On February 6, I had written a blog post regarding a possible security breach at BlogVault. Since then we have been conducting a thorough investigation into the issue. We have concluded the investigations. This post outlines its results.
No Data Breached
In our previous communication with you, we had mentioned that there had been a data breach. After detailed investigations, we found that the issue was a vulnerability in the BlogVault plugin, and none of the data on our servers were exposed.
We have ensured to cover every aspect of our system in our investigations, which involved inspecting the logs for our system as well as that of affected and unaffected sites. We also reviewed the attack payload with great detail.
BlogVault Plugin Vulnerability Fixed in Version 1.45
On Feb 4, we learned that we were using ‘unserialize’ PHP function on unverified data in BlogVault plugin versions 1.40 to version 1.44. We fixed it on the same day (Feb 4) with plugin version 1.45.
However, we had assumed the worst, and communicated with our customers the same day about the security issue. Following this, we also made a public announcement about it via a blog post.
Since then, we have thoroughly investigated the issue and analyzed our entire system. We have found that the the above mentioned vulnerability was the only entry point that allowed malware to be injected into sites on which the BlogVault plugin was reachable.
The BlogVault plugin has been secure ever since the updates on version 1.45.
However, we have continued to strengthen the security of our plugin and as of the date on which this post is published, the latest version of the BlogVault plugin is 1.46. If your BlogVault plugin is older than 1.46, we request you to update to the latest version available in the WordPress repository (https://wordpress.org/plugins/blogvault-real-time-backup/ ).
Your data and backups are safe
As mentioned in our previous communication, your backups and data were safe and continue to be safe. They were never at risk. This includes:
Your backups
Your passwords
Your payment details
Please find below the details of the measures we have taken during the investigation to bolster the security of our service:
Preventive Security Measures Implemented
As a reflection of our commitment to security best practices, we have taken a list of preventive security measures during the investigation to ensure that this incident doesn’t repeat itself.
Updates made with versions 1.45, and 1.46 of the BlogVault plugin were a part of the measures to strengthen the security of the plugin.
We have actively scanned all sites to identify websites affected by this issue and to get them cleaned and secure.
We have also pushed an automatic update to the BlogVault plugin on most sites.
Moreover, we have taken and continue to take measures to ensure that neither the BlogVault plugin nor the servers can be exploited.
Your Trust Continues to Be Important to Us
During this period, many of you who have reached out to us via our chat channels, email or even Twitter. We realize that you have not received the level of service on which we pride ourselves, and for this we apologize.
At BlogVault we are committed to being transparent and accountable to you. I know that we had received some questions about details regarding the issue. We were unable to respond to them because we had prioritized the security of the affected sites of our customers. We also wanted to ensure that we would refrain from adding to any speculations and only communicate facts.
We recently discovered a security breach at BlogVault which led to some data being exposed. Here are some details about the issue. We are currently in the middle of an extensive investigation and we will share updates with more detail as and when we learn more about the issue.
We have reached out to all our customers informing them about the situation. We have also set up a ‘Security Updates’ page to be communicative throughout the process. The page also has some FAQs and contact details. Please follow this link for more details: https://blogvault.net/help/info
We understand that it can be frustrating for you; as it is for us, to not have all the information. We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete we will be able to share more details.
Lastly, we have reached out all BlogVault customers and we are deeply moved by the patience and understanding displayed by many of them. We are working round the clock and have prioritized safeguarding your data.
Losing a single order has significant financial costs for online stores. Real-time backup for WooCommerce sites is the answer; but only if you know for what it is that you’re signing up.
For online stores, the clock does not confine business hours. The window is open 24/7 and users place orders at all times of the day. You cannot afford for either your site to go down or to lose even one of those orders. Both these scenarios will harm your revenue.
Despite all the security measures you take there is no fool-proof plan. For this reason, having a robust backup plan plays a key role in an online store’s strategy to safeguard orders, payments and other data.
Online stores built on WordPress; the most popular CMS in the World, mostly use the WooCommerce plugin. If you too operate your business via the ‘WooCommerce window’ then it is important to know the challenges of backing up WooCommerce sites and the backup solutions available to you. Between 2010 and 2013, the average cost of downtime per minute increased by 54% from $5,000 to $8,000. While the average downtime during the same period decreased by only 11%, the cost of being offline is rising all the time.
What is WooCommerce?
A quick introduction— WooCommerce is a popular e-commerce platform for WordPress sites. The platform offers many extensions and themes to transform WordPress sites into online stores. As part of this, WooCommerce offers extensions for accounting, marketing, inventory, customer service, and payment gateways among others; to easily build e-commerce sites.
Regular Backups Aren’t Ideal for WooCommerce Sites
Regular backup solutions are not an ideal fit for WooCommerce sites. Transactions on online stores don’t occur at regular intervals. However, when they do happen, they are important and all of the data related to the transactions needs to be backed up. This cannot wait till the end of the interval which may be at the end of the day or the end of the hour.
Losing Orders– The “Oh, NO!” Moment
As we mentioned, on online stores orders trickle round-the-clock. The rate of orders received may vary through any given day, but all orders are equally important.
Just like, orders, the “Oh, NO!” moment can occur at any time of the day. Your website may start malfunctioning or crash at any given point of the day. Waiting for regular backups to backup hourly or daily would mean losing details about orders and transactions made on your website.
Frequent Backups Can Be Resource Intensive
If you decide to run regular backups frequently to avoid losing orders, then you will end up slowing down your site. If your backup plugin is performing backups every few minutes, then your server resources are split between making backups and responding to requests made by the visitors to your site. This will harm the user-experience. Lags in page load times or site performance is as good as turning away potential customers.
Real-time Backup for WooCommerce Sites Is the Answer
A backup solution needs to be comprehensive in backing up all the changes while making efficient use of resources to ensure that user-experience is not affected. Real-time backups is the answer for WooCommerce sites. However, not all real-time backup solutions are the same. Knowing what real-time backups do and knowing how different real-time backup solutions perform backups may make or break your site’s backup strategy.
What Are Real-time Backups?
Real-time backup tracks and save the changes to your site as and when they happen. For example, if a customer places an order on your website then that change is immediately tracked and saved. This ensures that you have the most up-to-date backups from which you can restore your site; and more importantly not lose any orders.
The Challenge of Backing Up WooCommerce Sites
WooCommerce sites cannot be backed up like regular WordPress sites.
A WordPress site has two parts– Files & Database. Database contains information about posts, pages and users apart from other things. In short, the database contains all the content on your site. Such information is stored in the form of tables on your WordPress site. These tables are known as standard tables and come with every WordPress installation.
However, a WooCommerce site has additional information to store which are all important to your business. To store this information, WooCommerce installs custom tables on your WordPress site when the WooCommerce plugin is installed. This is in addition to the standard WordPress tables. Below is a list of some WooCommerce tables and the information they contain.
You cannot afford to not have backups because piecing together items, payment and shipping information for every order can be laborious and it is time that you simply cannot afford.
The immediate financial loss resulting from downtime is only around 1/5th of the overall loss according to estimates. The loss of trust in a potential buyer in returning to your site will continue to harm your revenues even after your site is up and running. This dip in trust, and orders; as part of the after-effect of downtime is said to account for the remaining 4/5th of the loss resulting from downtime.
Regular Real-time Backups Don’t Do the Trick for WooCommerce Sites
To be up and running as quickly as possible without losing data is the goal. To completely backup your WooCommerce site, it is obvious that your backup solution will need to backup both standard tables and WooCommerce custom tables in real-time.
Regular real-time backup solutions; however, do not backup custom tables installed by the WooCommerce plugin. This is a big problem because all the orders and payments are stored on the custom tables installed by the WooCommerce plugin. This renders regular real-time backups completely ineffective for WooCommerce sites.
Ask About the Method of Making Real-time Backups
Even if you find a real-time backup solution which backs up standard tables and WooCommerce custom tables; like BlogVault does, the method of making backups may impact the performance of your website and the efficacy of your backups. Broadly, there are two models of making real-time backups– the push model and the pull model.
First let us take a look at the push model…
Push Model of Making Real-time Backups
With the push model, your site ‘pings’ the backup server that an ‘event’ has occurred. The backup server then checks for what changes have occurred and then saves them to the backup server.
The Problem
You can see that the push model requires constant communication between your site and the backup server. Although this seems like a good idea, chances are that the performance of the WordPress site may be suffering.
As in the case of frequent regular backups, with the push model your server resources are split between responding to requests made by your visitors and performing backups. This adversely impacts your site load times, and in turn your bottom line. Only 12% of people will wait an additional 5 seconds for a website to load.
Along with your site performance your backup speed may also suffer. If servers are overloaded, then there may be delays in performing backups; or worse backups may not happen at all. Such delays mean that the push model may not always offer ‘real-time’ backups after all.
The alternative is the pull model of real-time backups; and this where BlogVault comes into the picture.
Intelligent Real-time Backups by BlogVault
BlogVault’s real-time backup follows the pull model; and focuses on being comprehensive and efficient. Changes to your WordPress site are immediately tracked and saved on the site itself. The BlogVault (BV) servers checks for changes every 5 mins. and ‘pulls’ those changes to BV servers. Once the changes are securely saved to BV’s servers, then the next set of changes on the site are tracked and saved.
The pull model ensures that all the changes are saved without making excessive demands on your site’s server resources. The backup process doesn’t affect your site performance.
BlogVault Backs Up WooCommerce Tables As Well
Apart from utilizing the resource-efficient pull model for real-time backups, BlogVault backs up custom WooCommerce tables as well. This ensures that none of the data related to your orders is lost upon restoring your site.
If your backup solution does not automatically backup WooCommerce tables as well then it is not a viable option for e-commerce sites.
You Can’t Afford Not to Have Real-time Backups
Real-time backups are a real need for WooCommerce sites. While calculating the cost of downtime it is also important to understand the cost of not having an efficient solution for WooCommerce backups.
Cloud WordPress backups are good when they are independent. They might not be if you’re using your personal cloud storage accounts(for example on Dropbox, Drive or Amazon S3). Read on to know how and why you shouldn’t do it.
We know that following best practices to make WordPress backups means that your backups should not be dependent on your website/server/web host. This means that you must be able access and use your backups without having to access your WordPress site/server/web host. These kind of backups are known as independent backups and are according to best practices of performing WordPress backups. However, it is easy to think that off-site backups are the same as independent backups. They are not. This is because off-site WordPress backups are not necessarily independent. This is has to do with how WordPress plugins upload backups to your accounts.
All independent backups are off-site. But not all off-site backups are independent! https://t.co/j3DWr7qHLN
Plugins which upload your WordPress backups to your Amazon S3, Drive, or Dropbox accounts usually store a copy of your account’s API key on your site. This is what allows those plugins to interact with your accounts, and upload backups. This is part of the setup procedure for many (if not all) backup plugins.
While making automatic uploads to an off-site location is a convenient option, doing so by storing API keys may not be the safest option for you. The simple reason for this is that it is the same as leaving the keys to your bank vault in your living room. The whole point of a vault is to secure whatever you store in there from being burgled. If you leave the keys to the vault, then you have granted access. Backups are also like your most precious possessions. They are what you depend on in your hour of need; hence they must be completely independent of your site.
Continuing from the previous point, if you are using a security key from your Amazon S3 account in multiple locations then your backups may be in trouble even if your site is safe. Even if one of the sites using that particular security key is hacked then the hacker has access to all the contents on that account.
This is why BlogVault does not ask users for personal accounts but automatically stores multiple copies of backups in different destinations. All these copies are also encrypted; providing your data and additional layer of security. You can access them independent of your web host or WordPress site via your BlogVault dashboard.
Limited Storage Space
One of the major attractions of using these storage services as destinations for your WordPress backups is that they offer free storage space. However, if you make backups daily (as you should), and you have large site, then this may not be enough.
This is even more true if you are using the account for reasons other than backups or you are backing up multiple WordPress sites with the same account. Pretty soon you may find yourself paying extra for storage space. So, the economic benefits of not paying for storage may not stand for long; and these economic benefits are anyway diminished when compared to security concerns.
Cloud WordPress Backups in Personal Accounts May Equal Personal Data
In case of a hack, losing your backups and your business or blog data may be bad enough but that will certainly not be the end of it. The risk of using a personal storage account is simply too great when you consider that other information you store on the account which may be of a personal nature can also be at risk.
Restoring WordPress Backups
All backups have one purpose; restores– to recreate your site using your WordPress backup. Firstly you must have backups to use. Secondly, those backups must be functional and easy to restore. When you are using your personal accounts configured with the backup plugin on your site, both cannot be taken for granted.
The first point has been addressed in the very beginning of this list. As for the second point, even though you may have backup files, if they are altered in any way or are not secure, then using those backups to restore your WordPress site will do more harm than good to your business. BlogVault allows you to Test Restore your backups with a single-click. This way you will not be in doubt.
Even if the files are functional, backups are often uploaded in .zip folders. You may have to spend a considerable amount of time finding the right backup version to restore your site and then upload then .zip folder to your plugin to restore your site. However, this is not possible when your entire site is down because your backup plugin was on your site too. This is why you must be able to access and restore/migrate your backups completely independent of your WordPress site.
On the other hand if you manage to get your site running, then there still may be issues. Restoring a large site takes time and server resources. For this reason, they are, many times cut off. This makes full restores of large sites nearly impossible on some accounts; especially on shared hosting.
Cloud WordPress Backups Must Be Independent
If you have not checked your backups because your WordPress site is working fine at the moment, then you may be left with an unwanted surprise when your website goes down in the future.
Use best practices and opt for a service which will provide a comprehensive WordPress backup solution that will keep you worry-free, allowing you to enjoy the ride.
Reaching for your spare tire, only to find out that it is not working; or worse, that it is missing altogether is unacceptable. WordPress backups are a little more complicated than changing car tires and just like your car tires, there is a lot riding on them too. Your lifetime’s work or the hard-earned reputation of your business is at stake.
The number of WordPress (WP) backup plugins that are available in the market today must make it seem that problems regarding backups are a thing of the past. But, as we said, backups are complicated. A lot can go wrong when you are using stand-alone plugins (meaning ones that operate on the Software-as-a-Product model).
Many articles refer to how the SaaS model economically benefits the end user, however, there are many use-case benefits too. In this article we’ll look at some common issues with stand-alone WP backup plugins, and how a managed WP backup service is a better option.
Why Your WordPress Backups Will Fail With the SaaP Model
Installing the plugin is the beginning. Once installed, a stand-alone WordPress backup plugin must be configured. Very often people underestimate how backup plugins may become relatively labor-intensive and accrue more expenditure over time. These may come in different forms including add-ons and premium account features that may be essential to your business.
Some problems you may run into when you’re using a stand-alone WP backup plugin include:
Configuration issues
Getting Started: Once a plugin is installed, a remote backup destination must be selected. You can select services like your Google Drive account, Dropbox, or Amazon S3 servers. After this, you must input the login credentials of those accounts.
Add-ons: To get the desired setup for your backups, your plugin may require that you buy an add-on. Add-ons can soon build up to become a considerable list. While calculating the cost of a plugin, add-ons must be accounted for, in order to get a fair estimate.
Saving backups in more than one destination may need an add-on, and extra charges may be applied.
Other features like encrypted backups of your website’s database may not be available unless you pay more for add-ons or upgrade to premium accounts. This means your backups are not really secure even after investing all this time, energy and money.
Tracking: Ensuring that backups are happening is important so that you know exactly what resources you have to draw upon in your hour of need.
If you’re storing backups on your Amazon S3 account, it needs to be configured to send you notifications when backups occur or when changes are made to files (these are called ‘event’ notifications).
Otherwise, you may have to pay more to your plugin company for email notifications. An alternative option is to login to WP website dashboard each time.
Key to Your Backups: While backing up your website to your Dropbox account or your own Amazon S3 account, most plugins store a copy of the API key/S3 access key on your WordPress site. The key is how the WordPress backup plugin on your site accesses the backup destination. This may not be in keeping with best practices of performing WordPress backups. In such cases, a hacker who has access to your site, may also have access to your backups via the security key.
Know-how: Managing your own Amazon S3 account requires you to know how the account stores your information (buckets, objects) and other points like access control, and versioning so that you can make sure that your data is secure.
When You Need to Restore: Apart from all these points, when you need to use your backups to restore your site, you’ll need to unzip the folders and manually restore the files correctly. This may not be the best option for everyone.
Storage Options: The plugin company may provide storage space. This option, like in the case of Amazon S3 servers, is an extra charge over the plugin that you must bear. It is a recurring cost to you, which must be paid periodically (monthly/quarterly).
Notification Issues
Like we mentioned backups are complicated. If for any reason backups stop happening or problem occurs, then it is important that you’re notified immediately. For example, an error in the plugin has stopped it from backing up your site without notifying you. Otherwise if you have exceeded the storage limit of your backup destination then backups may stop occurring. Regardless of the scenario immediate notifications are very important.
The burden of solving all of these issues; on top of running your business/blog, fall on you, when you purchase a software product.
Regardless of the cause, the net result is that you’re stranded on the freeway, with no (usable) spare and your tire is a software product. This means, it’s likely that you may not have anyone to call for ‘tech support’. This is not a scenario you want to be caught in when you look for your backups.
Now consider that an expert is looking after your tires, maintaining the air pressure, checking the rims and upgrading the tire as the weather and the terrain changes; along with making sure that it is in the boot of your car. This would simplify and enhance your business, wouldn’t it?
How to Ensure That Your WordPress Backup Always Works
And, how can the SaaS model solve the issues mentioned above, for you?
When you get a subscription to a software, you are getting a service. A team of experts are managing and maintaining the software and the hardware. They are responsible for granting you access.
Let us clarify, SaaS doesn’t mean that there is no need to download and install a plugin. As in the case of BlogVault, the plugin can be very light as all the complexity sits on the provider’s server, where the heavy-lifting is done. For the user this means:
Zero-configuration: Install the plugin and it begins its work. You are ready to use BlogVault from the moment your subscription is active. The backup process starts automatically when you first login.
(This is the main reason this list is relatively short. Remember the long list of configuration issues with standalone backup plugins? Web-hosted software means, all of that responsibility for the managing the plugin and off-site storage is off your hands. Everything is covered for in the subscription.)
Lesser load on the site, better performance– Site performance and page load times are crucial to delivering good user experience cannot be overstated, as even marginal differences show measurable changes in results.
Rapid Updates: Updates happen mostly on the service provider’s server, reducing the frequency of updates required on your site.
Backups are safe even when your site is compromised: Backups; because they are completely independent of your website, are accessible even when your website is down. You don’t need to get your site running to access your backups.
Incremental Backups: This means large sites are also completely backed up without hassle. Backing up only the changes means faster and more efficient backups.
Expert Tech Support: A team of experts maintain the software and the hardware. You can not only count on tech support, but know that the team can be highly responsive as they are maintaining the backups themselves. This can help at times of Test Restore, Auto Restore and Migrations. For more on these features you can check out BlogVault.
Now you know the differences between SaaP and SaaS models in the context of WordPress Backup. Make an informed choice that gives you the most scope for developing your business, without adding to your task list or financial burden.
Testing WordPress backups is simply a necessary part of a good backup solution. However, testing multiple backup versions can be a technical and cumbersome. (Find out) How to best test WordPress backups?
When you have multiple backups, it’s important to test them.
The Problem: How Do You Know If Your Backups Work?
One of the most important tenets of a backup solution is the ability to test the backups. Backups serve one main purpose– restores. When your site goes down, the worst that can happen is that, at the time of restoring your site you find out that the backup is not proper.
The one way to avoid that problem is to regularly test your backups and to definitely test your backups before you restore them. The one reason why many may not venture to do it is simply because testing backups is not always easy.
Backups Can Go Wrong: Testing Backups is Important
Testing backups, however, is a very important part of having a robust backup solution. This is because, a number of things can and do go wrong with backups; and the consequence is that you cannot restore your site quickly and efficiently. What is the point of having a defunct spare tire when the tire on your car gets punctured?
Running out of storage space, leaving out necessary or important files are only some of the things which can affect your backups and eventually your site. When you use a backup solution; like a WordPress backup plugin, or the backups provided by your hosting service, you never really know if the backup contains all the files or even if the backups have happened correctly. You may say that you are getting notifications but that does is not the same as verifying that backups are occurring properly. Even when you download a backup it is generally in a .zip folder. How can you be sure that the .zip folder will function correctly once the backup is restored?
Restore Only After Testing WordPress Backups
Trust is a big aspect of online business. A survey says that 88% of respondents don’t trust sites that crash often; and only 12% of respondent will wait an additional 5 secs for your site to load. This means your restore must be quick and you should also be sure that your site will function correctly.
A WordPress site functions on a mixture of plugins and themes; together they form a precariously balanced ecosystem– your WordPress site. Many times, when something on your WordPress site is not functioning correctly it may not be a direct result of an update or a newly installed plugin. If it is so, then it is easy to pinpoint the problem. However, it is rarely that simple. Sometimes, the problem surfaces after a few days or even after a couple of weeks. Chances are that you have done a few changes to your site in that time.
Let us say that you have
Updated some plugins
Installed a new theme
Installed 2 new plugins
These changes are all spread over different versions over the last month. The challenge is to pinpoint the change which caused the issue. You can’t set up a separate environment to test all of the versions. It is simply not feasible. On the other hand if you restore without testing the probable backup versions you will end with the same problems as before.
The Challenge: Testing Backups is Technical & Laborious
To test backups you need an environment to which you can upload the backup and test it. This means you will need to:
Create a testing environment
Set up a new URL
Restore the backup to that environment
All of this is laborious and technical work. Engaging in this activity along with your everyday business is cumbersome. Even if you go through all the trouble and test your latest backup version. If that is not working as properly then you have to go down the list testing each version. This means you may not test your backups; or at least not test all the backup versions of your website. It is important to test all the backup versions because you never know which one you’ll need at the time of restoring your site. The more difficult a task gets the less we seem to engage in doing it.
Even if you’re willing to take on the task, there is one more point to consider. Once the testing is done you’ll need to find a way to get rid of this environment. Otherwise maintaining it will become another chore on your task list. This is not ideal.
The One-Click Solution
A backup solution must make it easy for you to test your backups instead of creating additional hassles. A solution which allows you to test backups must make it feasible to test multiple versions; and this is the marker of a good testing environment.
BlogVault offers the Test Restore functionality, an option to test any and all of your backups versions with a single click. An exact, fully functioning copy of the site is generated from the chosen backup version, and loaded to BlogVault’s test servers.
BlogVault maintains at least 30 versions of your WordPress site’s backup. You can choose any of those versions to ‘Test Restore’. Once the backup version is chosen it is loaded to Blogvault’s test servers.
In this environment you can not only test how your backup will work once it is restored but also test what happens if you make changes. After the backup is uploaded to BlogVault’s test servers, you’ll also receive the SFTP credentials to the ‘test site’. This way you can also test any updates or changes you want to make to that particular backup version. It is completely independent of your live site, and fully functioning. In other words, ideal testing conditions for your backups.
BlogVault’s Test Restore functionality is a pain-free solution.
Streamline Testing with Backup Descriptions
If you are using the BlogVault service then you can track the changes easily. Each backup version has a description. This allows you to know not only the date and time of the backup, but also what has changed in the site since the last backup. These changes may include
Number of files
Number of tables
Updates to plugins, themes, WP Core
New plugins or themes installed, etc.
You can possibly narrow down the backup versions to be tested. Once the shortlist is ready, you can then test them all; as mentioned, with a single click.
Daily backups offer a balance between minimizing data loss & minimizing load on server/site. Is it, however, the most optimum WordPress backup frequency for your WordPress site? Here’s what you need to know about the different methods; and the pros and cons of each of them.
Daily WordPress Backups
Who is it for?
Daily backups are a good option for sites which make numerous changes in a month. These may be blogs that predominantly have content additions everyday, or news/magazine sites which have scheduled daily updates.
Even if daily changes are not made to your site, daily backups may be worth considering. WordPress sites depend on plugins, and themes. As you well know updates to plugins and themes, along with updates to WordPress Core are very important for the sake of your site’s security, and functionality.
Updates are not released at the same time and different plugins and themes have to be updated regularly. While these updates are important, they are part of a complex mix of softwares that together form your WordPress site. If you make an update and the site crashes then it is easy to pinpoint the problem. Often this is not the case. Problems only surface days; maybe weeks after a handful of changes are made. In such cases identifying the issue is a laborious matter.
Performing daily backups ensures that such updates are also saved. You can then restore your site with minimal or no data loss, and figure out any issue affecting your website, later. When you restore your site, fewer of those updates have to be made to harden your site’s security. Otherwise, without those updates, even if you restore your site it may have many vulnerabilities putting you at constant risk.
Advantages of Daily Backups
Good backup solutions optimize between resources consumed and efficiency. Daily backups bring the following advantages:
Reduces data loss
Provides the option of multiple backup versions to test and restore
Requires least tinkering once restored – updates made to plugins and themes can be retained.
Methods for Making Daily Backups
You can make daily backups in a few different ways. While all the methods used to make daily backups will offer the above mentioned advantages, each method also brings its own challenges. Let us explore them one by one.
Manual Backups
Making manual backups of your WordPress site is an additional, laborious job to add to your everyday business task list. Remembering to make backups or taking out the time for it may not always be possible.
Securely storing backups is another issue that you are solely responsible for while making manual backups. HDDs or external HDDs or USB drives have been known to fail. Local storage devices, and the data stored in them can also become infected with malware.
Testing backups before restoring/migrating them can become a challenge when you are making manual backups and storing them locally.
Web Hosting Service
While many web hosting services offer backups and it is a seemingly convenient option, it is important to note that not all hosting services offer daily backups. Most of the time, premium web hosts like Flywheel, and WP Engine that do offer daily backups come at a premium price. Sometimes web hosts offer other backups solutions as add-ons and these come with additional costs.
A premium price tag may not be the only drawback when you choose your hosting service as your WordPress backup service. Backups with web hosts don’t have backup descriptions, which makes identifying and restoring the right version a very tedious process. Also, if your backups are stored by your web hosts then they might not be completely independent of your site. It means that your backups may be exposed to all the risks to which your site is exposed. For example, if your hosting service is hacked or the infrastructure is affected by a natural disaster, then chances are that along with your website, your backups are also lost. This is not an ideal way to store backups.
WordPress Backup Plugin
Some backup plugins are free and allow you to schedule your WordPress backups. While these plugins will help you perform daily backups, storage may be an added issue for you to consider. This is because not all plugins offer independent storage options. You can link your cloud storage account (for example, your Dropbox account) to these plugins. Doing so, however, usually means that the plugins store an API key of these accounts on your WordPress site. API keys are how the backup plugins communicate with your backup destination. However, it exposes backups to similar risks as your site. This may allow for your backups to be compromised when your site is hacked.
Backup plugins have to be installed on your site. If you lose access to your site for some reason then using the plugin to restore your site is not possible.
Tip: If you decide to use a WordPress backup plugin it may become important for you to track your WordPress site’s traffic. Backups can be resource intensive and making a backup when most visitors come to your site might slow the site and spoil the user experience.
WordPress Backup Service
A WordPress backup service offers a more complete backups solution. Backup services perform incremental backups and automatically upload backups to completely independent storage.
Incremental backups mean that only those parts of the site which have changed since the last backup are stored. This means that you do not have to worry about large sites not getting backed up, or about forgetting to perform backups.
Backup storage comes as part of the service and you do not have risk using your personal accounts. Backup services also offer simplified processes for restoring and migrating your site. BlogVault offers you a one-click, test restore option which allows you test your sites on an automatically generated staging environment, before restoring them.
Choosing a WordPress backup frequency and solution for your site depends on a few factors– budget, frequency of changes to the site, time available, and the size of the site. There is a case to be made for daily backups as the most optimum frequency for most sites, barring sites with a high frequency of changes like e-commerce or news sites, (which might need solutions providing real-time backups instead). Knowing the advantages and challenges with making daily backups can help you make an informed decision.
Frequent WordPress backups can minimize data loss and thereby greatly help your business. However, they can be resource-intensive and affect your WordPress site performance, if not done right.
Frequent backups present some obvious advantages which are particularly important for WordPress (WP) sites. Content creation takes some planning, effort and resources. Losing such content may become a major setback for your website. Daily backups minimize data loss in such cases.
Finding secure storage solutions is a real challenge with frequent WordPress backups.
WordPress sites are dependent on many third party plugins and themes. WordPress site owners are always running the risk of installing software that is not compatible with other plugins or themes on the site or installing those which may have some vulnerabilities. The risk of losing data from frequent updates and third-party software vulnerabilities is mitigated to a degree by having up-to-date backups.
Advantages of Frequent Backups
Minimize data loss
Reduce downtime
Retain updates & functionalities on WP sites
What are Frequent Backup Options?
Of course real-time backups is the best solution to achieve the goals stated above. Hourly/Daily backups may be the most frequent options apart from that.
Challenges with Frequent Backups
Higher frequency of performing backups brings its own complications. Backing up sites not only makes demands on your server resources but also brings up the issue of secure storage of the backups made. To add to the list of issues to consider, tracking whether backups have happened correctly and what has been backed up is not always easy.
Backups are Complicated
We have been in the business of premium WordPress backup service for over five years now. A number of things can, and do go wrong with backups. Sometimes when someone opts to backup their site manually, it is as simple as forgetting to perform frequent backups.
Often, WordPress site owners don’t know if backups are happening according to plan. Sometimes not all files are backed up.
In cases where site owners may have backups, restoring sites may not be easy. At other times, site owners who are relying on backups by web hosting services may not be fully aware of backup & storage policies. As a result, there have been times when WordPress site owners find out that there may not be any backups when they need it the most.
Resource Intensive
Increased load on your server resources could lead to an increased site load time or pages crashing. Otherwise, the user experience of visitors to your site may be spoiled because certain elements in the site may not function as intended.
Large Sites Offer Their Own Problems
Backing up larger sites takes more time & more resources. In such cases it is possible that certain sites may not get backed up at all. This is because hosting services; especially on shared hosting, have policies about the time, and the server-resources that a particular task can take. In such cases although you may have employed a backup solution, your site may have not been backed up at all, or may have been backed up incompletely. In both cases, restoring the site is not possible.
Storage Space & Security
Frequent backups lead to multiple copies. Storing these copies securely can be a challenge. Storing backups on your own Dropbox accounts or local storage devices like your PC’s hard drive (HDD) or USB drive is not recommended.
Backups stored locally can become infected with malware as you are constantly browsing and downloading files. Also, HDDS or USB drives have been known to crash. This doesn’t even account for the risks associated with accidents and natural disasters.
Storage may drive up the cost of storing backups as you may have to invest in independent storage solutions.
In all the above cases the real risk is that eventually when you need to restore your site you may not have backups, have incomplete or infected backup files. This is not the optimal scenario for your business. Probably a good way to evaluate a backup solution is to list some scenarios in which you would need to rely on backups, and see if the backup solution in question will give you access to backups and allow you to restore your WordPress site.
The Answer?: Backup Service as a Solution
A WordPress backup service like BlogVault will not only take care of storage space and security but make incremental backups. This intelligent approach ensures that even large sites on shared hosting can be completely backed up. Apart from this backups services may also eliminate cache and log files from backups, thereby reducing problems at the time of restores. All of this is done automatically, thereby eliminating the human errors so that you can go about your business without worry.
With a WordPress backup service restoring your site is always the goal. When the time comes you will have multiple backups versions; securely stored, from which you can choose. You can also automatically restore your site with a single-click. Of, course a backup service comes with a more premium price tag but with the price you’ll have backups with best practices at your disposal.
Over the past few months, we’ve been working on a number of changes at BlogVault. Not only do we have an improved UI, we’ve also got a bunch of new features that are bound to make managing your WordPress site a lot easier, and secure.
BlogVault has got a new dashboard that is better in every way, from allowing users to access our features for intuitively, to providing more than just backups.
Let’s take a look at a few of the changes, shall we?
Your BlogVault dashboard now has two major areas:
Site Listing
Site Details
Each area has specific functions, and together provide:
Ease of Use
BlogVault’s new site listing feature helps you see all the sites you’ve added to your BlogVault dashboard. From this part of the dashboard, you can filter sites based on their status:
‘Active’ sites are those that have the BlogVault plugin installed on them, and use the plugin regularly.
‘No Plugin’ sites are those added to your dashboard but haven’t got the BlogVault plugin installed. (This could also be because of a problem during installation.)
Sites that are ‘Unreachable’ are those that have the plugin installed, but our servers are unable to reach, due to a connectivity error, or probably due to firewall or network settings.
‘Hacked’ sites are those that the BlogVault plugin has detected malicious files on.
We built in this categorization of sites to help you see exactly what’s going on with your sites at a glance. Moreover, the Site Listing page also allows you to find a particular site, based on tags that they might have (more on this later).
Easier Account Control
With our revamp, we’ve also changed your account and billing settings so they’re easier for you to manage.
Everything related to your BlogVault account is easily accessible, and easily changeable too from the ‘My Account’ drop-down. You can change anything about your account, from your email address to the BlogVault subscription plan you’re on.
Your profile on the BlogVault dashboard gives you important details at a glance.
Optimized for Teams
This brings us to our other new addition: the option to add team members to your BlogVault account. Our new Account settings allows you to manage a team that can handle every aspect of backup, management and security of the sites linked to the BlogVault account.
BlogVault’s new dashboard is optimized so you and your team can manage and secure sites.
New, Improved Features
BlogVault now comes as a comprehensive package that allows our customers to backup, manage and secure their websites in every way. All you have to do, is to click on any one active site from your Site Listing page.
As you can see, we offer you WordPress backups, but also management and security settings that help you manage and secure your WordPress site. While the old UI allowed you to see all the features on the right in a sidebar, we’ve revamped BlogVault to let you to see it all under each option (Backup/Management/Security).
Backup features
Our backup features have always been functional enough to rely on completely, but with our new UI, they’re more accessible, and easier to use.
Backup features on the new BlogVault dashboard
History
The History tab has been given a full revamp, and allows you to see the last 30 backups made of your site more clearly. You can see exactly what happened with each backup, and add notes more easily as well.
Again, as you can see, you can select any backup version you have and choose to migrate, test restore, or automatically restore from it. You can also upload any version to Dropbox, or add a notes to help you differentiate versions.
Download Backup / Upload Backup
Both ‘Download Backup’ and ‘Upload to Dropbox’ options are very different functions, but have a single form, that requires the following:
The backup version you would like to download (or upload from)
Your site’s database credentials
Your hosting server’s credentials (which come under Advanced Options, along with the next option)
A choice of whether you’d like to store either tables and files, only tables, or only files from your WordPress site
There is also a section that requires your HTTP Authentication credentials, which are your WordPress site’s credentials.
Both ‘Upload to Dropbox’ and ‘Download backup’ functions use the same form
Migrate
The ‘Migrate’ option allows you to easily move all your site’s content and functionality to a different domain name or a different hosting service. All you require for this option, are the FTP credentials of the new site/domain/hosting service you’d like to move to.
Migrating with the new dashboard (the Auto Restore and Migrate features use the same form)
Auto Restore
Perfect for when your site suddenly goes down, the ‘Auto Restore’ backup option has the same form to fill up, except that it requires the FTP credentials of the site you’d like to restore (which is your current site).
As you can see from the previous screenshot, we’ve also got a handy FAQ section on the right for all migration and auto restore- related FTP questions, so you have all the answers at your fingertips.
Test Restore
This option creates a test-environment (a replica), based on the latest backup version of your site, complete with the links, videos, images, and everything else on your site. You can click on these links, and they’ll work like they would on your site. Once BlogVault is done creating this test-version of your site, we mail you the link you can access it on, along with its FTP details, so you can experiment and see if you want to make any changes to your site.
If you’d like to make a Test-Restore of a different backup version of your site, you’ll have to go to the History tab, select the desired backup version, and then restore from it.
You can perform a Test Restore with a single click
Backup Now
BlogVault automatically backups your WordPress site every 24 hours, but if the backup schedule is just too far away (such as when you want to make an instrumental change but want to make a backup just before), this option comes in handy.
The Backup Now option also shows up on the Management and Security functionalities (just look for the following icon):
This allows you to backup your site before making any changes to it.
Management Features
From allowing you to manage your WordPress site’s users to helping you update the plugins and themes on your site, the Management feature allows you to manage your WordPress site to be secure against threats.
The Management features now available on your BlogVault dashboard
Manage Plugins
You can manage all the plugins and themes installed on your WordPress site from this option. This means you can see the version you have of each, as well as whether to update specific add-ons, or all of them.
Manage Users
With the ‘Manage Users’ option, you can remotely delete, or change the role or password of those who have access to the site, without having to log in to your WordPress site’s dashboard.
Managing your WordPress site’s users with the BlogVault dashboard
Security Features
We also have a Security feature that allows you to harden your site and clean your site of malware. The Security feature helps you harden your WordPress site, as well as to clean malware and hacked files with a single click. Moreover, since our scanner is built to be accurate and intelligent, it detects the most complex hacks, without raising false alarms, or alerting you of ‘possible hacks’.
The Security features on the BlogVault dashboard let you harden your site against future attacks, lets you see hacked files when you have a hack, Auto Clean with a single click, scan your site whenever you want
Secure Site
The BlogVault dashboard now features hardening settings under the ‘Secure Site’ feature. These are settings recommended by WordPress, that help make your site more secure against hacks. We’ve categorised these settings into two sections: Basic, and Advanced.
Here is a look at some of the basic security fixes:
Basic Secure Site settings
The advanced security fixes require some caution though– even if they can’t break your site, you won’t be able to install new plugins or themes on your site if you have them enabled.
Advanced Secure Site settings
The convenient thing about these settings though, is that to enable (or disable) these settings, you have to only select the ones you’d like to enforce or remove, enter your WordPress site’s FTP credentials, and select the folder that your WordPress site is installed from.
Hacked Files
This option only appears when you have a hack on your WordPress site. It identifies the hacked file for you and pinpoints it, so you can look specifically at that one file, if you want to. If you’d rather just clean out the hack with a single click, you can do so by clicking on the ‘Auto Clean’ button.
Auto Clean
Another feature that only appears when you have a hack, the Auto Clean function helps you remove malicious code on your site with a single click. Since we’ve built our cleaner to even identify complex hacks, you can choose to remove them immediately, without technical assistance.
Once you click on the Auto Clean function, you are taken to the form asking for your WordPress site’s FTP details.
Clicking on the ‘Auto Clean’ button takes you to the same FTP form that appeared for ‘Migrate’ and ‘Auto Restore’
Once you enter your WordPress site’s FTP details, your site will be cleaned.
Scan now
One of the most revolutionary additions to our dashboard, the ‘Scan Now’ feature allows you to scan your site for hacks at any given point of time. Our malware scanner looks for hacks based on the actions the code performs, rather than signatures, or keywords. So no more backdoors, or recurring hacks. Before scanning your site, we run a backup so you always have the latest version of your site to fall back on.
When you click on ‘Scan Now’, the dashboard backs up your WordPress site
Better Navigation
We’ve tried to make the new dashboard as functional as possible. One of the steps we’ve taken in this direction, is the addition of ‘Quick Links’ that help you download backups, migrate backups to a new location, or restore it with a click. This section also has ‘Resources’, which help give you a quick snapshot of everything you need to know about your WordPress site. Perfect for emergencies, the icons for these functions, and the information related to your site, are right under your site’s thumbnail, on the Site Details page.
Features and information on the left for better, easier navigation
Since these features are in-built into BlogVault’s dashboard, we backup your site automatically before making any changes to your WordPress site. This makes it a comprehensive solution to help you manage your site in the most secure way possible. BlogVault has always been focused on giving our customers the best experience, in the most reliable, sensible way, and we hope you’ll find our new makeover to be as practical as we intended it to be.
If you’ve got questions about the new dashboard, or suggestions, do reach out to us here.
Frequent WordPress backups contribute greatly towards efficient your WordPress restores. The battle is between resource consuming hourly backups and infrequent backups which increase the risk of data loss. Do you know what is the right answer?
The frequency of WordPress backups is a much-discussed topic. At BlogVault we believe that ideally, WordPress sites must be backed up at least once a day. This is a logical idea when you consider that all backups are meant for recovering your site. This means you want to minimize data loss, when you restore your WordPress site.
Daily backups, however, is not a ‘golden frequency’. Different types of sites require backups to be made at different frequencies. Daily backups strike a balance between minimizing data loss and not consuming too many resources of your WordPress site’s servers. Backing up more frequently, however; especially when done inefficiently, may affect your site’s performance. On the other hand, backing up infrequently, like on a weekly/monthly backup schedule may mean that you lose substantial amount of data.
WordPress Backup Frequency
Why Make Daily Backups?
We mentioned that daily backups ensure that updates to all the posts and pages of your site are saved. WordPress users who manage smaller sites may feel that daily backups are not as important. This may be because the website is not updated with new content. However, we have to remember that WordPress sites are run on plugins and themes which are updated often. Older backups will not contain these updates and restoring them is not very efficient. This can also cause security concerns as plugin and theme updates include security updates too.
Restoring from Older WordPress Backups
If older backups are restored, then you may have to go back and update all the plugins, themes and may be even WordPress core. This may not be feasible in case you own multiple sites or have many plugins and and themes on your site.
Also, backups bring up compatibility issues. In case you restore older backups, then you can only test these issues after the site has been restored and the updates are made. However, the more recent the backup, the easier it is to test for functionality. Of course, with a WordPress backup service like BlogVault you can test your backups with a single click.
What Type of WordPress Site Do You Have?
E-commerce sites & Popular Blogs
While daily backups are a great option, for e-commerce and popular blogs it still may not be enough. For e-commerce sites, it is crucial to track transactions, data on pending orders, and the delivery status of orders with utmost immediacy. For popular blogs, comments and content can be generated very regularly; and this includes news sites. In such cases, real-time backups is the answer.
Real-time Backups for WordPress Sites
Backups in real-time are meant to save every change as soon as the changes are made, (or at least as quickly as possible). The concern with this is of course the effect on WordPress site-performance. However, when done right, real-time WordPress backups can be a comprehensive solution.
Real-time backup solutions for WordPress sites track changes and backup only those changes to the site as quickly as possible. Since only the changes are backed up, even large sites with frequent updates and changes can be completely backed up without affecting site performance. However, there are different methods to achieve this result and results vary depending on how effectively your backup plugin does the job.
Frequency is Key to Having Secure WordPress Backups
If backups do not allow you to make efficient restores then the point has been missed. Making daily or real-time backups are key to having functional backups which are ready for restores. A WordPress backup service, can allow you to not only automate the frequency of your backups; but also ensure that your backups follow other best practices of WordPress backups as well.
About Blogvault
Blogvault was started by Akshat
Choudhary in 2007. Based out of
Bangalore, India, we are a complete
backup service with over 10,000
customers from across the world.
Sign In
Sign Up
