We recently discovered a security breach at BlogVault which led to some data being exposed. Here are some details about the issue. We are currently in the middle of an extensive investigation and we will share updates with more detail as and when we learn more about the issue.
We have reached out to all our customers informing them about the situation. We have also set up a ‘Security Updates’ page to be communicative throughout the process. The page also has some FAQs and contact details. Please follow this link for more details: https://blogvault.net/help/info
We understand that it can be frustrating for you; as it is for us, to not have all the information. We aim to be comprehensive in our response to the issue. Once we have safeguarded our customers’ data, and our investigation is complete we will be able to share more details.
Lastly, we have reached out all BlogVault customers and we are deeply moved by the patience and understanding displayed by many of them. We are working round the clock and have prioritized safeguarding your data.
Losing a single order has significant financial costs for online stores. Real-time backup for WooCommerce sites is the answer; but only if you know for what it is that you’re signing up.
For online stores, the clock does not confine business hours. The window is open 24/7 and users place orders at all times of the day. You cannot afford for either your site to go down or to lose even one of those orders. Both these scenarios will harm your revenue.
Despite all the security measures you take there is no fool-proof plan. For this reason, having a robust backup plan plays a key role in an online store’s strategy to safeguard orders, payments and other data.
Online stores built on WordPress; the most popular CMS in the World, mostly use the WooCommerce plugin. If you too operate your business via the ‘WooCommerce window’ then it is important to know the challenges of backing up WooCommerce sites and the backup solutions available to you. Between 2010 and 2013, the average cost of downtime per minute increased by 54% from $5,000 to $8,000. While the average downtime during the same period decreased by only 11%, the cost of being offline is rising all the time.
What is WooCommerce?
A quick introduction— WooCommerce is a popular e-commerce platform for WordPress sites. The platform offers many extensions and themes to transform WordPress sites into online stores. As part of this, WooCommerce offers extensions for accounting, marketing, inventory, customer service, and payment gateways among others; to easily build e-commerce sites.
Regular Backups Aren’t Ideal for WooCommerce Sites
Regular backup solutions are not an ideal fit for WooCommerce sites. Transactions on online stores don’t occur at regular intervals. However, when they do happen, they are important and all of the data related to the transactions needs to be backed up. This cannot wait till the end of the interval which may be at the end of the day or the end of the hour.
Losing Orders– The “Oh, NO!” Moment
As we mentioned, on online stores orders trickle round-the-clock. The rate of orders received may vary through any given day, but all orders are equally important.
Just like, orders, the “Oh, NO!” moment can occur at any time of the day. Your website may start malfunctioning or crash at any given point of the day. Waiting for regular backups to backup hourly or daily would mean losing details about orders and transactions made on your website.
Frequent Backups Can Be Resource Intensive
If you decide to run regular backups frequently to avoid losing orders, then you will end up slowing down your site. If your backup plugin is performing backups every few minutes, then your server resources are split between making backups and responding to requests made by the visitors to your site. This will harm the user-experience. Lags in page load times or site performance is as good as turning away potential customers.
Real-time Backup for WooCommerce Sites Is the Answer
A backup solution needs to be comprehensive in backing up all the changes while making efficient use of resources to ensure that user-experience is not affected. Real-time backups is the answer for WooCommerce sites. However, not all real-time backup solutions are the same. Knowing what real-time backups do and knowing how different real-time backup solutions perform backups may make or break your site’s backup strategy.
What Are Real-time Backups?
Real-time backup tracks and save the changes to your site as and when they happen. For example, if a customer places an order on your website then that change is immediately tracked and saved. This ensures that you have the most up-to-date backups from which you can restore your site; and more importantly not lose any orders.
The Challenge of Backing Up WooCommerce Sites
WooCommerce sites cannot be backed up like regular WordPress sites.
A WordPress site has two parts– Files & Database. Database contains information about posts, pages and users apart from other things. In short, the database contains all the content on your site. Such information is stored in the form of tables on your WordPress site. These tables are known as standard tables and come with every WordPress installation.
However, a WooCommerce site has additional information to store which are all important to your business. To store this information, WooCommerce installs custom tables on your WordPress site when the WooCommerce plugin is installed. This is in addition to the standard WordPress tables. Below is a list of some WooCommerce tables and the information they contain.
You cannot afford to not have backups because piecing together items, payment and shipping information for every order can be laborious and it is time that you simply cannot afford.
The immediate financial loss resulting from downtime is only around 1/5th of the overall loss according to estimates. The loss of trust in a potential buyer in returning to your site will continue to harm your revenues even after your site is up and running. This dip in trust, and orders; as part of the after-effect of downtime is said to account for the remaining 4/5th of the loss resulting from downtime.
Regular Real-time Backups Don’t Do the Trick for WooCommerce Sites
To be up and running as quickly as possible without losing data is the goal. To completely backup your WooCommerce site, it is obvious that your backup solution will need to backup both standard tables and WooCommerce custom tables in real-time.
Regular real-time backup solutions; however, do not backup custom tables installed by the WooCommerce plugin. This is a big problem because all the orders and payments are stored on the custom tables installed by the WooCommerce plugin. This renders regular real-time backups completely ineffective for WooCommerce sites.
Ask About the Method of Making Real-time Backups
Even if you find a real-time backup solution which backs up standard tables and WooCommerce custom tables; like BlogVault does, the method of making backups may impact the performance of your website and the efficacy of your backups. Broadly, there are two models of making real-time backups– the push model and the pull model.
First let us take a look at the push model…
Push Model of Making Real-time Backups
With the push model, your site ‘pings’ the backup server that an ‘event’ has occurred. The backup server then checks for what changes have occurred and then saves them to the backup server.
You can see that the push model requires constant communication between your site and the backup server. Although this seems like a good idea, chances are that the performance of the WordPress site may be suffering.
Along with your site performance your backup speed may also suffer. If servers are overloaded, then there may be delays in performing backups; or worse backups may not happen at all. Such delays mean that the push model may not always offer ‘real-time’ backups after all.
The alternative is the pull model of real-time backups; and this where BlogVault comes into the picture.
Intelligent Real-time Backups by BlogVault
BlogVault’s real-time backup follows the pull model; and focuses on being comprehensive and efficient. Changes to your WordPress site are immediately tracked and saved on the site itself. The BlogVault (BV) servers checks for changes every 5 mins. and ‘pulls’ those changes to BV servers. Once the changes are securely saved to BV’s servers, then the next set of changes on the site are tracked and saved.
The pull model ensures that all the changes are saved without making excessive demands on your site’s server resources. The backup process doesn’t affect your site performance.
BlogVault Backs Up WooCommerce Tables As Well
Apart from utilizing the resource-efficient pull model for real-time backups, BlogVault backs up custom WooCommerce tables as well. This ensures that none of the data related to your orders is lost upon restoring your site.
If your backup solution does not automatically backup WooCommerce tables as well then it is not a viable option for e-commerce sites.
You Can’t Afford Not to Have Real-time Backups
Real-time backups are a real need for WooCommerce sites. While calculating the cost of downtime it is also important to understand the cost of not having an efficient solution for WooCommerce backups.
Cloud WordPress backups are good when they are independent. They might not be if you’re using your personal cloud storage accounts(for example on Dropbox, Drive or Amazon S3). Read on to know how and why you shouldn’t do it.
We know that following best practices to make WordPress backups means that your backups should not be dependent on your website/server/web host. This means that you must be able access and use your backups without having to access your WordPress site/server/web host. These kind of backups are known as independent backups and are according to best practices of performing WordPress backups. However, it is easy to think that off-site backups are the same as independent backups. They are not. This is because off-site WordPress backups are not necessarily independent. This is has to do with how WordPress plugins upload backups to your accounts.
Plugins which upload your WordPress backups to your Amazon S3, Drive, or Dropbox accounts usually store a copy of your account’s API key on your site. This is what allows those plugins to interact with your accounts, and upload backups. This is part of the setup procedure for many (if not all) backup plugins.
While making automatic uploads to an off-site location is a convenient option, doing so by storing API keys may not be the safest option for you. The simple reason for this is that it is the same as leaving the keys to your bank vault in your living room. The whole point of a vault is to secure whatever you store in there from being burgled. If you leave the keys to the vault, then you have granted access. Backups are also like your most precious possessions. They are what you depend on in your hour of need; hence they must be completely independent of your site.
Continuing from the previous point, if you are using a security key from your Amazon S3 account in multiple locations then your backups may be in trouble even if your site is safe. Even if one of the sites using that particular security key is hacked then the hacker has access to all the contents on that account.
This is why BlogVault does not ask users for personal accounts but automatically stores multiple copies of backups in different destinations. All these copies are also encrypted; providing your data and additional layer of security. You can access them independent of your web host or WordPress site via your BlogVault dashboard.
Limited Storage Space
One of the major attractions of using these storage services as destinations for your WordPress backups is that they offer free storage space. However, if you make backups daily (as you should), and you have large site, then this may not be enough.
This is even more true if you are using the account for reasons other than backups or you are backing up multiple WordPress sites with the same account. Pretty soon you may find yourself paying extra for storage space. So, the economic benefits of not paying for storage may not stand for long; and these economic benefits are anyway diminished when compared to security concerns.
Cloud WordPress Backups in Personal Accounts May Equal Personal Data
In case of a hack, losing your backups and your business or blog data may be bad enough but that will certainly not be the end of it. The risk of using a personal storage account is simply too great when you consider that other information you store on the account which may be of a personal nature can also be at risk.
Restoring WordPress Backups
All backups have one purpose; restores– to recreate your site using your WordPress backup. Firstly you must have backups to use. Secondly, those backups must be functional and easy to restore. When you are using your personal accounts configured with the backup plugin on your site, both cannot be taken for granted.
The first point has been addressed in the very beginning of this list. As for the second point, even though you may have backup files, if they are altered in any way or are not secure, then using those backups to restore your WordPress site will do more harm than good to your business. BlogVault allows you to Test Restore your backups with a single-click. This way you will not be in doubt.
Even if the files are functional, backups are often uploaded in .zip folders. You may have to spend a considerable amount of time finding the right backup version to restore your site and then upload then .zip folder to your plugin to restore your site. However, this is not possible when your entire site is down because your backup plugin was on your site too. This is why you must be able to access and restore/migrate your backups completely independent of your WordPress site.
On the other hand if you manage to get your site running, then there still may be issues. Restoring a large site takes time and server resources. For this reason, they are, many times cut off. This makes full restores of large sites nearly impossible on some accounts; especially on shared hosting.
Cloud WordPress Backups Must Be Independent
If you have not checked your backups because your WordPress site is working fine at the moment, then you may be left with an unwanted surprise when your website goes down in the future.
Reaching for your spare tire, only to find out that it is not working; or worse, that it is missing altogether is unacceptable. WordPress backups are a little more complicated than changing car tires and just like your car tires, there is a lot riding on them too. Your lifetime’s work or the hard-earned reputation of your business is at stake.
The number of WordPress (WP) backup plugins that are available in the market today must make it seem that problems regarding backups are a thing of the past. But, as we said, backups are complicated. A lot can go wrong when you are using stand-alone plugins (meaning ones that operate on the Software-as-a-Product model).
Many articles refer to how the SaaS model economically benefits the end user, however, there are many use-case benefits too. In this article we’ll look at some common issues with stand-alone WP backup plugins, and how a managed WP backup service is a better option.
Why Your WordPress Backups Will Fail With the SaaP Model
Installing the plugin is the beginning. Once installed, a stand-alone WordPress backup plugin must be configured. Very often people underestimate how backup plugins may become relatively labor-intensive and accrue more expenditure over time. These may come in different forms including add-ons and premium account features that may be essential to your business.
Some problems you may run into when you’re using a stand-alone WP backup plugin include:
Getting Started: Once a plugin is installed, a remote backup destination must be selected. You can select services like your Google Drive account, Dropbox, or Amazon S3 servers. After this, you must input the login credentials of those accounts.
Add-ons: To get the desired setup for your backups, your plugin may require that you buy an add-on. Add-ons can soon build up to become a considerable list. While calculating the cost of a plugin, add-ons must be accounted for, in order to get a fair estimate.
Saving backups in more than one destination may need an add-on, and extra charges may be applied.
Other features like encrypted backups of your website’s database may not be available unless you pay more for add-ons or upgrade to premium accounts. This means your backups are not really secure even after investing all this time, energy and money.
Tracking: Ensuring that backups are happening is important so that you know exactly what resources you have to draw upon in your hour of need.
If you’re storing backups on your Amazon S3 account, it needs to be configured to send you notifications when backups occur or when changes are made to files (these are called ‘event’ notifications).
Otherwise, you may have to pay more to your plugin company for email notifications. An alternative option is to login to WP website dashboard each time.
Key to Your Backups: While backing up your website to your Dropbox account or your own Amazon S3 account, most plugins store a copy of the API key/S3 access key on your WordPress site. The key is how the WordPress backup plugin on your site accesses the backup destination. This may not be in keeping with best practices of performing WordPress backups. In such cases, a hacker who has access to your site, may also have access to your backups via the security key.
Know-how: Managing your own Amazon S3 account requires you to know how the account stores your information (buckets, objects) and other points like access control, and versioning so that you can make sure that your data is secure.
When You Need to Restore: Apart from all these points, when you need to use your backups to restore your site, you’ll need to unzip the folders and manually restore the files correctly. This may not be the best option for everyone.
Storage Options: The plugin company may provide storage space. This option, like in the case of Amazon S3 servers, is an extra charge over the plugin that you must bear. It is a recurring cost to you, which must be paid periodically (monthly/quarterly).
Like we mentioned backups are complicated. If for any reason backups stop happening or problem occurs, then it is important that you’re notified immediately. For example, an error in the plugin has stopped it from backing up your site without notifying you. Otherwise if you have exceeded the storage limit of your backup destination then backups may stop occurring. Regardless of the scenario immediate notifications are very important.
The burden of solving all of these issues; on top of running your business/blog, fall on you, when you purchase a software product.
Regardless of the cause, the net result is that you’re stranded on the freeway, with no (usable) spare and your tire is a software product. This means, it’s likely that you may not have anyone to call for ‘tech support’. This is not a scenario you want to be caught in when you look for your backups.
Now consider that an expert is looking after your tires, maintaining the air pressure, checking the rims and upgrading the tire as the weather and the terrain changes; along with making sure that it is in the boot of your car. This would simplify and enhance your business, wouldn’t it?
How to Ensure That Your WordPress Backup Always Works
And, how can the SaaS model solve the issues mentioned above, for you?
When you get a subscription to a software, you are getting a service. A team of experts are managing and maintaining the software and the hardware. They are responsible for granting you access.
Let us clarify, SaaS doesn’t mean that there is no need to download and install a plugin. As in the case of BlogVault, the plugin can be very light as all the complexity sits on the provider’s server, where the heavy-lifting is done. For the user this means:
Zero-configuration: Install the plugin and it begins its work. You are ready to use BlogVault from the moment your subscription is active. The backup process starts automatically when you first login.
(This is the main reason this list is relatively short. Remember the long list of configuration issues with standalone backup plugins? Web-hosted software means, all of that responsibility for the managing the plugin and off-site storage is off your hands. Everything is covered for in the subscription.)
Lesser load on the site, better performance– Site performance and page load times are crucial to delivering good user experience cannot be overstated, as even marginal differences show measurable changes in results.
Rapid Updates: Updates happen mostly on the service provider’s server, reducing the frequency of updates required on your site.
Backups are safe even when your site is compromised: Backups; because they are completely independent of your website, are accessible even when your website is down. You don’t need to get your site running to access your backups.
Incremental Backups: This means large sites are also completely backed up without hassle. Backing up only the changes means faster and more efficient backups.
Expert Tech Support: A team of experts maintain the software and the hardware. You can not only count on tech support, but know that the team can be highly responsive as they are maintaining the backups themselves. This can help at times of Test Restore, Auto Restore and Migrations. For more on these features you can check out BlogVault.
Now you know the differences between SaaP and SaaS models in the context of WordPress Backup. Make an informed choice that gives you the most scope for developing your business, without adding to your task list or financial burden.
Testing WordPress backups is simply a necessary part of a good backup solution. However, testing multiple backup versions can be a technical and cumbersome. (Find out) How to best test WordPress backups?
The Problem: How Do You Know If Your Backups Work?
One of the most important tenets of a backup solution is the ability to test the backups. Backups serve one main purpose– restores. When your site goes down, the worst that can happen is that, at the time of restoring your site you find out that the backup is not proper.
The one way to avoid that problem is to regularly test your backups and to definitely test your backups before you restore them. The one reason why many may not venture to do it is simply because testing backups is not always easy.
Backups Can Go Wrong: Testing Backups is Important
Testing backups, however, is a very important part of having a robust backup solution. This is because, a number of things can and do go wrong with backups; and the consequence is that you cannot restore your site quickly and efficiently. What is the point of having a defunct spare tire when the tire on your car gets punctured?
Running out of storage space, leaving out necessary or important files are only some of the things which can affect your backups and eventually your site. When you use a backup solution; like a WordPress backup plugin, or the backups provided by your hosting service, you never really know if the backup contains all the files or even if the backups have happened correctly. You may say that you are getting notifications but that does is not the same as verifying that backups are occurring properly. Even when you download a backup it is generally in a .zip folder. How can you be sure that the .zip folder will function correctly once the backup is restored?
Restore Only After Testing WordPress Backups
Trust is a big aspect of online business. A survey says that 88% of respondents don’t trust sites that crash often; and only 12% of respondent will wait an additional 5 secs for your site to load. This means your restore must be quick and you should also be sure that your site will function correctly.
A WordPress site functions on a mixture of plugins and themes; together they form a precariously balanced ecosystem– your WordPress site. Many times, when something on your WordPress site is not functioning correctly it may not be a direct result of an update or a newly installed plugin. If it is so, then it is easy to pinpoint the problem. However, it is rarely that simple. Sometimes, the problem surfaces after a few days or even after a couple of weeks. Chances are that you have done a few changes to your site in that time.
Let us say that you have
Updated some plugins
Installed a new theme
Installed 2 new plugins
These changes are all spread over different versions over the last month. The challenge is to pinpoint the change which caused the issue. You can’t set up a separate environment to test all of the versions. It is simply not feasible. On the other hand if you restore without testing the probable backup versions you will end with the same problems as before.
The Challenge: Testing Backups is Technical & Laborious
To test backups you need an environment to which you can upload the backup and test it. This means you will need to:
Create a testing environment
Set up a new URL
Restore the backup to that environment
All of this is laborious and technical work. Engaging in this activity along with your everyday business is cumbersome. Even if you go through all the trouble and test your latest backup version. If that is not working as properly then you have to go down the list testing each version. This means you may not test your backups; or at least not test all the backup versions of your website. It is important to test all the backup versions because you never know which one you’ll need at the time of restoring your site. The more difficult a task gets the less we seem to engage in doing it.
Even if you’re willing to take on the task, there is one more point to consider. Once the testing is done you’ll need to find a way to get rid of this environment. Otherwise maintaining it will become another chore on your task list. This is not ideal.
The One-Click Solution
A backup solution must make it easy for you to test your backups instead of creating additional hassles. A solution which allows you to test backups must make it feasible to test multiple versions; and this is the marker of a good testing environment.
BlogVault offers the Test Restore functionality, an option to test any and all of your backups versions with a single click. An exact, fully functioning copy of the site is generated from the chosen backup version, and loaded to BlogVault’s test servers.
BlogVault maintains at least 30 versions of your WordPress site’s backup. You can choose any of those versions to ‘Test Restore’. Once the backup version is chosen it is loaded to Blogvault’s test servers.
In this environment you can not only test how your backup will work once it is restored but also test what happens if you make changes. After the backup is uploaded to BlogVault’s test servers, you’ll also receive the SFTP credentials to the ‘test site’. This way you can also test any updates or changes you want to make to that particular backup version. It is completely independent of your live site, and fully functioning. In other words, ideal testing conditions for your backups.
BlogVault’s Test Restore functionality is a pain-free solution.
Streamline Testing with Backup Descriptions
If you are using the BlogVault service then you can track the changes easily. Each backup version has a description. This allows you to know not only the date and time of the backup, but also what has changed in the site since the last backup. These changes may include
Number of files
Number of tables
Updates to plugins, themes, WP Core
New plugins or themes installed, etc.
You can possibly narrow down the backup versions to be tested. Once the shortlist is ready, you can then test them all; as mentioned, with a single click.
Daily backups offer a balance between minimizing data loss & minimizing load on server/site. Is it, however, the most optimum WordPress backup frequency for your WordPress site? Here’s what you need to know about the different methods; and the pros and cons of each of them.
Daily WordPress Backups
Who is it for?
Daily backups are a good option for sites which make numerous changes in a month. These may be blogs that predominantly have content additions everyday, or news/magazine sites which have scheduled daily updates.
Even if daily changes are not made to your site, daily backups may be worth considering. WordPress sites depend on plugins, and themes. As you well know updates to plugins and themes, along with updates to WordPress Core are very important for the sake of your site’s security, and functionality.
Updates are not released at the same time and different plugins and themes have to be updated regularly. While these updates are important, they are part of a complex mix of softwares that together form your WordPress site. If you make an update and the site crashes then it is easy to pinpoint the problem. Often this is not the case. Problems only surface days; maybe weeks after a handful of changes are made. In such cases identifying the issue is a laborious matter.
Performing daily backups ensures that such updates are also saved. You can then restore your site with minimal or no data loss, and figure out any issue affecting your website, later. When you restore your site, fewer of those updates have to be made to harden your site’s security. Otherwise, without those updates, even if you restore your site it may have many vulnerabilities putting you at constant risk.
Advantages of Daily Backups
Good backup solutions optimize between resources consumed and efficiency. Daily backups bring the following advantages:
Reduces data loss
Provides the option of multiple backup versions to test and restore
Requires least tinkering once restored – updates made to plugins and themes can be retained.
Methods for Making Daily Backups
You can make daily backups in a few different ways. While all the methods used to make daily backups will offer the above mentioned advantages, each method also brings its own challenges. Let us explore them one by one.
Making manual backups of your WordPress site is an additional, laborious job to add to your everyday business task list. Remembering to make backups or taking out the time for it may not always be possible.
Securely storing backups is another issue that you are solely responsible for while making manual backups. HDDs or external HDDs or USB drives have been known to fail. Local storage devices, and the data stored in them can also become infected with malware.
Testing backups before restoring/migrating them can become a challenge when you are making manual backups and storing them locally.
Web Hosting Service
While many web hosting services offer backups and it is a seemingly convenient option, it is important to note that not all hosting services offer daily backups. Most of the time, premium web hosts like Flywheel, and WP Engine that do offer daily backups come at a premium price. Sometimes web hosts offer other backups solutions as add-ons and these come with additional costs.
A premium price tag may not be the only drawback when you choose your hosting service as your WordPress backup service. Backups with web hosts don’t have backup descriptions, which makes identifying and restoring the right version a very tedious process. Also, if your backups are stored by your web hosts then they might not be completely independent of your site. It means that your backups may be exposed to all the risks to which your site is exposed. For example, if your hosting service is hacked or the infrastructure is affected by a natural disaster, then chances are that along with your website, your backups are also lost. This is not an ideal way to store backups.
WordPress Backup Plugin
Some backup plugins are free and allow you to schedule your WordPress backups. While these plugins will help you perform daily backups, storage may be an added issue for you to consider. This is because not all plugins offer independent storage options. You can link your cloud storage account (for example, your Dropbox account) to these plugins. Doing so, however, usually means that the plugins store an API key of these accounts on your WordPress site. API keys are how the backup plugins communicate with your backup destination. However, it exposes backups to similar risks as your site. This may allow for your backups to be compromised when your site is hacked.
Backup plugins have to be installed on your site. If you lose access to your site for some reason then using the plugin to restore your site is not possible.
Tip: If you decide to use a WordPress backup plugin it may become important for you to track your WordPress site’s traffic. Backups can be resource intensive and making a backup when most visitors come to your site might slow the site and spoil the user experience.
WordPress Backup Service
A WordPress backup service offers a more complete backups solution. Backup services perform incremental backups and automatically upload backups to completely independent storage.
Incremental backups mean that only those parts of the site which have changed since the last backup are stored. This means that you do not have to worry about large sites not getting backed up, or about forgetting to perform backups.
Backup storage comes as part of the service and you do not have risk using your personal accounts. Backup services also offer simplified processes for restoring and migrating your site. BlogVault offers you a one-click, test restore option which allows you test your sites on an automatically generated staging environment, before restoring them.
Choosing a WordPress backup frequency and solution for your site depends on a few factors– budget, frequency of changes to the site, time available, and the size of the site. There is a case to be made for daily backups as the most optimum frequency for most sites, barring sites with a high frequency of changes like e-commerce or news sites, (which might need solutions providing real-time backups instead). Knowing the advantages and challenges with making daily backups can help you make an informed decision.
Frequent WordPress backups can minimize data loss and thereby greatly help your business. However, they can be resource-intensive and affect your WordPress site performance, if not done right.
Frequent backups present some obvious advantages which are particularly important for WordPress (WP) sites. Content creation takes some planning, effort and resources. Losing such content may become a major setback for your website. Daily backups minimize data loss in such cases.
WordPress sites are dependent on many third party plugins and themes. WordPress site owners are always running the risk of installing software that is not compatible with other plugins or themes on the site or installing those which may have some vulnerabilities. The risk of losing data from frequent updates and third-party software vulnerabilities is mitigated to a degree by having up-to-date backups.
Advantages of Frequent Backups
Minimize data loss
Retain updates & functionalities on WP sites
What are Frequent Backup Options?
Of course real-time backups is the best solution to achieve the goals stated above. Hourly/Daily backups may be the most frequent options apart from that.
Challenges with Frequent Backups
Higher frequency of performing backups brings its own complications. Backing up sites not only makes demands on your server resources but also brings up the issue of secure storage of the backups made. To add to the list of issues to consider, tracking whether backups have happened correctly and what has been backed up is not always easy.
Backups are Complicated
We have been in the business of premium WordPress backup service for over five years now. A number of things can, and do go wrong with backups. Sometimes when someone opts to backup their site manually, it is as simple as forgetting to perform frequent backups.
Often, WordPress site owners don’t know if backups are happening according to plan. Sometimes not all files are backed up.
In cases where site owners may have backups, restoring sites may not be easy. At other times, site owners who are relying on backups by web hosting services may not be fully aware of backup & storage policies. As a result, there have been times when WordPress site owners find out that there may not be any backups when they need it the most.
Increased load on your server resources could lead to an increased site load time or pages crashing. Otherwise, the user experience of visitors to your site may be spoiled because certain elements in the site may not function as intended.
Large Sites Offer Their Own Problems
Backing up larger sites takes more time & more resources. In such cases it is possible that certain sites may not get backed up at all. This is because hosting services; especially on shared hosting, have policies about the time, and the server-resources that a particular task can take. In such cases although you may have employed a backup solution, your site may have not been backed up at all, or may have been backed up incompletely. In both cases, restoring the site is not possible.
Storage Space & Security
Frequent backups lead to multiple copies. Storing these copies securely can be a challenge. Storing backups on your own Dropbox accounts or local storage devices like your PC’s hard drive (HDD) or USB drive is not recommended.
Backups stored locally can become infected with malware as you are constantly browsing and downloading files. Also, HDDS or USB drives have been known to crash. This doesn’t even account for the risks associated with accidents and natural disasters.
Storage may drive up the cost of storing backups as you may have to invest in independent storage solutions.
In all the above cases the real risk is that eventually when you need to restore your site you may not have backups, have incomplete or infected backup files. This is not the optimal scenario for your business. Probably a good way to evaluate a backup solution is to list some scenarios in which you would need to rely on backups, and see if the backup solution in question will give you access to backups and allow you to restore your WordPress site.
The Answer?: Backup Service as a Solution
A WordPress backup service like BlogVault will not only take care of storage space and security but make incremental backups. This intelligent approach ensures that even large sites on shared hosting can be completely backed up. Apart from this backups services may also eliminate cache and log files from backups, thereby reducing problems at the time of restores. All of this is done automatically, thereby eliminating the human errors so that you can go about your business without worry.
With a WordPress backup service restoring your site is always the goal. When the time comes you will have multiple backups versions; securely stored, from which you can choose. You can also automatically restore your site with a single-click. Of, course a backup service comes with a more premium price tag but with the price you’ll have backups with best practices at your disposal.
Over the past few months, we’ve been working on a number of changes at BlogVault. Not only do we have an improved UI, we’ve also got a bunch of new features that are bound to make managing your WordPress site a lot easier, and secure.
BlogVault has got a new dashboard that is better in every way, from allowing users to access our features for intuitively, to providing more than just backups.
Let’s take a look at a few of the changes, shall we?
Your BlogVault dashboard now has two major areas:
Each area has specific functions, and together provide:
Ease of Use
BlogVault’s new site listing feature helps you see all the sites you’ve added to your BlogVault dashboard. From this part of the dashboard, you can filter sites based on their status:
‘Active’ sites are those that have the BlogVault plugin installed on them, and use the plugin regularly.
‘No Plugin’ sites are those added to your dashboard but haven’t got the BlogVault plugin installed. (This could also be because of a problem during installation.)
Sites that are ‘Unreachable’ are those that have the plugin installed, but our servers are unable to reach, due to a connectivity error, or probably due to firewall or network settings.
‘Hacked’ sites are those that the BlogVault plugin has detected malicious files on.
We built in this categorization of sites to help you see exactly what’s going on with your sites at a glance. Moreover, the Site Listing page also allows you to find a particular site, based on tags that they might have (more on this later).
Easier Account Control
With our revamp, we’ve also changed your account and billing settings so they’re easier for you to manage.
Everything related to your BlogVault account is easily accessible, and easily changeable too from the ‘My Account’ drop-down. You can change anything about your account, from your email address to the BlogVault subscription plan you’re on.
Optimized for Teams
This brings us to our other new addition: the option to add team members to your BlogVault account. Our new Account settings allows you to manage a team that can handle every aspect of backup, management and security of the sites linked to the BlogVault account.
New, Improved Features
BlogVault now comes as a comprehensive package that allows our customers to backup, manage and secure their websites in every way. All you have to do, is to click on any one active site from your Site Listing page.
As you can see, we offer you WordPress backups, but also management and security settings that help you manage and secure your WordPress site. While the old UI allowed you to see all the features on the right in a sidebar, we’ve revamped BlogVault to let you to see it all under each option (Backup/Management/Security).
Our backup features have always been functional enough to rely on completely, but with our new UI, they’re more accessible, and easier to use.
The History tab has been given a full revamp, and allows you to see the last 30 backups made of your site more clearly. You can see exactly what happened with each backup, and add notes more easily as well.
Again, as you can see, you can select any backup version you have and choose to migrate, test restore, or automatically restore from it. You can also upload any version to Dropbox, or add a notes to help you differentiate versions.
Download Backup / Upload Backup
Both ‘Download Backup’ and ‘Upload to Dropbox’ options are very different functions, but have a single form, that requires the following:
The backup version you would like to download (or upload from)
Your site’s database credentials
Your hosting server’s credentials (which come under Advanced Options, along with the next option)
A choice of whether you’d like to store either tables and files, only tables, or only files from your WordPress site
There is also a section that requires your HTTP Authentication credentials, which are your WordPress site’s credentials.
The ‘Migrate’ option allows you to easily move all your site’s content and functionality to a different domain name or a different hosting service. All you require for this option, are the FTP credentials of the new site/domain/hosting service you’d like to move to.
Perfect for when your site suddenly goes down, the ‘Auto Restore’ backup option has the same form to fill up, except that it requires the FTP credentials of the site you’d like to restore (which is your current site).
As you can see from the previous screenshot, we’ve also got a handy FAQ section on the right for all migration and auto restore- related FTP questions, so you have all the answers at your fingertips.
This option creates a test-environment (a replica), based on the latest backup version of your site, complete with the links, videos, images, and everything else on your site. You can click on these links, and they’ll work like they would on your site. Once BlogVault is done creating this test-version of your site, we mail you the link you can access it on, along with its FTP details, so you can experiment and see if you want to make any changes to your site.
If you’d like to make a Test-Restore of a different backup version of your site, you’ll have to go to the History tab, select the desired backup version, and then restore from it.
BlogVault automatically backups your WordPress site every 24 hours, but if the backup schedule is just too far away (such as when you want to make an instrumental change but want to make a backup just before), this option comes in handy.
The Backup Now option also shows up on the Management and Security functionalities (just look for the following icon):
This allows you to backup your site before making any changes to it.
From allowing you to manage your WordPress site’s users to helping you update the plugins and themes on your site, the Management feature allows you to manage your WordPress site to be secure against threats.
You can manage all the plugins and themes installed on your WordPress site from this option. This means you can see the version you have of each, as well as whether to update specific add-ons, or all of them.
With the ‘Manage Users’ option, you can remotely delete, or change the role or password of those who have access to the site, without having to log in to your WordPress site’s dashboard.
We also have a Security feature that allows you to harden your site and clean your site of malware. The Security feature helps you harden your WordPress site, as well as to clean malware and hacked files with a single click. Moreover, since our scanner is built to be accurate and intelligent, it detects the most complex hacks, without raising false alarms, or alerting you of ‘possible hacks’.
The BlogVault dashboard now features hardening settings under the ‘Secure Site’ feature. These are settings recommended by WordPress, that help make your site more secure against hacks. We’ve categorised these settings into two sections: Basic, and Advanced.
Here is a look at some of the basic security fixes:
The advanced security fixes require some caution though– even if they can’t break your site, you won’t be able to install new plugins or themes on your site if you have them enabled.
The convenient thing about these settings though, is that to enable (or disable) these settings, you have to only select the ones you’d like to enforce or remove, enter your WordPress site’s FTP credentials, and select the folder that your WordPress site is installed from.
This option only appears when you have a hack on your WordPress site. It identifies the hacked file for you and pinpoints it, so you can look specifically at that one file, if you want to. If you’d rather just clean out the hack with a single click, you can do so by clicking on the ‘Auto Clean’ button.
Another feature that only appears when you have a hack, the Auto Clean function helps you remove malicious code on your site with a single click. Since we’ve built our cleaner to even identify complex hacks, you can choose to remove them immediately, without technical assistance.
Once you click on the Auto Clean function, you are taken to the form asking for your WordPress site’s FTP details.
Once you enter your WordPress site’s FTP details, your site will be cleaned.
One of the most revolutionary additions to our dashboard, the ‘Scan Now’ feature allows you to scan your site for hacks at any given point of time. Our malware scanner looks for hacks based on the actions the code performs, rather than signatures, or keywords. So no more backdoors, or recurring hacks. Before scanning your site, we run a backup so you always have the latest version of your site to fall back on.
We’ve tried to make the new dashboard as functional as possible. One of the steps we’ve taken in this direction, is the addition of ‘Quick Links’ that help you download backups, migrate backups to a new location, or restore it with a click. This section also has ‘Resources’, which help give you a quick snapshot of everything you need to know about your WordPress site. Perfect for emergencies, the icons for these functions, and the information related to your site, are right under your site’s thumbnail, on the Site Details page.
Since these features are in-built into BlogVault’s dashboard, we backup your site automatically before making any changes to your WordPress site. This makes it a comprehensive solution to help you manage your site in the most secure way possible. BlogVault has always been focused on giving our customers the best experience, in the most reliable, sensible way, and we hope you’ll find our new makeover to be as practical as we intended it to be.
Frequent WordPress backups contribute greatly towards efficient your WordPress restores. The battle is between resource consuming hourly backups and infrequent backups which increase the risk of data loss. Do you know what is the right answer?
The frequency of WordPress backups is a much-discussed topic. At BlogVault we believe that ideally, WordPress sites must be backed up at least once a day. This is a logical idea when you consider that all backups are meant for recovering your site. This means you want to minimize data loss, when you restore your WordPress site.
Daily backups, however, is not a ‘golden frequency’. Different types of sites require backups to be made at different frequencies. Daily backups strike a balance between minimizing data loss and not consuming too many resources of your WordPress site’s servers. Backing up more frequently, however; especially when done inefficiently, may affect your site’s performance. On the other hand, backing up infrequently, like on a weekly/monthly backup schedule may mean that you lose substantial amount of data.
WordPress Backup Frequency
Why Make Daily Backups?
We mentioned that daily backups ensure that updates to all the posts and pages of your site are saved. WordPress users who manage smaller sites may feel that daily backups are not as important. This may be because the website is not updated with new content. However, we have to remember that WordPress sites are run on plugins and themes which are updated often. Older backups will not contain these updates and restoring them is not very efficient. This can also cause security concerns as plugin and theme updates include security updates too.
Restoring from Older WordPress Backups
If older backups are restored, then you may have to go back and update all the plugins, themes and may be even WordPress core. This may not be feasible in case you own multiple sites or have many plugins and and themes on your site.
Also, backups bring up compatibility issues. In case you restore older backups, then you can only test these issues after the site has been restored and the updates are made. However, the more recent the backup, the easier it is to test for functionality. Of course, with a WordPress backup service like BlogVault you can test your backups with a single click.
What Type of WordPress Site Do You Have?
E-commerce sites & Popular Blogs
While daily backups are a great option, for e-commerce and popular blogs it still may not be enough. For e-commerce sites, it is crucial to track transactions, data on pending orders, and the delivery status of orders with utmost immediacy. For popular blogs, comments and content can be generated very regularly; and this includes news sites. In such cases, real-time backups is the answer.
Real-time Backups for WordPress Sites
Backups in real-time are meant to save every change as soon as the changes are made, (or at least as quickly as possible). The concern with this is of course the effect on WordPress site-performance. However, when done right, real-time WordPress backups can be a comprehensive solution.
Real-time backup solutions for WordPress sites track changes and backup only those changes to the site as quickly as possible. Since only the changes are backed up, even large sites with frequent updates and changes can be completely backed up without affecting site performance. However, there are different methods to achieve this result and results vary depending on how effectively your backup plugin does the job.
Frequency is Key to Having Secure WordPress Backups
If backups do not allow you to make efficient restores then the point has been missed. Making daily or real-time backups are key to having functional backups which are ready for restores. A WordPress backup service, can allow you to not only automate the frequency of your backups; but also ensure that your backups follow other best practices of WordPress backups as well.
Making WordPress backups with your WordPress hosting service seems like a convenient option. Here’s what you should know about backing up with your web host(s) and why you shouldn’t do it.
Making WordPress backups with your web host may be an option you are considering or are currently following. The idea is instantly attractive as your web host also backs up your WordPress site(s).
However, have you considered why web hosts also provide backups? It is because backups are a basic necessity for most modern day WordPress sites.
Hosting a WordPress site– the act of choosing a host and a plan, may be simple, but maintaining a site and ensuring uptime and quality user experience for visitors to your WordPress site is more difficult. Many things can go wrong with your WordPress site.
WordPress users know that everything from simple updates to hacking may crash your site or cause serious functionality issues. Having a backup can allow you to sort out the issues offline while your users continue to have a good experience and your reputation remains intact.
Running through the characteristics of the ideal WordPress backup solution is a good way to go when you have to evaluate any backup provider. Remember, backups are not for namesakes, you’ll need them at some point. This is true regardless of whether they are made by your web hosting service or not. Which is why backups must held to high standards in all cases.
In this case, let us look at a short checklist of the qualities to look for in a good backup solution:
And, of course, it all comes down to
This should help you evaluate your backups for functionality, security and use-value.
Caveats in WordPress Backups by Web Hosts
While not all web hosts provide WordPress backups, many do. However, even with the ones that do offer backups, there are many caveats attached to the service. The quality of your WordPress backups truly depend on their practices and policies. Let us look at them point by point.
Availability of Backups
Some web hosts may offer backups to their basic accounts for an extra fee. However, backups may be included as part of the subscription plan for more advanced plans. SiteGround is a good example. They offers backup services for extra cost the subscribers of their most basic plan– StartUp, but more advanced plans have it included in the service..
When it comes to automatic WordPress backups you also need to be aware of your web host’s policies regarding website size limits. For example, HostGator will backup your WordPress site automatically, if it is less than 10 GB. If not, then automatic backups will not happen. You can only manually backup your site via cPanel. The onus then, is on you to make, download, organize, and maintain backups. In such cases your backup solution needs to be revisited, because ideally backups must not be an additional responsibility, but must happen automatically.
Coverage: What is backed up?
Is your entire site being backed up? A WordPress site consists of files and database. An ideal database must make backups of it all but also give you access to it. This is not a given with all WordPress hosting service. Ask your web host about which parts of the site is backed up beforehand so that you may be prepared with manual backups or other measures when you need them for restores.
Frequency of Backups
There really cannot be a golden rule for how frequently you should make backups of your WordPress site. However the general guideline is— frequency of backups = frequency of changes to site. Backups must be done once a day. This will ensure that changes are recorded, and loss of data is minimized in case of a restore. This too is not an ironclad rule. e-Commerce sites may need to backed up more frequently (real-time backups).
Web hosts making WordPress backups may not make backups daily. For example, HostGator makes backups but stores only one copy and overwrites it each time another backup is made; which is only done weekly. This may result in loss of changes and updates.
On the other hand, WP Engine and FlyWheel make daily backups and maintain multiple versions of WordPress backups, but this upgrade in the quality/quantity of backups is also reflected in the price.
Access to WordPress Backups
This may seem like a straightforward point but it is not. For example, you can make and access backups with the Create Backup & Backup Wizard tool in cPanel when you have HostGator account. Even though SiteGround does not have a backup service for their most basic plan– StartUp, their site literature mentions that they maintain a backup of all the sites hosted with them. However, this is not accessible to users through the cPanel. In fact, this backup copy isn’t meant for users at all but for technical experts of SiteGround. You may request for this during emergencies, but you cannot be sure of how old this backup maybe. Of course, SiteGround offers Softaculous in its cPanel which can be used to make backups and can also be accessed via your SiteGround cPanel account.
Other web host like Flywheel and WP Engine allow you to access backups through their own dashboard.
Storage Backups – Backups are Not Independent
Storage of your WordPress backups is crucial to the security of your backups. The ultimate purpose of backups is restorations. If backups are not securely stored then you may not have them at all to restore your WordPress site in case of emergencies.
Your Web Host Is Not the Ideal Destination for Your WordPress backups
Backups are meant to be your safety net in case something goes wrong with your WordPress site; which can happen for many reasons. If your backups are stored by your web host on your site’s server, then your backups may not serve that purpose. The short version of the explanation for this point is that if your backups if they are stored on your server by your web host, then they are exposed to the same threats as your WordPress site.
Generally your backups may be stored on the same server or in a different location altogether, like an Amazon S3 account. In either of these cases your WordPress backups are not independent of your WordPress hosting service. This means that if you web host is affected for any reason then along with your website, your backups may also be lost.
Even WordPress Hosts Get Hacked
In case your site or server is hacked then you may make the case that your web host stores backups in a completely different location. However, consider a scenario where your web host has been hacked; and this has been known to happen in the past even to the most reputed of hosting services… In such a case, none of the data that belongs to your web host, regardless of location of the infrastructure, is safe.
Your WordPress backups must also be your disaster recovery plan. If your web host is affected by a natural disaster and your backups are on their servers, then your backups will be inaccessible.
Backups must be Independent
What this means is that you should be able to access your backups without depending on your web host. In such a case you can always restore your site using your backups no matter what the condition of your web host. This also allows you to easily migrate your site to a new hosting service too, without worrying about the quality of the backup. This is why completely independent backups are needed.
Restoring with WordPress Backups from ‘My’ Web Hosts
We can’t stress this enough— backups are about restores. Restoring a WordPress backup must allow for all the same features that you would demand of any other premium backup tool which is considered to be a good experience. The first step to this, is of course ensuring that you have backups from which to restore your website; but as we mentioned, backups with your web host are not independent so this is not a given.
Ways to Restore
cPanel / Tools
One of the way restores can be done, is by using the Backup Wizard tool in cPanel. Generally you cannot restore a Full site backup through the cPanel tools. For this you’ll need to contact your web host’s support. The other way is, if your web host uses a tool like Softaculous like SiteGround does, then you can use that to restore from your WordPress backups.
Web hosts like WP Engine and Flywheel allow for one-click restores. However, the one problem with this is that there are no descriptions. Although there are dates of when the backups were made, you cannot really track the changes to your site from the last backup.
Differential restores will not wipe the data on your site but only restore those files from your backup that are not already on your site. This way if the newer posts/files/updates are on your site then they will continue to do.
Most if not all web hosts, wipe the data on your website before restoring from a backup. There will always be a time difference between when a backup was made and when it was restored. This difference may lead to loss of data, since differential restores are not possible with web hosts’ offerings.
Granular control is important since it allows you to restore only a faulty database table or a specific part of your site’s content. In case you downloaded the full site backup, then it is upto you to find the specific table you want to restore. Apart from that downloading or uploading individual WordPress files may be hard, especially for new users because, all backups are .zip files.
Other web hosts like Flywheel and WP Engine, although they offer one-click restores, do not describe the backup versions or allow for restoring individual files or tables. If you want to do this you may have to download a backups version in .zip folder. Extract and choose the files and upload them via an FTP client.
This is obviously not suitable for every circumstance. If you can pinpoint the source of the issue–like a recent update you made to a plugin, you need to restore may that one particular file and not have to spend time restoring the whole site as this can take some time especially if you have a large site.
Backups must be tested before being restored to ensure that they are fully functional. You do not want to find out what may be wrong with your backups once you have restored it on the live site. You may use the staging environment provided by your web host for this. However, if you are a novice, or are not a developer, then this might be difficult for you.
You can check out BlogVault’s Test Restore feature which you can access with a single click from your BlogVault dashboard. This creates a fully functional copy of your site from the backup version you choose. This way you can navigate the copy just like you would your actual site, make sure everything is ticking correctly and then make the restore; all within a matter of minutes.
WordPress Backups by Web Hosts Bring Other Worries Too
We have covered how backups by web hosts are not independent. This is important because if you don’t have backups then there is nothing to talk about. However, apart from that glaring miss, there are other big and small worries to which you may have to pay attention.
With automatic backups by web hosts you can’t schedule backups or force backups. There are no backup descriptions (as offered by best-in-class premium WordPress backup plugins like BlogVault). This make organizing backups very difficult.
Also, tracking backups are difficult since you have to login to the cPanel every time to track automatic backups and even to make manual backups. cPanel itself can be a little cluttered and provide an overwhelming experience for new users. The tracking issue may become important to you if your web host has limits on your website size to make backups.
WordPress Backups by Web Hosts: The final word
If your backups are not independent, then they don’t fall under the category of ‘following best practices’. So, we cannot recommend this solution it thoroughly. Some web hosts may offer better backup options than others but these options will come at a cost to you. Now that you all the things to consider about backups by web hosts, choose wisely.
Blogvault was started by Akshat
Choudhary in 2007. Based out of
Bangalore, India, we are a complete
backup service with over 10,000
customers from across the world.