Daily backups offer a balance between minimizing data loss & minimizing load on server/site. Is it, however, the most optimum WordPress backup frequency for your WordPress site? Here’s what you need to know about the different methods; and the pros and cons of each of them.

 

Daily backups are the most practical backup frequency for a majority of WordPress sites that have scheduled updates every day.

 

Daily WordPress Backups

Who is it for?

Daily backups are a good option for sites which make numerous changes in a month. These may be blogs that predominantly have content additions everyday, or news/magazine sites which have scheduled daily updates.

Even if daily changes are not made to your site, daily backups may be worth considering. WordPress sites depend on plugins, and themes. As you well know updates to plugins and themes, along with updates to WordPress Core are very important for the sake of your site’s security, and functionality.

Updates are not released at the same time and different plugins and themes have to be updated regularly. While these updates are important, they are part of a complex mix of softwares that together form your WordPress site. If you make an update and the site crashes then it is easy to pinpoint the problem. Often this is not the case. Problems only surface days; maybe weeks after a handful of changes are made. In such cases identifying the issue is a laborious matter.

Performing daily backups ensures that such updates are also saved. You can then restore your site with minimal or no data loss, and figure out any issue affecting your website, later. When you restore your site, fewer of those updates have to be made to harden your site’s security. Otherwise, without those updates, even if you restore your site it may have many vulnerabilities putting you at constant risk.

 

Advantages of Daily Backups

Good backup solutions optimize between resources consumed and efficiency. Daily backups bring the following advantages:

  • Reduces data loss
  • Provides the option of multiple backup versions to test and restore
  • Requires least tinkering once restored – updates made to plugins and themes can be retained.

 

Methods for Making Daily Backups

You can make daily backups in a few different ways. While all the methods used to make daily backups will offer the above mentioned advantages, each method also brings its own challenges. Let us explore them one by one.

Manual Backups

Making manual backups of your WordPress site is an additional, laborious job to add to  your everyday business task list. Remembering to make backups or taking out the time for it may not always be possible.

Securely storing backups is another issue that you are solely responsible for while making manual backups. HDDs or external HDDs or USB drives have been known to fail. Local storage devices, and the data stored in them can also become infected with malware.

Testing backups before restoring/migrating them can become a challenge when you are making manual backups and storing them locally.

Web Hosting Service

While many web hosting services offer backups and it is a seemingly convenient option, it is important to note that not all hosting services offer daily backups. Most of the time, premium web hosts like Flywheel, and WP Engine that do offer daily backups come at a premium price. Sometimes web hosts offer other backups solutions as add-ons and these come with additional costs.

A premium price tag may not be the only drawback when you choose your hosting service as your WordPress backup service. Backups with web hosts don’t have backup descriptions, which makes identifying and restoring the right version a very tedious process. Also, if your backups are stored by your web hosts then they might not be completely independent of your site. It means that your backups may be exposed to all the risks to which your site is exposed. For example, if your hosting service is hacked or the infrastructure is affected by a natural disaster, then chances are that along with your website, your backups are also lost. This is not an ideal way to store backups.

WordPress Backup Plugin

Some backup plugins are free and allow you to schedule your WordPress backups. While these plugins will help you perform daily backups, storage may be an added issue for you to consider. This is because not all plugins offer independent storage options. You can link your cloud storage account (for example, your Dropbox account) to these plugins. Doing so, however, usually means that the plugins store an API key of these accounts on your WordPress site. API keys are how the backup plugins communicate with your backup destination. However, it exposes backups to similar risks as your site. This may allow for your backups to be compromised when your site is hacked.

Backup plugins have to be installed on your site. If you lose access to your site for some reason then using the plugin to restore your site is not possible.

Tip: If you decide to use a WordPress backup plugin it may become important for you to track your WordPress site’s traffic. Backups can be resource intensive and making a backup when most visitors come to your site might slow the site and spoil the user experience.

WordPress Backup Service

A WordPress backup service offers a more complete  backups solution. Backup services perform incremental backups and automatically upload backups to completely independent storage.

Incremental backups mean that only those parts of the site which have changed since the last backup are stored. This means that you do not have to worry about large sites not getting backed up, or about forgetting to perform backups.

Backup storage comes as part of the service and you do not have risk using your personal accounts. Backup services also offer simplified processes for restoring and migrating your site. BlogVault offers you a one-click, test restore option which allows you test your sites on an automatically generated staging environment, before restoring them.

 

Choosing a WordPress backup frequency and solution for your site depends on a few factors– budget, frequency of changes to the site, time available, and the size of the site. There is a case to be made for daily backups as the most optimum frequency for most sites, barring sites with a high frequency of changes like e-commerce or news sites, (which might need solutions providing real-time backups instead). Knowing the advantages and challenges with making daily backups can help you make an informed decision.

 

Frequent WordPress backups can minimize data loss and thereby greatly help your business. However, they can be resource-intensive and affect your WordPress site performance, if not done right.  

Frequent backups present some obvious advantages which are particularly important for WordPress (WP) sites. Content creation takes some planning, effort and resources. Losing such content may become a major setback for your website. Daily backups minimize data loss in such cases.

Finding secure storage solutions is a real challenge with frequent WordPress backups.
Finding secure storage solutions is a real challenge with frequent WordPress backups.

WordPress sites are dependent on many third party plugins and themes. WordPress site owners are always running the risk of installing software that is not compatible with other plugins or themes on the site or installing those which may have some vulnerabilities. The risk of losing data from frequent updates and third-party software vulnerabilities is mitigated to a degree by having up-to-date backups.

 

Advantages of Frequent Backups

  • Minimize data loss
  • Reduce downtime
  • Retain updates & functionalities on WP sites

 

What are Frequent Backup Options?

Of course real-time backups is the best solution to achieve the goals stated above. Hourly/Daily backups may be the most frequent options apart from that.

 

Challenges with Frequent Backups

Higher frequency of performing backups brings its own complications. Backing up sites not only makes demands on your server resources but also brings up the issue of secure storage of the backups made. To add to the list of issues to consider, tracking whether backups have happened correctly and what has been backed up is not always easy.

 

Backups are Complicated

We have been in the business of premium WordPress backup service for over five years now. A number of things can, and do go wrong with backups. Sometimes when someone opts to backup their site manually, it is as simple as forgetting to perform frequent backups.

Often, WordPress site owners don’t know if backups are happening according to plan. Sometimes not all files are backed up.

In cases where site owners may have backups, restoring sites may not be easy. At other times, site owners who are relying on backups by web hosting services may not be fully aware of backup & storage policies. As a result, there have been times when WordPress site owners find out that there may not be any backups when they need it the most.

 

Resource Intensive

Increased load on your server resources could lead to an increased  site load time or pages crashing. Otherwise, the user experience of visitors to your site may be spoiled because certain elements in the site may not function as intended.

 

Large Sites Offer Their Own Problems

 

Backing up larger sites takes more time & more resources. In such cases it is possible that certain sites may not get backed up at all. This is because hosting services; especially on shared hosting, have policies about the time, and the server-resources that a particular task can take. In such cases although you may have employed a backup solution, your site may have not been backed up at all, or may have been backed up incompletely. In both cases, restoring the site is not possible.

 

Storage Space & Security

Frequent backups lead to multiple copies. Storing these copies securely can be a challenge. Storing backups on your own Dropbox accounts or local storage devices like your PC’s hard drive (HDD) or USB drive is not recommended.

Backups stored locally can become infected with malware as you are constantly browsing and downloading files. Also, HDDS or USB drives have been known to crash. This doesn’t even account for the risks associated with accidents and natural disasters.

Storage may drive up the cost of storing backups as you may have to invest in independent storage solutions.
In all the above cases the real risk is that eventually when you need to restore your site you may not have backups, have incomplete or infected backup files. This is not the optimal scenario for your business. Probably a good way to evaluate a backup solution is to list some scenarios in which you would need to rely on backups, and see if the backup solution in question will give you access to backups and allow you to restore your WordPress site.

 

The Answer?: Backup Service as a Solution

A WordPress backup service like BlogVault will not only take care of storage space and security but make incremental backups. This intelligent approach ensures that even large sites on shared hosting can be completely backed up. Apart from this backups services may also eliminate cache and log files from backups, thereby reducing problems at the time of restores. All of this is done automatically, thereby eliminating the human errors so that you can go about your business without worry.

 

With a WordPress backup service restoring your site is always the goal. When the time comes you will have multiple backups versions; securely stored, from which you can choose. You can also automatically restore your site with a single-click. Of, course a backup service comes with a more premium price tag but with the price you’ll have backups with best practices at your disposal.

 

Over the past few months, we’ve been working on a number of changes at BlogVault. Not only do we have an improved UI, we’ve also got a bunch of new features that are bound to make managing your WordPress site a lot easier, and secure.  

BlogVault has got a new dashboard that is better in every way, from allowing users to access our features for intuitively, to providing more than just backups.

Let’s take a look at a few of the changes, shall we?

Your BlogVault dashboard now has two major areas:

  1. Site Listing
  2. Site Details

Each area has specific functions, and together provide:

Ease of Use

BlogVault’s new site listing feature helps you see all the sites you’ve added to your BlogVault dashboard. From this part of the dashboard, you can filter sites based on their status:

 

The BlogVault dashboard's Site listing page

 

‘Active’ sites are those that have the BlogVault plugin installed on them, and use the plugin regularly.

‘No Plugin’ sites are those added to your dashboard but haven’t got the BlogVault plugin installed. (This could also be because of a problem during installation.)

Sites that are ‘Unreachable’ are those that have the plugin installed, but our servers are unable to reach, due to a connectivity error, or probably due to firewall or network settings.

‘Hacked’ sites are those that the BlogVault plugin has detected malicious files on.

We built in this categorization of sites to help you see exactly what’s going on with your sites at a glance. Moreover, the Site Listing page also allows you to find a particular site, based on tags that they might have (more on this later).

 

Easier Account Control

With our revamp, we’ve also changed your account and billing settings so they’re easier for you to manage.

 

The 'My Account' drawer opens up all the details related to your dashboard and subscription, easily.

 

Everything related to your BlogVault account is easily accessible, and easily changeable too from the ‘My Account’ drop-down. You can change anything about your account, from your email address to the BlogVault subscription plan you’re on.

Your profile on the BlogVault dashboard
Your profile on the BlogVault dashboard gives you important details at a glance.

 

Optimized for Teams

This brings us to our other new addition: the option to add team members to your BlogVault account. Our new Account settings allows you to manage a team that can handle every aspect of backup, management and security of the sites linked to the BlogVault account.

 

BlogVault's new dashboard is optimized so you and your team can manage and secure sites.
BlogVault’s new dashboard is optimized so you and your team can manage and secure sites.

New, Improved Features

BlogVault now comes as a comprehensive package that allows our customers to backup, manage and secure their websites in every way. All you have to do, is to click on any one active site from your Site Listing page.

 

The BlogVault dashboard gives you a plethora of options to help you manage and secure your site too!

 

As you can see, we offer you WordPress backups, but also management and security settings that help you manage and secure your WordPress site. While the old UI allowed you to see all the features on the right in a sidebar, we’ve revamped BlogVault to let you to see it all under each option (Backup/Management/Security).

Backup features

Our backup features have always been functional enough to rely on completely, but with our new UI, they’re more accessible, and easier to use.

 

Backup features on the new BlogVault dashboard
Backup features on the new BlogVault dashboard

History

The History tab has been given a full revamp, and allows you to see the last 30 backups made of your site more clearly. You can see exactly what happened with each backup, and add notes more easily as well.

 

backup_2_history_

 

 

Again, as you can see, you can select any backup version you have and choose to migrate, test restore, or automatically restore from it. You can also upload any version to Dropbox, or add a notes to help you differentiate versions.

Download Backup / Upload Backup

Both ‘Download Backup’ and ‘Upload to Dropbox’ options are very different functions, but have a single form, that requires the following:

  1. The backup version you would like to download (or upload from)
  2. Your site’s database credentials
  3. Your hosting server’s credentials (which come under Advanced Options, along with the next option)
  4. A choice of whether you’d like to store either tables and files, only tables, or only files from your WordPress site

There is also a section that requires your HTTP Authentication credentials, which are your WordPress site’s credentials.

 

Both 'Upload to Dropbox' and 'Download backup' functions use the same form
Both ‘Upload to Dropbox’ and ‘Download backup’ functions use the same form

 

Migrate

The ‘Migrate’ option allows you to easily move all your site’s content and functionality to a different domain name or a different hosting service. All you require for this option, are the FTP credentials of the new site/domain/hosting service you’d like to move to.

 

Migrating with the new dashboard (the Auto Restore and Migrate features use the same form)
Migrating with the new dashboard (the Auto Restore and Migrate features use the same form)

 

Auto Restore

Perfect for when your site suddenly goes down, the ‘Auto Restore’ backup option has the same form to fill up, except that it requires the FTP credentials of the site you’d like to restore (which is your current site).

As you can see from the previous screenshot, we’ve also got a handy FAQ section on the right for all migration and auto restore- related FTP questions, so you have all the answers at your fingertips.

Test Restore

This option creates a test-environment (a replica), based on the latest backup version of your site, complete with the links, videos, images, and everything else on your site. You can click on these links, and they’ll work like they would on your site. Once BlogVault is done creating this test-version of your site, we mail you the link you can access it on, along with its FTP details, so you can experiment and see if you want to make any changes to your site.

If you’d like to make a Test-Restore of a different backup version of your site, you’ll have to go to the History tab, select the desired backup version, and then restore from it.

You can perform a Test Restore with a single click
You can perform a Test Restore with a single click

 

Backup Now

BlogVault automatically backups your WordPress site every 24 hours, but if the backup schedule is just too far away (such as when you want to make an instrumental change but want to make a backup just before), this option comes in handy.

The Backup Now option also shows up on the Management and Security functionalities (just look for the following icon):

Backup Now icon

This allows you to backup your site before making any changes to it.

 

Management Features

From allowing you to manage your WordPress site’s users to  helping you update the plugins and themes on your site, the Management feature allows you to manage your WordPress site to be secure against threats.

 

The Management features now available on your BlogVault dashboard
The Management features now available on your BlogVault dashboard

 

Manage Plugins

You can manage all the plugins and themes installed on your WordPress site from this option. This means you can see the version you have of each, as well as whether to update specific add-ons, or all of them.

Manage Users

With the ‘Manage Users’ option, you can remotely delete, or change the role or password of those who have access to the site, without having to log in to your WordPress site’s dashboard.

 

Managing your WordPress site's users with the BlogVault dashboard
Managing your WordPress site’s users with the BlogVault dashboard

 

Security Features

We also have a Security feature that allows you to harden your site and clean your site of malware. The Security feature helps you harden your WordPress site, as well as to clean malware and hacked files with a single click. Moreover, since our scanner is built to be accurate and intelligent, it detects the most complex hacks, without raising false alarms, or alerting you of ‘possible hacks’.

 

The Security features on the BlogVault dashboard: When you have a hack on your site, it lets you see the files, Auto Clean with a single click, and harden your site so it's more secure
The Security features on the BlogVault dashboard let you harden your site against future attacks, lets you see hacked files when you have a hack, Auto Clean with a single click, scan your site whenever you want

 

Secure Site

The BlogVault dashboard now features hardening settings under the ‘Secure Site’ feature. These are settings recommended by WordPress, that help make your site more secure against hacks. We’ve categorised these settings into two sections: Basic, and Advanced.

Here is a look at some of the basic security fixes:

 

Basic Secure Site settings
Basic Secure Site settings

 

The advanced security fixes require some caution though– even if they can’t break your site, you won’t be able to install new plugins or themes on your site if you have them enabled.

 

Advanced and Paranoid Secure Site settings
Advanced Secure Site settings

 

The convenient thing about these settings though, is that to enable (or disable) these settings, you have to only select the ones you’d like to enforce or remove, enter your WordPress site’s FTP credentials, and select the folder that your WordPress site is installed from.

Hacked Files

This option only appears when you have a hack on your WordPress site. It identifies the hacked file for you and pinpoints it, so you can look specifically at that one file, if you want to. If you’d rather just clean out the hack with a single click, you can do so by clicking on the ‘Auto Clean’ button.

 

When you click on 'Hacked Files', a list of just the hacked files appears. You can choose to clean them automatically by clicking on the 'Auto Clean' button.

 

Auto Clean

Another feature that only appears when you have a hack, the Auto Clean function helps you remove malicious code on your site with a single click. Since we’ve built our cleaner to even identify complex hacks, you can choose to remove them immediately, without technical assistance.

Once you click on the Auto Clean function, you are taken to the form asking for your WordPress site’s FTP details.

 

Clicking on the 'Auto Clean' button takes you to the same FTP form that appeared for 'Migrate' and 'Auto Restore'
Clicking on the ‘Auto Clean’ button takes you to the same FTP form that appeared for ‘Migrate’ and ‘Auto Restore’

 

Once you enter your WordPress site’s FTP details, your site will be cleaned.

Scan now

One of the most revolutionary additions to our dashboard, the ‘Scan Now’ feature allows you to scan your site for hacks at any given point of time. Our malware scanner looks for hacks based on the actions the code performs, rather than signatures, or keywords. So no more backdoors, or recurring hacks. Before scanning your site, we run a backup so you always have the latest version of your site to fall back on.

 

 

When you click on 'Scan Now', the dashboard backs up your WordPress site
When you click on ‘Scan Now’, the dashboard backs up your WordPress site

 

Better Navigation

We’ve tried to make the new dashboard as functional as possible. One of the steps we’ve taken in this direction, is the addition of ‘Quick Links’ that help you download backups, migrate backups to a new location, or restore it with a click. This section also has ‘Resources’, which help give you a quick snapshot of everything you need to know about your WordPress site. Perfect for emergencies, the icons for these functions, and the information related to your site, are right under your site’s thumbnail, on the Site Details page.

 

Features and information on the left for better, easier navigation
Features and information on the left for better, easier navigation

 

Since these features are in-built into BlogVault’s dashboard, we backup your site automatically before making any changes to your WordPress site. This makes it a comprehensive solution to help you manage your site in the most secure way possible. BlogVault has always been focused on giving our customers the best experience, in the most reliable, sensible way, and we hope you’ll find our new makeover to be as practical as we intended it to be.

If you’ve got questions about the new dashboard, or suggestions, do reach out to us here.

 

Frequent WordPress backups contribute greatly towards efficient your WordPress restores. The battle is between resource consuming hourly backups and infrequent backups which increase the risk of data loss. Do you know what is the right answer?

The frequency of WordPress backups is a much-discussed topic. At BlogVault we believe that ideally, WordPress sites must be backed up at least once a day. This is a logical idea when you consider that all backups are meant for recovering your site. This means you want to minimize data loss, when you restore your WordPress site.

Daily backups, however, is not a ‘golden frequency’. Different types of sites require backups to be made at different frequencies. Daily backups strike a balance between minimizing data loss and not consuming too many resources of your WordPress site’s servers. Backing up more frequently, however; especially when done inefficiently, may affect your site’s performance. On the other hand, backing up infrequently, like on a weekly/monthly backup schedule may mean that you lose substantial amount of data.

 

How frequently do you backup your WordPress site?

 

WordPress Backup Frequency

 

Why Make Daily Backups?

We mentioned that daily backups ensure that updates to all the posts and pages of your site are saved. WordPress users who manage smaller sites may feel that daily backups are not as important. This may be because the website is not updated with new content. However, we have to remember that WordPress sites are run on plugins and themes which are updated often. Older backups will not contain these updates and restoring them is not very efficient. This can also cause security concerns as plugin and theme updates include security updates too.

 

Restoring from Older WordPress Backups

If older backups are restored, then you may have to go back and update all the plugins, themes and may be even WordPress core. This may not be feasible in case you own multiple sites or have many plugins and and themes on your site.

Also, backups bring up compatibility issues. In case you restore older backups, then you can only test these issues after the site has been restored and the updates are made. However, the more recent the backup, the easier it is to test for functionality. Of course, with a WordPress backup service like BlogVault you can test your backups with a single click.

 

What Type of WordPress Site Do You Have?

 

E-commerce sites & Popular Blogs

While daily backups are a great option, for e-commerce and popular blogs it still may not be enough. For e-commerce sites, it is crucial to track transactions, data on pending orders, and the delivery status of orders with utmost immediacy. For popular blogs, comments and content can be generated very regularly; and this includes news sites. In such cases, real-time backups is the answer.

 

Real-time Backups for WordPress Sites

Backups in real-time are meant to save every change as soon as the changes are made, (or at least as quickly as possible). The concern with this is of course the effect on WordPress site-performance. However, when done right, real-time WordPress backups can be a comprehensive solution.

Real-time backup solutions for WordPress sites track changes and backup only those changes to the site as quickly as possible. Since only the changes are backed up, even large sites with frequent updates and changes can be completely backed up without affecting site performance. However, there are different methods to achieve this result and results vary depending on how effectively your backup plugin does the job.

 

Frequency is Key to Having Secure WordPress Backups

If backups do not allow you to make efficient restores then the point has been missed. Making daily or real-time backups are key to having functional backups which are ready for restores. A WordPress backup service, can allow you to not only automate the frequency of your backups; but also ensure that your backups follow other best practices of WordPress backups as well.

 

Making WordPress backups with your WordPress hosting service seems like a convenient option. Here’s what you should know about backing up with your web host(s) and why you shouldn’t do it.

Making WordPress backups with your web host may be an option you are considering or are currently following. The idea is instantly attractive as your web host also backs up your WordPress site(s).

However, have you considered why web hosts also provide backups? It is because backups are a basic necessity for most modern day WordPress sites.

Hosting a WordPress site– the act of choosing a host and a plan, may be simple, but maintaining a site and ensuring uptime and quality user experience for visitors to your WordPress site is more difficult. Many things can go wrong with your WordPress site.

 

Your web host's backup might not be as reliable as you think, and might not help you firefight when you really need to.
Your web host’s backup might not be as reliable as you think, and might not help you firefight when you really need to.

WordPress users know that everything from simple updates to hacking may crash your site or cause serious functionality issues. Having a backup can allow you to sort out the issues offline while your users continue to have a good experience and your reputation remains intact.

Running through the characteristics of the ideal WordPress backup solution is a good way to go when you have to evaluate any backup provider. Remember, backups are not for namesakes, you’ll need them at some point. This is true regardless of whether they are made by your web hosting service or not. Which is why backups must held to high standards in all cases.

In this case, let us look at a short checklist of the qualities to look for in a good backup solution:

  • Availability
  • Coverage
  • Frequency
  • Access
  • Storage

And, of course, it all comes down to

  • Restores

This should help you evaluate your backups for functionality, security and use-value.

 

Caveats in WordPress Backups by Web Hosts

While not all web hosts provide WordPress backups, many do. However, even with the ones that do offer backups, there are many caveats attached to the service. The quality of your WordPress backups truly depend on their practices and policies. Let us look at them point by point.

 

Availability of Backups

Some web hosts may offer backups to their basic accounts for an extra fee. However, backups may be included as part of the subscription plan for more advanced plans. SiteGround is a good example. They offers backup services for extra cost the subscribers of their most basic plan– StartUp, but more advanced plans have it included in the service..

When it comes to automatic WordPress backups you also need to be aware of your web host’s policies regarding website size limits. For example, HostGator will backup your WordPress site automatically, if it is less than 10 GB. If not, then automatic backups will not happen. You can only manually  backup your site via cPanel. The onus then, is on you to make, download, organize, and maintain backups. In such cases your backup solution needs to be revisited, because ideally backups must not be an additional responsibility, but must happen automatically.

 

Coverage: What is backed up?

Is your entire site being backed up? A WordPress site consists of files and database. An ideal database must make backups of it all but also give you access to it. This is not a given with all WordPress hosting service. Ask your web host about which parts of the site is backed up beforehand so that you may be prepared with manual backups or other measures when you need them for restores.

 

Frequency of Backups

There really cannot be a golden rule for how frequently you should make backups of your WordPress site. However the general guideline is— frequency of backups = frequency of changes to site. Backups must be done once a day. This will ensure that changes are recorded, and loss of data is minimized in case of a restore. This too is not an ironclad rule. e-Commerce sites may need to backed up more frequently (real-time backups).

Web hosts making WordPress backups may not make backups daily. For example, HostGator makes backups but stores only one copy and overwrites it each time another backup is made; which is only done weekly. This may result in loss of changes and updates.

On the other hand, WP Engine and FlyWheel make daily backups and maintain multiple versions of WordPress backups, but this upgrade in the quality/quantity of backups is also reflected in the price.

 

Access to WordPress Backups

This may seem like a straightforward point but it is not. For example, you can make and access backups with the Create Backup & Backup Wizard tool in cPanel when you have HostGator account. Even though SiteGround does not have a backup service for their most basic plan– StartUp, their site literature mentions that they maintain a backup of all the sites hosted with them. However, this is not accessible to users through the cPanel. In fact, this backup copy isn’t meant for users at all but for technical experts of SiteGround. You may request for this during emergencies, but you cannot be sure of how old this backup maybe. Of course, SiteGround offers Softaculous in its cPanel which can be used to make backups and can also be accessed via your SiteGround cPanel account.

Other web host like Flywheel and WP Engine allow you to access backups through their own dashboard.

 

Storage Backups – Backups are Not Independent

Storage of your WordPress backups is crucial to the security of your backups. The ultimate purpose of backups is restorations. If backups are not securely stored then you may not have them at all to restore your WordPress site in case of emergencies.

Your Web Host Is Not the Ideal Destination for Your WordPress backups

Backups are meant to be your safety net in case something goes wrong with your WordPress site; which can happen for many reasons. If your backups are stored by your web host on your site’s server, then your backups may not serve that purpose. The short version of the explanation for this point is that if your backups if they are stored on your server by your web host, then they are exposed to the same threats as your WordPress site.

Generally your backups may be stored on the same server or in a different location altogether, like an Amazon S3 account. In either of these cases your WordPress backups are not independent of your WordPress hosting service. This means that if you web host is affected for any reason then along with your website, your backups may also be lost.

Even WordPress Hosts Get Hacked

In case your site or server is hacked then you may make the case that your web host stores backups in a completely different location. However, consider a scenario where your web host has been hacked; and this has been known to happen in the past even to the most reputed of hosting services… In such a case, none of the data that belongs to your web host, regardless of location of the infrastructure, is safe.

Natural Disaster

Your WordPress backups must also be your disaster recovery plan. If your web host is affected by a natural disaster and your backups are on their servers, then your backups will be inaccessible.

Backups must be Independent

What this means is that you should be able to access your backups without depending on your web host. In such a case you can always restore your site using your backups no matter what the condition of your web host. This also allows you to easily migrate your site to a new hosting service too, without worrying about the quality of the backup. This is why completely independent backups are needed.

 

Restoring with WordPress Backups from ‘My’ Web Hosts

We can’t stress this enough— backups are about restores. Restoring a WordPress backup must allow for all the same features that you would demand of any other premium backup tool which is considered to be a good experience. The first step to this, is of course ensuring that you have backups from which to restore your website; but as we mentioned, backups with your web host are not independent so this is not a given.

Ways to Restore

cPanel / Tools

One of the way restores can be done, is by using the Backup Wizard tool in cPanel. Generally you cannot restore a Full site backup through the cPanel tools. For this you’ll need to contact your web host’s support. The other way is, if your web host uses a tool like Softaculous like SiteGround does, then you can use that to restore from your WordPress backups.

Auto-restore

Web hosts like WP Engine and Flywheel allow for one-click restores. However, the one problem with this is that there are no descriptions. Although there are dates of when the backups were made, you cannot really track the changes to your site from the last backup.

Differential Restores

Differential restores will not wipe the data on your site but only restore those files from your backup that are not already on your site. This way if the newer posts/files/updates are on your site then they will continue to do.

Most if not all web hosts, wipe the data on your website before restoring from a backup. There will always be a time difference between when a backup was made and when it was restored. This difference may lead to loss of data, since differential restores are not possible with web hosts’ offerings.

Granular Control

Granular control is important since it allows you to restore only a faulty database table or a specific part of your site’s content. In case you downloaded the full site backup, then it is upto you to find the specific table you want to restore. Apart from that downloading or uploading individual WordPress files may be hard, especially for new users because, all backups are .zip files.

Other web hosts like Flywheel and WP Engine, although they offer one-click restores, do not describe the backup versions or allow for restoring individual files or tables. If you want to do this you may have to download a backups version in .zip folder. Extract and choose the files and upload them via an FTP client.

This is obviously not suitable for every circumstance. If you can pinpoint the source of the issue–like a recent update you made to a plugin, you need to restore may that one particular file and not have to spend time restoring the whole site as this can take some time especially if you have a large site.

Test Restores

Backups must be tested before being restored to ensure that they are fully functional. You do not want to find out what may be wrong with your backups once you have restored it on the live site. You may use the staging environment provided by your web host for this. However, if you are a novice, or are not a developer, then this might be difficult for you.

You can check out BlogVault’s Test Restore feature which you can access with a single click from your BlogVault dashboard. This creates a fully functional copy of your site from the backup version you choose. This way you can navigate the copy just like you would your actual site, make sure everything is ticking correctly and then make the restore; all within a matter of minutes.

 

WordPress Backups by Web Hosts Bring Other Worries Too

We have covered how backups by web hosts are not independent. This is important because if you don’t have backups then there is nothing to talk about. However, apart from that glaring miss, there are other big and small worries to which you may have to pay attention.

With automatic backups by web hosts you can’t schedule backups or force backups. There are no backup descriptions (as offered by best-in-class premium WordPress backup plugins like BlogVault). This make organizing backups very difficult.

Also, tracking backups are difficult since you have to login to the cPanel every time to track automatic backups and even to make manual backups. cPanel itself can be a little cluttered and provide an overwhelming experience for new users. The tracking issue may become important to you if your web host has limits on your website size to make backups.

 

WordPress Backups by Web Hosts: The final word

If your backups are not independent, then they don’t fall under the category of ‘following best practices’. So, we cannot recommend this solution it thoroughly. Some web hosts may offer better backup options than others but these options will come at a cost to you. Now that you all the things to consider about backups by web hosts, choose wisely.

 

WordPress has become the most preferred content publishing platform online, and its popularity is continuously growing. For hackers, this means a bigger target with greater payoffs. Are you, as a WordPress site owner committing basic security mistakes that make it easier for them?

 

Common mistakes Website owners make

 

WordPress is the most popular platform to build websites on, and its popularity has only been growing. The CMS has something to offer anyone who has ever wanted to own a website. The WordPress community is supportive, and consists of developers who can build anything in code as well as code-averse site-owners who are given a world of add-ons to make their sites extensible, and more functional.

 

However, maintaining a WordPress site comes with a number of caveats, which are difficult to navigate. The case is worse for new site-owners, since committing a small mistake could knock their site offline, or make it vulnerable to hackers’ attacks.

 

Knowing the common mistakes made, and avoiding them, is key to keeping your WordPress site safer. This is why we’ve come up with a list of the basic security mistakes that WordPress site owners and users make. Are you making any of these mistakes currently?

 

1. Not updating WordPress and its add-ons

Now while the rest of our list talks about mistakes to definitely avoid committing, this issue is a little more complicated. This is why we’ve chosen to get this out of the way right in the beginning.

Everybody talks about keeping WordPress Core and add-ons (themes and plugins) up-to-date, for the sake of security, as well as to add new features to the site. However, you as a WordPress site owner, have one good reason for not doing so– incompatibility.

Your WordPress site could break because of:

Updating WordPress Core

There are two kinds of updates on WordPress Core that keep it up-to-date with the best features, and security measures on the web.

  • Major updates (like 4.5 or 4.6): These add new features and functionality to WordPress.
  • Minor releases like Release 4.5.1 and 4.5.2: These are dedicated to security patches, and bug fixes.

There are a couple of catches with these releases. For one, it can be cumbersome to keep up to date with all of them. Version 4.5, for example, was released on April 12, while 4.5.1 was released 14 days later, and 4.5.2 was released about 10 days after 4.5.1. Secondly, while WordPress Core upgrades are designed to be compatible with all the previous versions; (even the first one), it doesn’t always work out that way. So when WordPress site owners update their WordPress core, their site crashes.

Updating WordPress add-ons (plugins, themes, and widgets)

There a number of problems you could run into while updating WordPress add-ons. Since the developers could be pressed for time or not have the expertise, they can’t make sure that their updates are compatible with every single version of WordPress. As a result, they could be incompatible with previous updates of WordPress Core. Moreover, even add-ons that are coded to be backward compatible might not be developed with other add-ons in mind. Lastly, add-ons’ updates contain significant security patches and bug fixes, which change the way they work and hence cause conflicts. One example of this was the security patch for RevSlider (a premium carousel plugin), that changed the way the plugin worked.

As a result, updating even just one plugins could cause your site to break. If compatibility issues between WordPress Core and an add-on are a concern, the safest route to take, would be to ask the plugin developer to release an update for the plugin, while also looking for alternatives that work with your other add-ons.

The key to keeping your WordPress site secure, is to update every part of your WordPress site. The consequences to your site, its data, and your site’s visitors are all too great to not update.

 

2. Buying/using bad add-ons

As mentioned, WordPress add-ons don’t necessarily have the stringent code quality or security measures in place that WordPress Core does.This is why it’s important for WordPress users and site owners to pay attention to pick a good theme/plugin. Every good add-on has one basic characteristic– it has has good code. But even if you don’t know how to judge the code of a theme/plugin, there are a few characteristics which you spot:

  1. They’re available via a reputed source: This means they’re on the WordPress.org repository, or with well-known theme/plugin seller, like Themeforest, Elegant themes, etc. Just as with material goods, buyers should be wary of a premium theme being available on a questionable website at a huge discount.
  2. They have good reviews and ratings from genuine, long-time users.
  3. They’ve stood the test of time: The longer a theme or plugin has been available, the more bug fixes and security updates they should have.
  4. They get updated often and have been recently updated (in the past 2 months) from the developer’s side

Installing a bad theme/plugin could have a number of consequences for your site, whether in a way that affects function (such as slowing down your site), or in a malicious way, such as sending spam mail on your site’s behalf. Apart from all this, having an add-on with malicious code on your site causes search engines to mark your site as malicious, and hence blacklisted.

 

3. Using bad login practices

There are a number of simple login mistakes that WordPress site owners make, from sticking with easy to guess credentials, to staying logged in on their sites. This makes it easier for hackers, who usually use bots (just like search engine crawler bots), to look for websites with vulnerabilities.

Sticking with the default username (admin) reduces the time bots need to crack your login credentials, by 50%. Combining that with the use of a weak password only makes attacks on the login page (like a Brute Force attack, or a Dictionary attack) that much easier. Once the bots crack your login credentials, the hacker can login as you, and legitimately perform admin-level functions. This is why it’s important to enforce good login practices, and secure your WordPress login page. A couple of other simple ways (and there are more ways) to protect your login page are renaming the administrator account to reflect a different username. WordPress site owners have to look out for legitimate ways to harden their login page though– some widely recommended practices such as  moving your login page to a custom URL, are unnecessary, and can ruin your site’s user experience.

 

4. Making every contributor to the site an ‘administrator’

WordPress sites have different system users with different levels of access, in order to give the site owner the power to assign responsibilities to different users. This also serves as a way to give those with fewer responsibilities, the access to only specific areas they need access to. This principle (known as the Principle of Least Privilege), is one of the basic elements of security on any system.

WordPress has five different user roles:

  1. Super admin or Admin: Has full control over add-ons, content, files, and users on the site. (Super admin is someone who has Admin access over multiple sites, and controls the network administration for those sites too).
  2. Editor: Has full control over content and files, can publish anyone’s content, and is allowed to add script tags for formatting.
  3. Author: Can only create, modify, publish and delete their content.
  4. Contributor: Can only read, edit and delete content. No publication rights.
  5. Subscriber: Can only read content. No other rights

So say you run a successful news website or a blog with a regular guest blogger contributing once a month… You would best assign the guest blogger the role of  ‘Contributor’ or ‘Author’.

Assigning the ‘Admin’ role instead, however, will put your WordPress site at a greater risk. Just imagine what would happen if they deleted a post by another author, a plugin or even an Editor by mistake!

Giving users unrestricted access could also allow hackers to exploit your site more easily. A good example of this kind of damage, was how TechCrunch got hacked by OurMine, a commercial security group that hacks accounts to publicize their services. The site was hacked using one of its contributors’ accounts.

 

5. Being a hoarder

Keeping old add-ons and users presents a number of opportunities to hackers. As a site-owner, it is only natural to experiment with plugins and themes. In the process though, it is easy to forget about unused add-ons in your site’s repository. However, since you no longer use them, you also don’t update them. This opens up your site to a number of exploits.

Forgetting to delete old users (especially contributors) long after they’re gone, allows hackers access your site legitimately after a previous hack (like a Brute Force attack). This is one of the ways WordPress site owners are hacked for a long time without even knowing about it.

 

6. Not checking past uploads

Similar to hoarding add-ons and users, WordPress site owners also fall in the trap of never cleaning out their Media Library, the uploads folder, or the includes folder.

Hackers know this too. This is why they could easily upload a hack-file that looks like an image, and execute a hack later. This is how a number of exploits on the TimThumb vulnerability were carried out.

This method could also be used to create a backdoor. So even if malicious code is removed, and the WordPress site is kept up to date, it will still be susceptible to hacks.

 

7. Not having a reliable backup solution to depend on

Having a backup solution for your WordPress site is paramount to security. Not only does having a clean backup of your WordPress site make it easier to restore your site in case of a hack or blacklisting, it also allows you to scan your site’s code for irregularities and fire-fight more efficiently. However, most WordPress site owners don’t realize that the solutions they’re relying on are not dependable, until it’s too late. Backups must be the perfect disaster recovery solution, so they should be fool-proof, and adhere to the best WordPress security practices. Not only should they be independent of the WordPress hosting service, but they should be independent of your site, be stored in multiple locations, and have both: WordPress files and database encrypted and backed up.

If your site encounters a problem caused by anything as disastrous as your hosting provider being hacked to the deletion of files, not having a good backup plan would lead to your site experiencing a long downtime or worse.

 

The mistakes listed in this article are basic, and yet widely committed by WordPress site owners. Keeping your WordPress site secure lies not in being sure of impenetrability (because there is no such thing as a perfectly secure site), but in making it harder for hackers to achieve their target.

 

If you commit, or have committed any of these simple mistakes in the past, the best way to ensure that there is no malicious code on your site, would be to invest in an intelligent auto hack cleaner for WordPress sites, like MalCare.

 

WordPress is the most popular CMS in the world. With WordPress powering 26% of the world’s websites it’s also one of the most preferred ways to publish content. What makes it so popular?

While there may not be a perfect CMS  (Content Management System), WordPress comes pretty close currently to being the best one. At least it is the most popular one by far. Search trends on Google show that there is considerable daylight between WordPress & other CMSes out there. This is, at least, to say that WordPress generates more interest than other platforms.

 

WordPress is the most popular CMS in the world.
WordPress is the most popular CMS in the world.

The popularity of WordPress represented by search trends is reflected in the usage rates of the CMS, with WordPress being used nearly ten times as much as its closest competitor, Joomla. While WordPress tops at 26.7% of websites using the platform, Joomla is used by about 2.8% of websites. This difference in usage rates only becomes more stark when you take a look at the market share of the CMS. WordPress has nearly 60% of the market share.

While the WordPress community across the world was growing, and more and more people were building WordPress sites for varied purposes, only the recent release of statistics has managed to shine a light on how big the CMS has actually become. About 26% of websites in the world are said to be powered by WordPress.

This number is said to grow to 30% in a few years as WordPress is not just the most popular content publishing option on the web, it is also the fastest growing  CMS. It is simply the most popular option for building websites. With this, the mission of “democratizing publishing” as Matt Mullenweg phrased it, seems to have been realized. However, this realization only seems to be the beginning of something bigger.

Here are some reasons as to not only why WordPress is big now but also why it is expected to continue to grow.

WordPress is Open-source

WordPress is an open-source CMS and will remain so in the future as well. With WordPress being open-source, a private company cannot decide to delete your content on their own, regardless of reason. This means that you’re unlikely to lose your content when you publish it using WordPress, such as in the case of Dennis Cooper’s blog on Blogger.

This means that WordPress is not only the most viable option economically, it gives you (the user) complete ownership over your content and and puts the power of publishing squarely in your hands.

WordPress In Your Language – Inclusive

WordPress communities have actively participated in translating the CMS into various languages. Currently according to WordPress.org, WordPress has been completely translated into more than 60 languages. Despite the fact that over 70% of WordPress sites are in English, translation makes the WordPress mission of democratising publishing a real possibility as websites and blogs can be produced in many, many languages and the platform instantly becomes relevant to a truly global audience.

Customizable

Although WordPress was largely seen as a blogging platform for long, it has been used to create  all types of websites. For this to happen not only is it important to have power over content but also the form in which it is published. WordPress was built to be fully customizable, and being an Open Source project, it welcomed contributions– core, plugins and themes, that made it flexible to suit different needs. This is one of the key reasons why the platform has become popular.

The showcase section of WordPress.org is proof of how effective WordPress has been for various purposes along with being a good blogging platform.

WordPress Plugins & Themes – There is a plugin for that!

Themes help enhance the design and functionality of WordPress sites (header:image+text, body:video, sidebar:archive, footer:about company). They provide different templates. Plugins help customize these templates to add more functionality (to make header a carousel, to help site load faster), widgets usually help only appearance (eg: to add footer, sidebar to site).

Plugins and themes are what make it possible to employ WordPress is for building website for various purposes. This is also why there are so many contributors to plugins and themes. While many contributors are professionals, or companies, there is also a large community of amateurs and hobbyists working to make WordPress conducive for every need.

WordPress Plugins & Themes

Plugins

  • Plugin Repository -47, 211 Plugins
  • Downloads – 1,432,006, 605

Themes

  • Spoilt for choice
    • Thousands of free themes on WordPress.org
    • 85 commercially supported GPL themes
  • Themes for every purpose
  • Themes changed – In August 2016 – Nearly 2 million times

The interest in WordPress and growing repository of plugins and themes has also encouraged many third-party companies and developers to produce premium themes, plugins and services professionally.

Social Media

The power wielded by social media platforms is huge. One only needs to take a look at the number of users on social media platforms and their importance becomes clear; particularly for large businesses looking to find a portal to engage their target audience. There are more than a billion users on Facebook alone. Combine this with the growing importance of Twitter as a promotional and engaging platform for large business, and you realise why the ability to embed these posts in your WordPress is such a big deal. As this article on Business 2 Community mentions, “Twitter is the place to engage with companies: While just 20 of the of Fortune 500 companies actually engage with their customers on Facebook, 83% have a presence on Twitter— as do 76% of the NASDAQ 100, 100% of Dow Jones companies, and 92% of the S&P 500.”

Being able to provide an experience for users to engage with authoritative long form content & instantly share it with their connections in bite size form to start a conversation all on a single platform can be a powerful tool for businesses.

While WP gives users control over content it also understands that the real power of content is amplified through connections, which is what social media platforms are all about.

Embedded in WordPress

  • Twitter
  • Youtube
  • Flickr
  • Vimeo
  • Photobucket
  • PollDaddy
  • SoundCloud
  • Gigya
  • Google Maps
  • Slideshare
  • Dailymotion

WordPress Is A Rising Star

As more people use a platform, chances are that its following will increase because their interest has been roused. If so many people are choosing WordPress then there must be use value from the CMS. The continued growth of the CMS however can be attributed to the initial inklings that pushed them to use WordPress proving true. The scary or exciting part is that all the points that make WordPress useful are only growing bigger and stronger market-wise. We have seen this in the growth of the WordPress market.

People who contribute to the CMS:

  • Freelancers
  • Professional
  • Amateurs & Hobbyists

All contribute to the WordPress community and make it richer. There are also many areas for contributions with:

  • Theme designs
  • Website design
  • Building plugins
  • Content management

“WordPress Hacked!”: Strengths As Weakness

All this interest will definitely attract some unwanted attention too. It is already a concern for many that the top Google search suggestions for– “Is WordPress…” are “Is WordPress free”, or “Is WordPress secure”. The popularity of WordPress makes it a target for hackers or at least is perceived to do so. When a platform runs more than a quarter of all websites, the payoffs from being able to hack it will also be big.

All of these points make WP websites an attractive option for hackers. It is inevitable isn’t it  when a platform offers so many opportunities and is so popular that it will attract the those who are nefarious.

However, this perception of the most popular CMS, also being the most insecure one is simply not true. WordPress Core has been very secure, and more and more spotlight is being shone on hardening and securing WordPress sites than ever before. The growing market share and popularity has brought about the challenge of scale. It has converted WordPress’ most cherished tools– plugins and themes into double edged swords; if only in part. This is because most of the vulnerabilities exploited in the last few years have come from issues dealing with plugins and themes or WordPress site maintenance issues. Scale and an unregulated, fast-growing market have contributed to the many strengths and weaknesses of WordPress.

This is not mentioned as a warning sign but for the sake of spreading information. Awareness of pain points can lead to resolving or managing them more efficiently. WordPress is a community driven project & is based on informed users taking action.

You too can take some steps to put in place best practices for your website and not make it easy for hackers. Chances are that all it takes to protect you site is to make it a little bit harder for hackers, but it is interesting to see how many people miss out on the easy steps.

With all these points considered there is no doubt that WordPress is here to stay; and if anything, it will only grow bigger in the coming years. Being part of its community and this open source project may seem like a double edged sword for some, but if you stay informed and put in basic best practices in place then you will not only be safe with your WordPress site, but happy as well.

 

The hardware used by your WordPress hosting provider can give you a lot of grief and be heavy on your wallet too. But, do you know what the issues are, and how a robust WordPress backup solution can help you?

Most of us think about subscription plans, security, and many other details when thinking about hosting a WordPress site. Few of us think about the kind of hardware that is used by the hosting and the problems that we could experience because of hosting hardware issues.

Hosting hardware issues could take your site down
Hosting hardware issues could take down your WordPress site

This may be with good reason- for one, such information is hard to get because hardware of hosting services is always out of sight, and there is no way to verify it. The second reason is that most of us may not know what are the questions we have to ask.

While there are many challenges which you may face while hosting your WordPress site, we’ll focus specifically on the hardware issues which may eventually end up affecting your site’s performance, security, and its existence.

A hosting service basically needs the following hardware:

  • Servers
  • Storage
  • Communication Equipment
  • Infrastructure Issues – Cooling and Heating

Rising competition in the hosting market space makes many demands. These demands may not all be met in the best possible manner by all host providers and this often manifest in hardware issues.

Server Failure

A server motherboard comprises CPU, memory, and network adapters among other things. All these components have a failure rate and regular wear and tear  leads to their failure. Of Course, as it is known, using ECC RAM may decrease the failure rate.

Apart from this, increases in temperature may accelerate this process and cause the CPU or RAM to fail. Power surges also lead to motherboard, and/or its components failing.

A host of software reasons may also lead to the motherboard on a server failing. This can be due to server overload through legitimate traffic or hack attacks.

Hard Disk

There is no magic, hard disks are used for storage of data in data centers. As you will well know, a hard disk is a mechanical device, meaning it relies on its parts moving to read and write data. This exposes hard disks to not only natural wear and tear but also, failures from excessive heat due to friction.

Now, imagine having hundreds and thousands of such devices stored in a single center. Some are bound to fail and fail much before their mean time between failures. A good hosting company will ensure that dated hard disks are phased out and new ones are installed periodically.

There may also be issues after maintenance work. Simple issues like physical damage caused by someone dropping hardware or not plugging in the wires correctly may occur too.

Communication Equipment

While most of us know of servers and hard disks, users rarely think of  the cables and network switches. Data centers on the other hand generally have to pay more attention to such things. Reports in 2013 of how 4 major hosting providers were taken out by a network switch failure; and users had to experience downtime, is proof of this fact. Network failures are a real threat to the functioning of your WordPress site and the reputation of your site.

Outdated Hardware

Extending the life cycle of hardware in data centers can be due to lack of maintenance or a cost cutting measure; either due to lack of budget or due to the desire to remain competitive. Cables, hard disks, etc. usually are not thought of by consumers. It may be easy to not replace them at the right time. This brings down the performance of the servers and in turn the performance of your WordPress site.

Apart from these issues certain other factors that have to do with the supporting infrastructure and maintenance of the data center affect the health and performance of hardware.

Infrastructure Issues – Insufficient Cooling

Apart from the regular functioning of servers and storage other factors may contribute to this issue. rooms may be stuffed with servers, or servers may be stuffed with too many sites. Such practices contribute to inefficient energy consumption and increased heating. In such cases it is not easy to scale up the cooling infrastructure wherein planning and space may be short. Other factors like ‘spaghetti cables’ may also aggravate the problem.

This is not simply to say here are the problems. The impact of heating issues on your WordPress site’s performance, your finances and reputation is real. Heating issues may regularly lead to:

  • Hard disk crashes
  • Longer load times due to hardware performing at below par levels
  • Pages not loading, etc.

The decrease in traffic and transaction from increased load times and frequent downtime is a fact that is increasingly well documented.

Natural Disasters and Accidents 

Natural disasters may not be something we think about on a daily basis but is obvious once stated. Natural disasters can destroy racks – servers, and hard disks, and make the building shell itself inaccessible.

Accidents may seem less obvious but they are real possibility and have caused considerable damage to the hardware of hosting servers. From a SUV crashing into a Rackspace facility costing them reportedly US $3.5 million in refunds to fire caused by drill in an adjacent building burning down an Amazon data center, accidents are a real possibility and cause considerable damage. The first example doesn’t not account for the cost of downtime which was estimated to have lasted 5 hours.

Not accounting for accidents in your WordPress site’s disaster recovery plan is a mistake.

Independent WordPress Backups Can Come to Your Rescue

The first step to being prepared for all eventualities of hardware failure with your WordPress hosting is knowing about them. Then, having good, independent WordPress backups may help you significantly reduce downtime and keep your business running. In this case, the question to ask is “Are your backups completely independent of your hosting provider’s hardware?”. If the hardware of hosting provider, located in one or two locations is compromised then can you still access your backups? If the answer is no then you need you revisit your backup strategy. You can look at BlogVault to explore a robust WordPress backup solution.

Flywheel being a managed WordPress hosting service offers great features including WordPress backup. The increase in features and focus specialization is certainly reflected in the price too. So, are Flywheel backups worth it?

Flywheel is a managed WordPress hosting platform. They exclusively host WordPress sites and as a result, Flywheel is optimized for that platform. This means that you can expect WordPress backups and services that are a cut above your run-of-the-mill shared hosting environments on other web hosts. With this, costs rise proportionally as well. So, does this mean that we will discover a web host WordPress backup on which you can rely? Read on, to find out!

A Screenshot of Flywheel's website
A Screenshot of Flywheel’s website

Before we begin, welcome back to our series reviewing backups by web hosts. Check out our previous articles in this series on backups by WP Engine, HostGator & SiteGround if you’re interested in how they backup your WordPress site.

Flywheel Backups:

As usual we would, ultimately, be looking to answer one question- Can you rely on Flywheel for your WordPress backups? Being a hosting service dedicated to WordPress, Flywheel is optimised for the CMS and provides backups as a part of its service. However are the WordPress backups completely independent of Flywheel? Let’s find out.

  • Flywheel makes nightly automated backups of your WordPress site.
  • You access 30 days of backups through your dashboard.
  • Flywheel’s documentation says that it backs up everything in your WordPress folder including uploaded files.
  • Backups are stored offsite on Amazon S3 servers.
  • Apart from these features you  can download your backups in .zip format; and restore your WordPress site with a single click.

Points to keep in mind:

  • When you are restoring your site, visitors are going to see a ‘site down for maintenance’ message.
  • Flywheel provides a staging environment to test changes and updates to your site.

Review of Flywheel backups

Flywheel allows you to force backups anytime you want. This is helpful when you have to make updates or major changes to your site. When you are restoring your site, it automatically prompts you to make a restore of the current version. It is a handy feature to have as you can roll back your site in case the restoration process does not work out. However Flywheel does not function as complete WordPress backup service despite getting many things right. As a consumer you will have to decide if you can ignore issues or do you want to go for the best WordPress backup plugin.

Backup Descriptions

When you force a backup, you are prompted to provide a backup description. In such a case, you can name the backup according to the reason you are performing the backup. For  example, if you are updating plugin X, then you can name the backup as ‘before updating plugin X’. Although you have 30 days of backups available on a list in the Backups tab of your Flywheel dashboard, you can immediately identify this one.

Forcing a backup on Flywheel first results in a pop-up asking for a backup description to help tell backups apart
Forcing a backup on Flywheel first results in a pop-up asking for a backup description to help tell backups apart

Automatic backups on the other hand, can only identified by their dates and the number of posts, pages, comments, plugins & uploads. There is very little to differentiate what has exactly changed since the last backup. This is particularly painful when you start making backups before updates, restores, and so on. This interrupts with the automatic backups repeating number of posts or pages or jumbling them up. A hack most people would think of, to restore the backup version with the most posts or uploads will not work in such a case.

Flywheel's automatic backups are hard to tell apart
Flywheel’s automatic backups are hard to tell apart

Downloading Backups from Flywheel

Downloading backups is very easy you can do it from the BACKUPS tab in your Flywheel dashboard itself. Once you have opted to download a particular backup, you will get an email notification informing you that your backup is ready for download.

Downloading Flywheel's backups is easy
Downloading Flywheel’s backups is easy

One thing we did notice when we unzipped the downloaded backup is that, wp-admin and wp-include files were missing from the downloaded backup.

Our downloaded backup didn't contain the wp-admin and wp-include files
Our downloaded backup didn’t contain the wp-admin and wp-include files

We must mention that we had no issues with restoring the site from our dashboard. This means that Flywheel will have a backup of those folders. But, you can’t access those folders of your site when you simply download a backup from the Flywheel dashboard. It is more a question of convenience- how easily can you access all the files on your site?

Does Flywheel backup give you control?

In case some files are being excluded from backups, you cannot simply add files to your backup right from the dashboard of your account. You can’t know the specific files or directories being backed up either.

This lack of granular control extends to downloads and restores too. Your backups as mentioned are zipped and sent to you. You do not have the option of choosing which files or tables you want to download. While this outs some sort of a burden on your storage space or labor the matter is a little more serious when it comes to restores.

Losing Data When You Lose Control Over Backups

Flywheel restores your site by removing all the old files and replacing them with the backup version you have chosen. This means that changes made in this interim will be lost. In case you know that a specific plugin or file is the issue, then you can restore only those files or plugins without losing your data.

Ideally, making incremental restores to your WordPress site would not ensure that it is up and running quicker but will also ensure that changed data since the restore also is not lost.

Of course you can always make a backup before restoring, and then download it. You would then have to upload all of that content again and make sure to take a backup of this latest version of your site. However, this seems like a circuitous way to solve the issue.

On the note of control over backups, we thought we’d mention that you also cannot customize your backup schedule.

Conclusion on Flywheel Backup:

A summary of FlyWheel's backups
A summary of FlyWheel’s backups

As expected Flywheel gets a lot things right however, their backups still don’t cut the standard of a complete WordPress Backup service. As Flywheel mentions on their site, they’d like to work with the “best of breed” for everything. If you too are looking for that “best of breed WordPress backups” then you might want to look elsewhere.

Stay safe & always, always backup!

Getting your website blacklisted is always a bad thing. But as in any crisis, it’s always important to know what to do next, and how to remedy the situation.

 

Having search engines blacklist your site can be a harrowing experience.
Having search engines blacklist your site can be a harrowing experience.

If you’re a website owner, having your website hacked, and then blacklisted, is a horrendous thing to discover. Not only will have to deal with the consequences of the hack, but since your website is also blacklisted, Google and other search engines will stop crawling your site, and showing visitors warnings. This means you’ll be missing out on new searches, and losing your hard-earned reputation as well.

If you’re new to owning a website and the hassles that come with it, all of this might seem a little intimidating.

This is why we’ve chosen to give you most comprehensive guide to dealing with your website being blacklisted.

Here are just the basic steps if you’d rather have a quick run-through:

How to find out if your website has been blacklisted

There are a few ways to find out if your site has been blacklisted, or has been blacklisted because of malware on your site.

  • Enter the URL of your site on Clearinghouse, or sites like it: StopBadware is a site that works in association with Google to help owners of hacked sites.
    Its tool, Clearinghouse, lets you know if your site has been blacklisted or not, simply by entering the URL in its search box. Since it aggregates security information from major search engines and security companies, its list is up to date, and takes only a couple of hours to reflect new changes. Once you enter your site’s URL, Clearinghouse will check if there are records of your site being blacklisted, and will let you know accordingly:

    Checking if your site has been blacklisted is as simple with tools like StopBadware's Clearinghouse Search
    Checking if your site has been blacklisted is as simple with tools like StopBadware’s Clearinghouse Search
  • You could also enter your website’s name into Google and check the search results. If the descriptions for your website show a variant of “This site may harm your computer”, you’ve been blacklisted.
    A sample of a warning that displays when your site has been blacklisted as a result of a hack
    A sample of a warning that displays when your site has been blacklisted as a result of a hack
  • If you’ve verified your website with Google’s Search Console, they would have sent an email notification about finding malicious software (or malware) on your site, and hence blacklisting your site. Below is a sample of the email you will receive:

Dear site owner or webmaster of (site.com),

We recently discovered that some of your pages can cause users to be infected with malicious software. We have begun showing a warning page to users who visit these pages by clicking a search result on Google.com.

Below is an example URL on your site which can cause users to be infected (space inserted to prevent accidental clicking in case your mail client auto-links URLs):

www. Site.com

Here is a link to a sample warning page:

http://www.google.com/interstitial?url=http%3A//site.com/

We strongly encourage you to investigate this immediately to protect your visitors. Although some sites intentionally distribute malicious software, in many cases the webmaster is unaware because:

1) the site was compromised

2) the site doesn’t monitor for malicious user-contributed content

3) the site displays content from an ad network that has a malicious advertiser

If your site was compromised, it’s important to not only remove the malicious (and usually hidden) content from your pages, but to also identify and fix the vulnerability. We suggest contacting your hosting provider if you are unsure of how to proceed. StopBadware also has a resource page for securing compromised sites:

http://www.stopbadware.org/home/security

Once you’ve secured your site, you can request that the warning be removed by visiting

http://www.google.com/support/webmasters/bin/answer.py?answer=45432

and requesting a review. If your site is no longer harmful to users, we will remove the warning.

Sincerely,

Google Search Quality Team

Why was my website blacklisted?

When hackers infect good websites with malicious code, the infected websites might collect banking details, contact or personal information from, or launch spam mail aimed at the website’s visitors. The infected websites might also be used to infect the visitors’ computers… depending on what the malicious code on your website was written to do.

Therefore, your website might have been blacklisted because it contains malware. Security companies and search engines blacklist sites that contain malicious code, in an attempt to try and protect the sites’ visitors.

What to do about my blacklisted website?

Once you find out that your site has been blacklisted, there are a few steps to make sure that your site is listed again:

Step#1: Access Google Search Console

  • If you don’t have a Google account to use the Search Console
  1. Create a free Google Search Console account if you don’t have one.
  2. Click on the “add site” button on Google’s Search Console and follow their instructions to verify your site.
  • If you’ve already verified your website using Google’s Search Console

As mentioned previously, Google would have already notified you about your site being unsafe, via email, with the steps to be followed in case you have been blacklisted. What it doesn’t explain though, is how to go about key points such as “remove the malicious content from (your) pages” and “fix the vulnerability”.

Step#2: Take your site offline, put up a page that says “Under maintenance”

This will help keep your visitors safe, and keep the attacker from wreaking more damage to your site, while you look for the malicious files on your website. You can take your site offline by doing one of the following:

  1. Going to your WordPress file directory and renaming the index.php file to something like indexold.php
  2. Manually adding a 503 redirect to your .htaccess file
  3. Changing the Privacy mode of your site
  4. Using certain plugins
  5. Contacting your web host and asking them to temporarily suspend your site

Step#3: Look for malware and bad files on your website

Vulnerabilities on WordPress usually exist on outdated versions of themes, plugins, widgets, and in WordPress directories that you don’t usually visit. This is why it can be difficult to detect a hack.

What you can do, though, is to update every outdated component on your site, and delete components that you don’t use. However, it’s not just enough to identify hacks… you have to clean out malicious files too. This is why identifying an intelligent hack scanner and cleaner is of paramount importance. You don’t want to get alerted by false alarms, nor do you want miss getting rid of any malicious code.

Step#4: Request a review for your website

Once you remove all instances of malicious code from your website, it’s important to inform search engines about your progress.

There are two ways you could go about this:

  1. Sending a review request to Google with your Google Search Console:In general, review requests to Google depend on the type of malware detected on your site.
    • Reviews related to phishing take about a day to process
    • Reviews related to sites hacked with spam usually need a few weeks to process since spam-related- hacks are usually tricky, and require manual investigation from the search-engine’s side
    • Reviews related to other malware will need a few days to process
  2. Sending an independent review request to resources such as StopBadware: This is as simple as entering your website’s URL in their ‘Request Search’ page.

    Requesting a review from StopBadware (we entered a URL to get this result)
    Requesting a review from StopBadware (we entered a URL to get this result)

    Once all instances of malicious code on your site are removed and your site is verified to be clean, all warnings will be removed, and your site will function as usual.

Step#5: Backup your website!

Keeping a backup of your WordPress site will keep you safe in the future. You could restore an uninfected version of your site, and then request a review, which makes the whole process a little shorter.

Step#6: Always perform a forensic analysis

Performing a post-hack analysis of your site will help you see the different openings for attacks that hackers find. If you’ve used a good malware scanner and cleaner, this should be easy. Finding these vulnerable points and hardening them will make your website a little less penetrable.

 

It’s never easy knowing that your website contains malware and could be a risk to your visitors. It also results in a loss of reputation. But getting to the root of the problem and eliminating malware can help keep you, and your website’s visitors safe.