbersome. Even if you go through all the trouble and test your latest backup version. If that is not working as properly then you have to go down the list testing each version. This means you may not test your backups; or at least not test all the backup versions of your website. It is important to test all the backup versions because you never know which one you’ll need at the time of restoring your site. The more difficult a task gets the less we seem to engage in doing it.

Even if you’re willing to take on the task, there is one more point to consider. Once the testing is done you’ll need to find a way to get rid of this environment. Otherwise maintaining it will become another chore on your task list. This is not ideal.

 

The One-Click Solution

A backup solution must make it easy for you to test your backups instead of creating additional hassles. A solution which allows you to test backups must make it feasible to test multiple versions; and this is the marker of a good testing environment.

BlogVault offers the Test Restore functionality, an option to test any and all of your backups versions with a single click. An exact, fully functioning copy of the site is generated from the chosen backup version, and loaded to BlogVault’s test servers.

BlogVault maintains at least 30 versions of your WordPress site’s backup. You can choose any of those versions to ‘Test Restore’. Once the backup version is chosen it is loaded to Blogvault’s test servers.

In this environment you can not only test how your backup will work once it is restored but also test what happens if you make changes. After the backup is uploaded to BlogVault’s test servers, you’ll also receive the SFTP credentials to the ‘test site’. This way you can also test any updates or changes you want to make to that particular  backup version. It is completely independent of your live site, and fully functioning. In other words, ideal testing conditions for your backups.

BlogVault’s Test Restore functionality is a pain-free solution.

Having a test-copy of your site has many benefits

Streamline Testing with Backup Descriptions

If you are using the BlogVault service then you can track the changes easily. Each backup version has a description. This allows you to know not only the date and time of the backup, but also what has changed in the site since the last backup. These changes may include

  • Number of files
  • Number of tables
  • Updates to plugins, themes, WP Core
  • New plugins or themes installed, etc.

 

Having descriptions for every backup helps

 

You can possibly narrow down the backup versions to be tested. Once the shortlist is ready, you can then test them all; as mentioned, with a single click.

Learn more about Blogvault’s Test Restore and Try BlogVault for Free today.