How a WordPress Backup and Restore Strategy Gets Your Site Back Online Fast After a Cyber Attack

others   |   
Published May 20, 2020   |   

Hackers keep busy with their criminal mischief these days. One estimate places the annual haul at about $1.5 trillion raked in by a variety of schemes: ransomware, cryptojacking, identity theft, data theft, phishing…and the list goes on.

It’s a profitable career, so you should expect that it won’t go away any time soon. In fact, with attacks increasing in frequency, if you haven’t had a security incident yet, you’re either exceptionally well-prepared or lucky. Hopefully, it’s the former.

For WordPress site owners, there’s an easy way to find peace of mind with a backup and restore strategy. It’s simple to implement, cost effective, and lets you get your site back online fast even if a ransomware attack locks you out.

There are three ways to accomplish this.

Let Your Host Do the Heavy Lifting

This is probably the easiest way to go. Many (but not all) web hosts offer a free daily backup as part of the feature set associated with your hosting plan. If so, it’s a good idea to take advantage of it. At an appointed time each day, all your critical WordPress files, themes, plugins, database, and media will be copied and dropped into a neat zip file. If the worst ever comes to pass, it’s a simple matter to find the most recent backup and restore it.

With this option, the worst case scenario is that you’ll lose a day’s worth of work which, depending on how much activity there is on your site, could still be nauseating, but it’s better than losing everything. Typically, with a hosting plan backup feature you can also create an unscheduled backup any time you want, which is a good idea right before a core WordPress or theme update.

To be extra super safe, download the zip file onto a thumb drive or store it somewhere else in the cloud.

Back it Up Manually

If you know your way around the cPanel backend of your hosting plan, it’s a relatively easy matter to scrounge up your critical files in about the length of time it takes to brew up a nice cup of coffee. If you don’t completely trust your host to tend to this mission critical task, you might prefer to do it yourself.

Here’s what you need to do:

  • Access cPanel. If you have no idea what this is, better go back to the host backup plan.
  • Locate the File Manager and the Home or public_html directory.
  • Find the WordPress directory. This is where the files reside that you want to backup.
  • Select your WordPress directory and then Compress from the menu bar.
  • Choose compression type – ZIP is preferred.
  • Click the Compress Files button and let the process run. Shouldn’t take long.
  • Once the new ZIP file is created, right-click and choose to Download it to a safe place on your hard drive like a thumb drive or Dropbox account. The point here is to store it somewhere where a hacker can’t get at if your computer or site is compromised.

Another manual option which is a bit more complicated but not too much is to use a file manager like Filezilla (SSH File Transfer Protocol or SFTP). This is a third party program you install and let it do the same thing your cPanel just did.

Once again, the level of activity on your site dictates how often you should backup. If you have 25 new posts going up daily, better back up a few times over the course of every day. Once a week posters can be more casual.

Use a Plugin

If you have a few bucks a month to drop on a paid plugin, this can be the easiest, most effective backup strategy of all. Download the plugin, twiddle a few knobs to set it up, and then let it go. According to whatever schedule you set, the plugin will create a complete backup and store it safely offsite in the event you ever need to use the restore function.

We mentioned hacker attacks already, but there are other reasons that having a fresh backup ready to go will make your day. Here are a few:

Human Error: It’s an unfortunate reality of online life that sometimes people try to do things that cause a site to crash and data to disappear. A current backup means you won’t feel like killing them, hopefully, because you can easily restore.

Natural Disaster: Almost every location on earth has something to worry about. If it’s not hurricanes, tornados, or cyclones, it could be fires, earthquakes, or falling asteroids. The point is that things can go wrong in the physical world that destroy equipment and data. With an offsite backup, it’s a simple matter to get the train back on track.

Server Suicide: Sometimes servers decide to end it all. No one knows why. They just do. When equipment fails, those who have taken the time to create backups will be happier than those who didn’t.

Update Failure: Have you ever noticed that warning message on your WordPress dashboard that tells you to make sure you have a current backup before you apply an update? That’s because sometimes updates malfunction and you’re left with a mess. Thankfully, as the software delivery model shifts to Software-as-a-Service, the responsibility for implementing updates has also shifted from the site owner to the service provider, which is some consolation to the former.

Final Thoughts

A few final details about the backup and restore process as part of your overall defensive strategy. If you have a data-heavy site, it might be worth it to investigate the idea of doing incremental backups rather than a full site backup every time. Some sites are so resource-laden that backing it up completely each time puts a strain on the server and slows site response time. An incremental backup records only files or data that have changed since the last backup and adds to it.

Lastly, if the worst comes to pass and you need to restore your site from a backup, first check it to make sure the files haven’t been corrupted or hacked. It can happen and installing a faulty backup just compounds the problem. A good plugin allows you to test your backup on their offsite servers before applying it to your system.