Daily backups offer a balance between minimizing data loss & minimizing load on server/site. Is it, however, the most optimum WordPress backup frequency for your WordPress site? Here’s what you need to know about the different methods; and the pros and cons of each of them.

 

Daily backups are the most practical backup frequency for a majority of WordPress sites that have scheduled updates every day.

 

Daily WordPress Backups

Who is it for?

Daily backups are a good option for sites which make numerous changes in a month. These may be blogs that predominantly have content additions everyday, or news/magazine sites which have scheduled daily updates.

Even if daily changes are not made to your site, daily backups may be worth considering. WordPress sites depend on plugins, and themes. As you well know updates to plugins and themes, along with updates to WordPress Core are very important for the sake of your site’s security, and functionality.

Updates are not released at the same time and different plugins and themes have to be updated regularly. While these updates are important, they are part of a complex mix of softwares that together form your WordPress site. If you make an update and the site crashes then it is easy to pinpoint the problem. Often this is not the case. Problems only surface days; maybe weeks after a handful of changes are made. In such cases identifying the issue is a laborious matter.

Performing daily backups ensures that such updates are also saved. You can then restore your site with minimal or no data loss, and figure out any issue affecting your website, later. When you restore your site, fewer of those updates have to be made to harden your site’s security. Otherwise, without those updates, even if you restore your site it may have many vulnerabilities putting you at constant risk.

 

Advantages of Daily Backups

Good backup solutions optimize between resources consumed and efficiency. Daily backups bring the following advantages:

  • Reduces data loss
  • Provides the option of multiple backup versions to test and restore
  • Requires least tinkering once restored – updates made to plugins and themes can be retained.

 

Methods for Making Daily Backups

You can make daily backups in a few different ways. While all the methods used to make daily backups will offer the above mentioned advantages, each method also brings its own challenges. Let us explore them one by one.

Manual Backups

Making manual backups of your WordPress site is an additional, laborious job to add to  your everyday business task list. Remembering to make backups or taking out the time for it may not always be possible.

Securely storing backups is another issue that you are solely responsible for while making manual backups. HDDs or external HDDs or USB drives have been known to fail. Local storage devices, and the data stored in them can also become infected with malware.

Testing backups before restoring/migrating them can become a challenge when you are making manual backups and storing them locally.

Web Hosting Service

While many web hosting services offer backups and it is a seemingly convenient option, it is important to note that not all hosting services offer daily backups. Most of the time, premium web hosts like Flywheel, and WP Engine that do offer daily backups come at a premium price. Sometimes web hosts offer other backups solutions as add-ons and these come with additional costs.

A premium price tag may not be the only drawback when you choose your hosting service as your WordPress backup service. Backups with web hosts don’t have backup descriptions, which makes identifying and restoring the right version a very tedious process. Also, if your backups are stored by your web hosts then they might not be completely independent of your site. It means that your backups may be exposed to all the risks to which your site is exposed. For example, if your hosting service is hacked or the infrastructure is affected by a natural disaster, then chances are that along with your website, your backups are also lost. This is not an ideal way to store backups.

WordPress Backup Plugin

Some backup plugins are free and allow you to schedule your WordPress backups. While these plugins will help you perform daily backups, storage may be an added issue for you to consider. This is because not all plugins offer independent storage options. You can link your cloud storage account (for example, your Dropbox account) to these plugins. Doing so, however, usually means that the plugins store an API key of these accounts on your WordPress site. API keys are how the backup plugins communicate with your backup destination. However, it exposes backups to similar risks as your site. This may allow for your backups to be compromised when your site is hacked.

Backup plugins have to be installed on your site. If you lose access to your site for some reason then using the plugin to restore your site is not possible.

Tip: If you decide to use a WordPress backup plugin it may become important for you to track your WordPress site’s traffic. Backups can be resource intensive and making a backup when most visitors come to your site might slow the site and spoil the user experience.

WordPress Backup Service

A WordPress backup service offers a more complete  backups solution. Backup services perform incremental backups and automatically upload backups to completely independent storage.

Incremental backups mean that only those parts of the site which have changed since the last backup are stored. This means that you do not have to worry about large sites not getting backed up, or about forgetting to perform backups.

Backup storage comes as part of the service and you do not have risk using your personal accounts. Backup services also offer simplified processes for restoring and migrating your site. BlogVault offers you a one-click, test restore option which allows you test your sites on an automatically generated staging environment, before restoring them.

 

Choosing a WordPress backup frequency and solution for your site depends on a few factors– budget, frequency of changes to the site, time available, and the size of the site. There is a case to be made for daily backups as the most optimum frequency for most sites, barring sites with a high frequency of changes like e-commerce or news sites, (which might need solutions providing real-time backups instead). Knowing the advantages and challenges with making daily backups can help you make an informed decision.

 

Frequent WordPress backups can minimize data loss and thereby greatly help your business. However, they can be resource-intensive and affect your WordPress site performance, if not done right.  

Frequent backups present some obvious advantages which are particularly important for WordPress (WP) sites. Content creation takes some planning, effort and resources. Losing such content may become a major setback for your website. Daily backups minimize data loss in such cases.

Finding secure storage solutions is a real challenge with frequent WordPress backups.
Finding secure storage solutions is a real challenge with frequent WordPress backups.

WordPress sites are dependent on many third party plugins and themes. WordPress site owners are always running the risk of installing software that is not compatible with other plugins or themes on the site or installing those which may have some vulnerabilities. The risk of losing data from frequent updates and third-party software vulnerabilities is mitigated to a degree by having up-to-date backups.

 

Advantages of Frequent Backups

  • Minimize data loss
  • Reduce downtime
  • Retain updates & functionalities on WP sites

 

What are Frequent Backup Options?

Of course real-time backups is the best solution to achieve the goals stated above. Hourly/Daily backups may be the most frequent options apart from that.

 

Challenges with Frequent Backups

Higher frequency of performing backups brings its own complications. Backing up sites not only makes demands on your server resources but also brings up the issue of secure storage of the backups made. To add to the list of issues to consider, tracking whether backups have happened correctly and what has been backed up is not always easy.

 

Backups are Complicated

We have been in the business of premium WordPress backup service for over five years now. A number of things can, and do go wrong with backups. Sometimes when someone opts to backup their site manually, it is as simple as forgetting to perform frequent backups.

Often, WordPress site owners don’t know if backups are happening according to plan. Sometimes not all files are backed up.

In cases where site owners may have backups, restoring sites may not be easy. At other times, site owners who are relying on backups by web hosting services may not be fully aware of backup & storage policies. As a result, there have been times when WordPress site owners find out that there may not be any backups when they need it the most.

 

Resource Intensive

Increased load on your server resources could lead to an increased  site load time or pages crashing. Otherwise, the user experience of visitors to your site may be spoiled because certain elements in the site may not function as intended.

 

Large Sites Offer Their Own Problems

 

Backing up larger sites takes more time & more resources. In such cases it is possible that certain sites may not get backed up at all. This is because hosting services; especially on shared hosting, have policies about the time, and the server-resources that a particular task can take. In such cases although you may have employed a backup solution, your site may have not been backed up at all, or may have been backed up incompletely. In both cases, restoring the site is not possible.

 

Storage Space & Security

Frequent backups lead to multiple copies. Storing these copies securely can be a challenge. Storing backups on your own Dropbox accounts or local storage devices like your PC’s hard drive (HDD) or USB drive is not recommended.

Backups stored locally can become infected with malware as you are constantly browsing and downloading files. Also, HDDS or USB drives have been known to crash. This doesn’t even account for the risks associated with accidents and natural disasters.

Storage may drive up the cost of storing backups as you may have to invest in independent storage solutions.
In all the above cases the real risk is that eventually when you need to restore your site you may not have backups, have incomplete or infected backup files. This is not the optimal scenario for your business. Probably a good way to evaluate a backup solution is to list some scenarios in which you would need to rely on backups, and see if the backup solution in question will give you access to backups and allow you to restore your WordPress site.

 

The Answer?: Backup Service as a Solution

A WordPress backup service like BlogVault will not only take care of storage space and security but make incremental backups. This intelligent approach ensures that even large sites on shared hosting can be completely backed up. Apart from this backups services may also eliminate cache and log files from backups, thereby reducing problems at the time of restores. All of this is done automatically, thereby eliminating the human errors so that you can go about your business without worry.

 

With a WordPress backup service restoring your site is always the goal. When the time comes you will have multiple backups versions; securely stored, from which you can choose. You can also automatically restore your site with a single-click. Of, course a backup service comes with a more premium price tag but with the price you’ll have backups with best practices at your disposal.

 

WordPress has become the most preferred content publishing platform online, and its popularity is continuously growing. For hackers, this means a bigger target with greater payoffs. Are you, as a WordPress site owner committing basic security mistakes that make it easier for them?

 

Common mistakes Website owners make

 

WordPress is the most popular platform to build websites on, and its popularity has only been growing. The CMS has something to offer anyone who has ever wanted to own a website. The WordPress community is supportive, and consists of developers who can build anything in code as well as code-averse site-owners who are given a world of add-ons to make their sites extensible, and more functional.

 

However, maintaining a WordPress site comes with a number of caveats, which are difficult to navigate. The case is worse for new site-owners, since committing a small mistake could knock their site offline, or make it vulnerable to hackers’ attacks.

 

Knowing the common mistakes made, and avoiding them, is key to keeping your WordPress site safer. This is why we’ve come up with a list of the basic security mistakes that WordPress site owners and users make. Are you making any of these mistakes currently?

 

1. Not updating WordPress and its add-ons

Now while the rest of our list talks about mistakes to definitely avoid committing, this issue is a little more complicated. This is why we’ve chosen to get this out of the way right in the beginning.

Everybody talks about keeping WordPress Core and add-ons (themes and plugins) up-to-date, for the sake of security, as well as to add new features to the site. However, you as a WordPress site owner, have one good reason for not doing so– incompatibility.

Your WordPress site could break because of:

Updating WordPress Core

There are two kinds of updates on WordPress Core that keep it up-to-date with the best features, and security measures on the web.

  • Major updates (like 4.5 or 4.6): These add new features and functionality to WordPress.
  • Minor releases like Release 4.5.1 and 4.5.2: These are dedicated to security patches, and bug fixes.

There are a couple of catches with these releases. For one, it can be cumbersome to keep up to date with all of them. Version 4.5, for example, was released on April 12, while 4.5.1 was released 14 days later, and 4.5.2 was released about 10 days after 4.5.1. Secondly, while WordPress Core upgrades are designed to be compatible with all the previous versions; (even the first one), it doesn’t always work out that way. So when WordPress site owners update their WordPress core, their site crashes.

Updating WordPress add-ons (plugins, themes, and widgets)

There a number of problems you could run into while updating WordPress add-ons. Since the developers could be pressed for time or not have the expertise, they can’t make sure that their updates are compatible with every single version of WordPress. As a result, they could be incompatible with previous updates of WordPress Core. Moreover, even add-ons that are coded to be backward compatible might not be developed with other add-ons in mind. Lastly, add-ons’ updates contain significant security patches and bug fixes, which change the way they work and hence cause conflicts. One example of this was the security patch for RevSlider (a premium carousel plugin), that changed the way the plugin worked.

As a result, updating even just one plugins could cause your site to break. If compatibility issues between WordPress Core and an add-on are a concern, the safest route to take, would be to ask the plugin developer to release an update for the plugin, while also looking for alternatives that work with your other add-ons.

The key to keeping your WordPress site secure, is to update every part of your WordPress site. The consequences to your site, its data, and your site’s visitors are all too great to not update.

 

2. Buying/using bad add-ons

As mentioned, WordPress add-ons don’t necessarily have the stringent code quality or security measures in place that WordPress Core does.This is why it’s important for WordPress users and site owners to pay attention to pick a good theme/plugin. Every good add-on has one basic characteristic– it has has good code. But even if you don’t know how to judge the code of a theme/plugin, there are a few characteristics which you spot:

  1. They’re available via a reputed source: This means they’re on the WordPress.org repository, or with well-known theme/plugin seller, like Themeforest, Elegant themes, etc. Just as with material goods, buyers should be wary of a premium theme being available on a questionable website at a huge discount.
  2. They have good reviews and ratings from genuine, long-time users.
  3. They’ve stood the test of time: The longer a theme or plugin has been available, the more bug fixes and security updates they should have.
  4. They get updated often and have been recently updated (in the past 2 months) from the developer’s side

Installing a bad theme/plugin could have a number of consequences for your site, whether in a way that affects function (such as slowing down your site), or in a malicious way, such as sending spam mail on your site’s behalf. Apart from all this, having an add-on with malicious code on your site causes search engines to mark your site as malicious, and hence blacklisted.

 

3. Using bad login practices

There are a number of simple login mistakes that WordPress site owners make, from sticking with easy to guess credentials, to staying logged in on their sites. This makes it easier for hackers, who usually use bots (just like search engine crawler bots), to look for websites with vulnerabilities.

Sticking with the default username (admin) reduces the time bots need to crack your login credentials, by 50%. Combining that with the use of a weak password only makes attacks on the login page (like a Brute Force attack, or a Dictionary attack) that much easier. Once the bots crack your login credentials, the hacker can login as you, and legitimately perform admin-level functions. This is why it’s important to enforce good login practices, and secure your WordPress login page. A couple of other simple ways (and there are more ways) to protect your login page are renaming the administrator account to reflect a different username. WordPress site owners have to look out for legitimate ways to harden their login page though– some widely recommended practices such as  moving your login page to a custom URL, are unnecessary, and can ruin your site’s user experience.

 

4. Making every contributor to the site an ‘administrator’

WordPress sites have different system users with different levels of access, in order to give the site owner the power to assign responsibilities to different users. This also serves as a way to give those with fewer responsibilities, the access to only specific areas they need access to. This principle (known as the Principle of Least Privilege), is one of the basic elements of security on any system.

WordPress has five different user roles:

  1. Super admin or Admin: Has full control over add-ons, content, files, and users on the site. (Super admin is someone who has Admin access over multiple sites, and controls the network administration for those sites too).
  2. Editor: Has full control over content and files, can publish anyone’s content, and is allowed to add script tags for formatting.
  3. Author: Can only create, modify, publish and delete their content.
  4. Contributor: Can only read, edit and delete content. No publication rights.
  5. Subscriber: Can only read content. No other rights

So say you run a successful news website or a blog with a regular guest blogger contributing once a month… You would best assign the guest blogger the role of  ‘Contributor’ or ‘Author’.

Assigning the ‘Admin’ role instead, however, will put your WordPress site at a greater risk. Just imagine what would happen if they deleted a post by another author, a plugin or even an Editor by mistake!

Giving users unrestricted access could also allow hackers to exploit your site more easily. A good example of this kind of damage, was how TechCrunch got hacked by OurMine, a commercial security group that hacks accounts to publicize their services. The site was hacked using one of its contributors’ accounts.

 

5. Being a hoarder

Keeping old add-ons and users presents a number of opportunities to hackers. As a site-owner, it is only natural to experiment with plugins and themes. In the process though, it is easy to forget about unused add-ons in your site’s repository. However, since you no longer use them, you also don’t update them. This opens up your site to a number of exploits.

Forgetting to delete old users (especially contributors) long after they’re gone, allows hackers access your site legitimately after a previous hack (like a Brute Force attack). This is one of the ways WordPress site owners are hacked for a long time without even knowing about it.

 

6. Not checking past uploads

Similar to hoarding add-ons and users, WordPress site owners also fall in the trap of never cleaning out their Media Library, the uploads folder, or the includes folder.

Hackers know this too. This is why they could easily upload a hack-file that looks like an image, and execute a hack later. This is how a number of exploits on the TimThumb vulnerability were carried out.

This method could also be used to create a backdoor. So even if malicious code is removed, and the WordPress site is kept up to date, it will still be susceptible to hacks.

 

7. Not having a reliable backup solution to depend on

Having a backup solution for your WordPress site is paramount to security. Not only does having a clean backup of your WordPress site make it easier to restore your site in case of a hack or blacklisting, it also allows you to scan your site’s code for irregularities and fire-fight more efficiently. However, most WordPress site owners don’t realize that the solutions they’re relying on are not dependable, until it’s too late. Backups must be the perfect disaster recovery solution, so they should be fool-proof, and adhere to the best WordPress security practices. Not only should they be independent of the WordPress hosting service, but they should be independent of your site, be stored in multiple locations, and have both: WordPress files and database encrypted and backed up.

If your site encounters a problem caused by anything as disastrous as your hosting provider being hacked to the deletion of files, not having a good backup plan would lead to your site experiencing a long downtime or worse.

 

The mistakes listed in this article are basic, and yet widely committed by WordPress site owners. Keeping your WordPress site secure lies not in being sure of impenetrability (because there is no such thing as a perfectly secure site), but in making it harder for hackers to achieve their target.

 

If you commit, or have committed any of these simple mistakes in the past, the best way to ensure that there is no malicious code on your site, would be to invest in an intelligent auto hack cleaner for WordPress sites, like MalCare.

 

The hardware used by your WordPress hosting provider can give you a lot of grief and be heavy on your wallet too. But, do you know what the issues are, and how a robust WordPress backup solution can help you?

Most of us think about subscription plans, security, and many other details when thinking about hosting a WordPress site. Few of us think about the kind of hardware that is used by the hosting and the problems that we could experience because of hosting hardware issues.

Hosting hardware issues could take your site down
Hosting hardware issues could take down your WordPress site

This may be with good reason- for one, such information is hard to get because hardware of hosting services is always out of sight, and there is no way to verify it. The second reason is that most of us may not know what are the questions we have to ask.

While there are many challenges which you may face while hosting your WordPress site, we’ll focus specifically on the hardware issues which may eventually end up affecting your site’s performance, security, and its existence.

A hosting service basically needs the following hardware:

  • Servers
  • Storage
  • Communication Equipment
  • Infrastructure Issues – Cooling and Heating

Rising competition in the hosting market space makes many demands. These demands may not all be met in the best possible manner by all host providers and this often manifest in hardware issues.

Server Failure

A server motherboard comprises CPU, memory, and network adapters among other things. All these components have a failure rate and regular wear and tear  leads to their failure. Of Course, as it is known, using ECC RAM may decrease the failure rate.

Apart from this, increases in temperature may accelerate this process and cause the CPU or RAM to fail. Power surges also lead to motherboard, and/or its components failing.

A host of software reasons may also lead to the motherboard on a server failing. This can be due to server overload through legitimate traffic or hack attacks.

Hard Disk

There is no magic, hard disks are used for storage of data in data centers. As you will well know, a hard disk is a mechanical device, meaning it relies on its parts moving to read and write data. This exposes hard disks to not only natural wear and tear but also, failures from excessive heat due to friction.

Now, imagine having hundreds and thousands of such devices stored in a single center. Some are bound to fail and fail much before their mean time between failures. A good hosting company will ensure that dated hard disks are phased out and new ones are installed periodically.

There may also be issues after maintenance work. Simple issues like physical damage caused by someone dropping hardware or not plugging in the wires correctly may occur too.

Communication Equipment

While most of us know of servers and hard disks, users rarely think of  the cables and network switches. Data centers on the other hand generally have to pay more attention to such things. Reports in 2013 of how 4 major hosting providers were taken out by a network switch failure; and users had to experience downtime, is proof of this fact. Network failures are a real threat to the functioning of your WordPress site and the reputation of your site.

Outdated Hardware

Extending the life cycle of hardware in data centers can be due to lack of maintenance or a cost cutting measure; either due to lack of budget or due to the desire to remain competitive. Cables, hard disks, etc. usually are not thought of by consumers. It may be easy to not replace them at the right time. This brings down the performance of the servers and in turn the performance of your WordPress site.

Apart from these issues certain other factors that have to do with the supporting infrastructure and maintenance of the data center affect the health and performance of hardware.

Infrastructure Issues – Insufficient Cooling

Apart from the regular functioning of servers and storage other factors may contribute to this issue. rooms may be stuffed with servers, or servers may be stuffed with too many sites. Such practices contribute to inefficient energy consumption and increased heating. In such cases it is not easy to scale up the cooling infrastructure wherein planning and space may be short. Other factors like ‘spaghetti cables’ may also aggravate the problem.

This is not simply to say here are the problems. The impact of heating issues on your WordPress site’s performance, your finances and reputation is real. Heating issues may regularly lead to:

  • Hard disk crashes
  • Longer load times due to hardware performing at below par levels
  • Pages not loading, etc.

The decrease in traffic and transaction from increased load times and frequent downtime is a fact that is increasingly well documented.

Natural Disasters and Accidents 

Natural disasters may not be something we think about on a daily basis but is obvious once stated. Natural disasters can destroy racks – servers, and hard disks, and make the building shell itself inaccessible.

Accidents may seem less obvious but they are real possibility and have caused considerable damage to the hardware of hosting servers. From a SUV crashing into a Rackspace facility costing them reportedly US $3.5 million in refunds to fire caused by drill in an adjacent building burning down an Amazon data center, accidents are a real possibility and cause considerable damage. The first example doesn’t not account for the cost of downtime which was estimated to have lasted 5 hours.

Not accounting for accidents in your WordPress site’s disaster recovery plan is a mistake.

Independent WordPress Backups Can Come to Your Rescue

The first step to being prepared for all eventualities of hardware failure with your WordPress hosting is knowing about them. Then, having good, independent WordPress backups may help you significantly reduce downtime and keep your business running. In this case, the question to ask is “Are your backups completely independent of your hosting provider’s hardware?”. If the hardware of hosting provider, located in one or two locations is compromised then can you still access your backups? If the answer is no then you need you revisit your backup strategy. You can look at BlogVault to explore a robust WordPress backup solution.

We checked SiteGround’s backup with their most basic WordPress hosting plan, StartUp; and distilled some of the pros and cons. This article will help you decide if you should rely on SiteGround backups as part of your website’s security plan.

It is important to mention right at the start that unless you’re manually downloading your backups and storing them securely, none of your backups are completely independent of SiteGround’s infrastructure. You’ll see what we mean as you read the pros and cons of each of the four options listed below. However, it is important to keep in mind that secure WordPress backups mean that they have to be completely independent of the hosting server. That way you can be sure that you have access to your backups in case of regular needs or during a freak accidents when web hosts lose your data.

A screenshot of SiteGround's webpage showing WordPress hosting details
A screenshot of SiteGround’s webpage showing WordPress hosting details

There are 4 ways you can backup your WordPress site hosted on SiteGround

  • The first way is to manually backup your site– make WordPress database backup using phpMyAdmin and make WordPress backup using a FTP Client
  • The second way is to make backups using your cPanel dashboard. You can click on ‘Create Backup’ under Backup Manager
  • The third way is to use Softaculous. The tool is available on your cPanel dashboard as well
  • Fourth way; you can utilize SiteGround’s paid backup service
  • Lastly, you can turn to professional WordPress backup services or plugins

 

Manual WordPress Backup

Manually backing up up your WordPress files and database has nothing to do with the service SiteGround offers. It is the same process with all services when you are on shared hosting. You can read articles on how to backup WordPress using FTP Client and how to make WordPress database backup using phpMyAdmin.

 

SiteGround Backup – Create Backup Tool

 

Backup options seen in the Create Backup tool which is accessed through your cPanel dashboard
Backup options seen in the Create Backup tool which is accessed through your cPanel dashboard

cPanel backups made with the Create Backup tool are generally similar across hosting services. You create a full backup using the Create Backup tool, set an email notification and wait. In some cases in the past we have not received any emails from the hosting service. With SiteGround however, the notifications were always prompt.

Even with the prompt notification however, you will be responsible for logging in to the cPanel dashboard, regularly downloading backups, and maintaining them in a secure fashion.

 

SiteGround Backup with Softaculous

 

Softaculous is another way you can manually backup your WordPress site if you host it on SiteGround.
Softaculous is another way  you can manually backup your WordPress site if you host it on SiteGround.

In terms of implications to the user, Softaculous backups are no different to making backups with the cPanel. Select the tool in your cPanel dashboard and make a backup. As with cPanel backups, unless you are regularly logging in making backups you’re bound to get in trouble. If you only login when your site has an issue or has been infected with a MalWare then you’ll only be backing up a bad copy. The onus again is on you to regularly make backups manually.

Restoring though is a little easier with Softaculous. Once you access the tool, you’ll have a list of the backups you have generated. Next to each backup is a restore icon. You only have to choose one of the backups and click on the corresponding restore.

Restoring your WordPress site with Softaculous is easier than performing manual restorations
Restoring your WordPress site with Softaculous is easier than performing manual restorations

 

Do You have Control Over Your Backups?

Note that in the case of cPanel backups, you cannot download specific file.  Unless you are dealing with SQL database, you don’t have control over which files to download. Choosing the Full Download or Home Directory means that you’ll be downloading the all the files related to all the domain or subdomain of your account. You have to download it all and sift through it later.

With Softaculous you can specify the domain or subdomain you want to download, and then download all the files related to that domain/subdomain.

While restoring, in the case of cPanel backups you can restore specific files or tables if you know what you are doing. In the case of Softaculous you have restore your entire directory and database, thereby restoring the entire site.

Web host backups generally tend to place an extra layer of burden on you. This is a good example of it. However, you can opt for the paid Backup service as an alternative.

 

SiteGround’s Paid Backup Service

SiteGround offers a paid backup service for users of the StartUp hosting plan. Paid backups are automatic backups carried out daily. 30 versions of backups are stored by SiteGround on their servers. When we got in touch with their customer support via chat, SiteGround informed us that the servers are different from the ones on which  your site is hosted.

As StartUp plan user, even if you have not subscribed to paid backup service, then SiteGround maintains a copy of the backup to your site. We got in touch with SiteGround  to ask how we can access that copy of the backup. We were informed that, that copy is only for ‘technical experts’ of the hosting servers. Users cannot access it. To do so, you’ll have to subscribe to the paid backup service, which is part of the higher hosting plans; but is not included for the basic plan.

 

To restore your WordPress site via the cPanel dashboard, you'll need to subscribe to the paid backup service to gain access
To restore your WordPress site via the cPanel dashboard, you’ll need to subscribe to the paid backup service to gain access

Paid backup service is especially important for sites hosted on SiteGround during restorations. Even if you have manually backed up your site, you cannot restore it via the cPanel’s Backup Restore tool. To access the Backup Restore tool you have to subscribe to the backup service. If you have not subscribed to the paid service you will see the above screen when you choose the Backup Restore tool. Otherwise you have to upload the files using a FTP client, and import the database using phpMyAdmin. This requires some technical know how, otherwise your restorations can be unsuccessful.

 

Why we think you need a professional backup service?

This means that if you have the basic hosting plan- StartUp, on SiteGround, you either have to do all the heavy lifting (manually make backups), give up some of the finer controls over backups and restores (download and restore entire sites), or just pay for their service. However if you run a small service, then some these shortcomings or financial additions may be worthwhile. If you’re looking for a complete WordPress backup solution, then try out BlogVault, to run your small business or blog than you might have to look elsewhere. Obviously we may be a little biased but we think the option is worth considering if you want peace of mind regarding your safety net- your website backups.

 

Making WordPress Backup to Dropbox seems like an attractive option due to ease of use & low cost.  However, is it the best practice & will restores be as easy as backups?

WordPress backup to Dropbox
Plugins generally store a copy of the API keys to your Dropbox account on your site. In such cases, if your WordPress site is hacked, then your backups maybe compromised too.

There are generally two ways you can make a WordPress backup to Dropbox. The first way requires two processes to be completed. You can manually download WordPress files using a FTP client and then download your WordPress database using phpMyAdmin. Then you can upload it all to Dropbox. WordPress.org recommends having at least three copies of a given backup and Dropbox can serve as the destination of one of those three copies.

The other way is seemingly easier. Backup your WordPress database and files with a backup plugin. Backup & Restore Dropbox, Dropbox Backup by Supsystic, and WordPress Backup to Dropbox are all plugins which backup to Dropbox.

Other plugins like Backup Guard, and UpdraftPlus WordPress Backup Plugin provide Dropbox as one of the optional destinations for backing up. IN the case of the the former the option is available only in the PRO version, where as in the case of the later it is an add on.

The process is simple You will need to input your Dropbox login credentials, confirm them and you are done. Some plugins will regularly backup your WordPress site to Dropbox according to the schedule you have set. Tracking this may be another matter altogether.

Apart from the simple process, cost is another factor which  makes Dropbox a seemingly attractive option for backups. Some plugins which allow you to backup your WordPress site to Dropbox are free. Dropbox itself is free up to 2 GB so you may feel there are no extra costs with this option.

WordPress Backup to Dropbox: Think again!

In order to backup up your WordPress site to Dropbox, plugins will need to store a copy of  your Dropbox account’s API key on the site itself. This means that you are keeping a spare key to your backups on your site. What is the point of leaving a copy of your bank vault’s key in your living room? You might as well have left your valuables in the living room too, right?

Backing up to Dropbox is indeed simple enough. Our WordPress backup plugin offers users the option to upload backup to Dropbox too. Users who know a particular version to be without any problems can download the backup to their Dropbox account. This is not a default option when you use the BlogVault plugin and regular backups are not made to your Dropbox account. We do this because we follow best practices for WordPress backups. Know more about why backups to Dropbox is not safe.

However, if you’re relying on Dropbox only to provide the safety net for your WordPress site then you are in trouble, at least according to our experience.

Dropbox Backups & Restores

Apart from all of these points, there is another issue to making WordPress backup to Dropbox only- restores. Afterall the entire point of making backups is to empower us when we need to restore our business or blog.

Most WordPress backup plugins zip your files; meaning they download your site in .zip or .gz files. You cannot view .zip or .gz files in Dropbox anyway and you have to download the files to sort them out. In this case Dropbox becomes a temporary storage solution rather than a comprehensive backup solution.

Seemingly simple matters like clutter. Regularly backing up to Dropbox clutters your account. You may not be able to find the files you desire quickly, when you need them. When you have to restore your site, you don’t want to sift through thousands, if not millions, of files.

Tip: When backing up to Dropbox

Ensure that you label the downloaded backups in an organised manner so that you know can categorise different backups. This will be helpful when you have to restore your site.

You need to safeguard your data in a more robust manner to ensure that in your hour of need you know not only know that you have access to backups but also that they are functional. Especially, if you’re running a small business or a popular blog then you might want to look at a more holistic solution for backup and continue making WordPress backup to Dropbox only as an additional step.

Why do you need it?

Can your business continue to function if you were to lose your data? If your answer is a clear no, then having a disaster recovery plan is a must for you. At some point down the road, your data is going to be in danger. It could be a machine error. It could be a simple human error. It could be a tornado the size of Nebraska. But sooner or later, you’re going to be in a situation where you’re at risk of losing some or all of your data. Some of the common consequences of a disaster –

  • Loss of business/customers
  • Loss of credibility/goodwill
  • Cash flow problems
  • Loss of operational data
  • Financial loss

90% of businesses that lose data from a disaster are forced to shut down within 2 years of the disaster. 50% of businesses experiencing a computer outage will be forced to shut within 5 years. (Source: London Chamber of Commerce). So, having a disaster recovery plan is the best insurance for your business and entire data. But what are the possible reasons behind this ‘disaster’? And how do you deal with them?

It's wise to have a recovery plan for your website
It’s wise to have a recovery plan for your WordPress site

What Can Go Wrong?

Hardware Failure

While we’ve made huge strides in terms of technology, it’s still not perfect. There are bound to be issues now and then. Hard disks, which are the most popular form of storage media, fail more often than you think. The statistical figure indicated is by no means trivial. Other forms of hardware failure can have a similar impact on your business.

Web-hosting Failure

As every site is hosted using one of the providers, a failure on their end undoubtedly spells disaster. Any sort of networking problem can bring down your site. However, this doesn’t pose a big threat to your data. But that’s not the end of it. These hosting providers are a common target of hackers. Once the server is compromised, the hackers have access to all the data that resides on it. The hackers can thus attack 1000s of site by hacking a single provider. Sometimes, hosting providers even suspend your account without prior notice.

Natural Calamities

Natural calamities, though rare, can pose a huge threat to your data. Hurricane Sandy, which hit New York City in 2012, had companies fighting hard to keep their data centers up. It was one of the busiest days for many of them.

WordPress Issues

WordPress, though WP core is known to be stable, has its own share of problems that crop up from time to time. The most common issue that users face is that of version incompatibility. Though WordPress versions are meant to be backward compatible, quite often, a WordPress update ends up breaking a plugin or theme due to incompatibility. Underlying API changes in a new version could also result in breaking parts of your site.

Plugin/ Theme Issues

WordPress is an open platform, inviting a lot of people to develop plugins and themes. Since each plugin and theme is written independently, not all of them follow the same set of coding guidelines and standards. This makes installing new themes and plugins on your site a risky proposition. A new addition may be incompatible with the underlying WordPress version. Some of the changes made by plugins and themes are –

  • Bad database changes
  • Addition of new tables
  • Modification of standard WordPress tables
  • Changing WordPress configuration files
  • Introducing incompatible code
  • Corruption of .htaccess files

This can result in breaking parts of your site or worse, lead to a crash. Upgrading plugins and themes can also lead to similar issues.

Hacks and Vulnerabilities

WordPress core, by itself, is known to be safe and stable. However, plugins and themes added by developers hailing from diverse backgrounds have become game changers when it comes to WordPress security. Plugins and themes together make up the biggest source of  vulnerabilities found in recent times. Popular plugins like MailPoet, W3Total Cache and Super Cache have been exploited to attack thousands of sites. Similarly, themes are also vulnerable to attacks. The TimThumb library included in many themes was exploited to compromise tons of sites.

Hackers are always looking for new ways to launch attacks on WordPress sites. While most hackers look to make quick profits, some do it merely for fun. They can install malware that’s extremely hard to detect and get rid of. They can also wipe out all of your site’s data.

Human Errors

To err is human. But these errors can prove to be very costly. You can delete a single post or the entire database. Ben Congleton of Olark describes in an interview, a case where a human error nearly took down his business.

The reason behind the disaster can vary, but they will all impact you in the same way. They can all potentially take down your site, and thus your business. So what is the best possible plan to recover from a disaster?

Putting Together a Disaster Recovery Plan

Backup, Backup, Backup: the Cornerstone of a Disaster Recovery Plan

Not enough emphasis can be laid on the importance of backups. Taking regular backups of your data is critical for any business. That way if anything untoward happens, you can recover your site in a matter of few minutes. There are multiple options available from which you can choose. However, it is best to opt for a managed offsite backup service like BlogVault that can handle any situation with ease.

Plan for Extended Downtime

Your plan should cover what you will do if the downtime from the disaster is expected to last more than a few days. For instance, there may be a major outage with your hosting provider. You’ll need to identify possible alternatives to host your site.

Emergency Contact

A natural disaster or emergency could cut off all your regular avenues of communication, so adding a communications element to your plan is important as well. Notifying your customers about the downtime is extremely important. However, when you lose data, your customer information is lost too. Hence it is critical that you have a separate emergency contact list, such as all customer email IDs, stored separately in an easily accessible place.

Test the Plan

Do a test run of your disaster recovery plan to make sure that it works when needed. Also ensure that your plan is known to multiple people at your company so that they can spring into action immediately when disaster strikes.

Disasters do happen, and your company’s data is one of its most important assets. When disaster strikes, you need to be sure that you can get your data back quickly, so there is minimal impact to your business. So work on that disaster recovery plan today, in case you already haven’t. Better safe than sorry, right?

As a lot of us following technology news might know by now, TechCrunch was hacked today, by OurMine. The message left by hackers was caught just before the post was taken down:

 

OurMine hacked TechCrunch earlier today, and posted this on the website.
OurMine hacked TechCrunch earlier today, and posted this on the website.

 

According to OurMine’s website, the organisation is made of “professional hackers and vulnerability assessors” who “only care about the security and privacy of your accounts and network”.

And while a tech security company hacking sites to expose vulnerabilities is not very big news; what makes it newsworthy, is the size and reputation of the enterprise being hacked, which in this case, was TechCrunch.

For those of you not in the know, TechCrunch was built on WordPress, which is a hot target for hackers due to the CMS’ popularity. Close to a third of the world’s websites run on WordPress– if you’re a WordPress user, this might alarm you. And while we don’t yet know if the vulnerability exploited by OurMine was on WordPress, the case of TechCrunch is especially disturbing.

This is because TechCrunch was hosted on WordPress VIP. VIP services include priority hosting, offering the best enterprise solutions; and starting at $5,000/month they do not come cheap. As part of the VIP service, the website’s code is subject to rigorous code reviews from the best developers at WordPress. In addition, this service also included a host of security measures that included PAAS, DDOS mitigation, two-factor authentication and an antivirus (among other things). Basically, TechCrunch functioned in the most secure WordPress environment available.

If companies that can afford the best security measures are vulnerable, then it is a signal that there is no foolproof way to safeguard your website.

However this isn’t to say that WordPress VIP and TechCrunch were completely vulnerable. As seen in the thread, the post was taken off TechCrunch’s site within the hour, and things went back to normal almost immediately.

This hasn’t been our experience in general with websites though. In fact, some of our clients have been hacked for years before they even found out about it.


The best way to safeguard your website is to fortify it.

This is what inspired us to work on our new WordPress website security product that will be out soon. It scans for hacks, and auto-cleans them with a single click.

Apart from this, we’re big believers in having a WordPress backup, because it’s the one way you can be completely sure that the damage is reversible.

Fans of Dennis Cooper, the experimental artist and writer, have expressed concern over Google’s removal of the artist’s Blogger account and blog of 14 years. What’s worse, his Gmail account, the medium through which most of his correspondence was conducted was also rendered inaccessible.
The writer’s blog, was a choice destination for followers of transgressive, avant garde writing and experimental art, some of which included ‘Frisk’ and ‘Luster’ (books that later spawned movies in 1995 and 2002), as well as the critically acclaimed book, ‘Closer’. The American artist’s work often depicted graphic violence and savage sexuality.

 

Back to back: Dennis Cooper. The artist might have to sue Google to get his work back. (Image courtesy: http://bbook.com)
Back to black: Dennis Cooper might have to sue Google to get his life’s work back.
(Image from here)

His blog was updated six times a week, with literature, film and music he enjoyed, some of which followed in the same vein. It’s understandable, therefore, that readers would be offended by it. However, the blog contained a warning, stating that it contained mature and violent content. So the question is, whether this was an attempt at censorship.

In a talk with the Guardian, Pati Hertling, an art lawyer, explained that the First amendment rights to free speech, (which any American citizen is entitled to), do not apply to the world of private corporations like Google or Facebook. This is because the amendment only protects you against public censorship. “Because it’s Google, they’re a private corporation, it’s a private realm, they can do whatever they want”, she said.

Dominant technology companies, such as Google and Facebook, have a vested economic interest in controlling content management. In fact, according to a report by Gizmodo, a former news journalist who curated news for Facebook said that the members of the ‘news curating’ team suppressed content that held ‘conservative views’. The problem is that when tech giants like these create ‘walled gardens’ for content, they wield power over what the general public is exposed to. And since these arenas are great to look at, and have great publicity, the trade-off for creators, is between ease-of-use & productiveness; and creativity & freedom. When the reins are handed over to these firms with a click to ‘Agree to terms and conditions’, things don’t look too good for an artist.

Being in complete control of the content you put up is an important thing to consider, when you’re an artist whose livelihood depends on freedom of expression. This is one of the reasons open source projects, that allow you to host your own site have become so popular. No matter which open platform you choose to host on, you’re in control of your content, and there are much lesser chances of forced censorship. WordPress.org currently powers about 26% of the world’s websites, and it continues to attract creators and inspire a community of contributors. One of the reasons behind this is the platform’s mission to democratize and socialize the publishing world.

When Cooper contacted Google over various channels, the response he received said that the blog was in “violation of the terms of service agreement.” Cooper has no confirmation of whether the blog and his email account have simply been disabled, or whether they have been deleted altogether.

The deactivation of Cooper’s account have serious consequences– his contacts collected for over a decade, as well as recent offers to various platforms for his performance art work were all on his email account, and are now gone. Moreover, all of his work, (including his last gif novel,, which he had been working on for seven months), was hosted only on his blog. He had no backups, and no data stored anywhere else.

“As long as you back everything up. I don’t see really the danger,” agrees Dennis Cooper. “But if you’re at the mercy of Google or some place like Google, obviously I’m a living example of not to be blind like that and think that everything is hunky dory.” Open source platforms are a great way to have complete control over your content, but having your resources backed up is an essential safety measure.

WordPress has a number of backup solutions, all of which could help you get back online. These safeguard your work, in case your website gets taken down by a hack, or is offline because of a human error, or because of your web host. Choosing one according to your needs, and your technical expertise, acts as a sort of insurance policy. Solutions like BlogVault offer WordPress backup services that ensure your data’s safety. It also gets your website back online automatically in case your website has been taken down, so you can have peace of mind.

By now you most probably would have come across this story which has taken the internet by storm recently, especially the programming community. The story reads:  How a hosting company lost its entire business because of one line of bad code. Any person even vaguely familiar with command prompt can guess that one line:
rm -rf

(well the actual line of code as per its author was rm -rf {foo}/{bar})

 

The issue first came to public notice when the person responsible for this catastrophe asked for help on ServerFault (question now removed). As per the question and followed thread of comments author intended to run a script that did a few task along with deleting all files/folders inside certain folders passed as variable. Due to an error in the code, the variable got wrong value which resulted in wiping everything on the machine. Unfortunately he ran this same script on all his machines which led to deletion of everything. A complete annihilation!

 

Add to that he ran a web hosting company. He not only deleted his entire company code and data but also wiped clean all customer data. This affected some 1535 customers who were using his service (figures provided by him on serverfault’s thread).

 

Did he take backups?

Whenever a person read such stories, first thing to come across mind is – why didn’t he take backups? Well as per him, he did. He made backups on separate disks, however these disks were mounted to the main machine and hence the contagious script managed to wipe them too.

 

He posted a comment that read:

“All servers got deleted and the offsite backups too because the remote storage was mounted just before by the same script (that is a backup maintenance script).”

 

We often come across users who are trying our service and tell us at the end of trial period, while they really loved our service their hosting company provides backup and hence they may not need our service. It’s difficult to explain why you cannot blindly rely on backups done by your hosting provider but this certainly is a good example to start with.

 

We understand it’s a rare case scenario coupled with human error and probability of something like this happening with your premium managed hosting provider is equivalent to probability of discovering extraterrestrial life. But the important thing to notice here is there is still a probability. There are over 1 billion websites on the internet today, even mere 0.1% accounts to 1 million websites and that’s a huge number. You definitely don’t want to be one in this million group.

 

If something similar happens with the managed hosting provider you are signed up with, your included backups will do you no good. This hosting company just lost all its data. Yes it was because of the carelessness of the system admin but human errors can happen anywhere. There can be another similar case, where a hacker somehow breaks into your hosting company’s server and run similar script intentionally. That will affect you equally. Not only your production site is gone, also the backups.

You should never completely rely on backups by your hosts

Though there are many managed hosting companies that provide quality automated backup to their customers, one should not completely rely on these backups especially when the site in question is your main source to bread and butter. If their system is compromised, so are you and your sites. We cannot emphasise enough how important it is to have backups completely independent from your hosting servers.  


Let’s assume another case where your hosting company is hit by a major DoS attack and it went completely down for 3-4 days. Your site data may be safe but there is no way to access it. There is no certainty how soon they will recover and you cannot let your site just hang around like that. Since your backup belongs with the same hosting company, there is no way to access them either. Like it or not, you’re stuck. If only your backups were independent, you could have hosted them somewhere else meanwhile.

 

These are real world examples and can happen to anyone. A good backup needs to be offsite, robust, completely independent from your main servers and most importantly something you can access and deploy anywhere within minutes. We have seen enough number of times people despite having zip of their backup, running over various tech forums desperately seeking professional help to get their site restored because just unzipping it won’t bring the site back. There are various server configurations that may require fixing/updating in wake of recent disaster. Similarly a good robust backup should have an easy way to validate itself. Consider a situation where you are relying on a backup which is corrupt and you only learn this when you needed it. It’s a nightmare! While most managed hostings do provide decent backup service, these are a few scenarios where they fall flat.

 

Our post is not aimed to scare our readers, we just want to educate people about the importance of an independent automated backup service. One can never take their system for granted. As per the very nature of machines they are bound to crash, hacked, wiped out, melt down etc. One need to have sound backup system not just for their sake, but also for the sake of their users. And we just happen to provide one 🙂