WordPress Backups Are Critical to Your Security Strategy
On this blog, we often talk about employing a “defense in depth” approach to WordPress security. The majority of our focus is on the prevention and detection features offered by the Wordfence plugin. Today we turn our attention to WordPress backups, an incredibly important remediation topic.
Why Are WordPress Backups Important?
If your site is compromised, having access to backups can make your life considerably easier. The fastest way to recover from a hacked website is to restore the latest version of the site that existed prior to the hack. You will still need to close the security hole the attacker used to compromise your site after your site is back up and running, but at least you’ll have your site back to working order in hours or even minutes.
Without a good backup on hand, you’ll need to either manually clean your hacked website or pay an expert to do it for you. Many companies provide site cleaning services, including Wordfence. Many of them are quite reasonably priced, but with the right backup service you should be able to avoid this expense altogether.
In some cases, your site may become compromised due to issues that your hosting company is experiencing. In those cases, there is likely nothing you can do to protect your site, short of moving your website to a new hosting company. Having a good backup and the right backup service can make that transition much easier.
In our post last year on the SEO impact of a hacked website, we showed that recovering slowly from a hacked website can have an adverse impact on your search engine rankings, organic search traffic and, ultimately, your sales. We determined that the average cost of a hacked website is $2,518. Recovering quickly can have a significant impact on minimizing the damage to your business, and backups can play a big role in that.
Implementing a Security-focused WordPress Backup Strategy
Before you implement a security-focused WordPress backup strategy, you’ll need to answer a few questions. Your approach will depend on the type of website(s) you manage, the technology platforms you are already using (including your hosting company) and how much effort and money you are willing to invest in your backup strategy.
What Is Your Hosting Provider Already Doing?
The first place to start with your backup strategy is to find out what your hosting provider already does automatically. You may find that your hosting provider doesn’t back up your site at all: many entry-level hosting plans only offer WordPress backups for an additional monthly fee. If they do offer backups, they may not back up all of your data, or they may not do so frequently enough, or keep it long enough or store it securely. In the large majority of cases, you are going to want to augment what your hosting provider is doing.
What Should You Back Up?
It is incredibly important to understand all of the files that you will need backed up to properly restore your website. At a minimum, you need to back up the files in your wp-content folder (themes, plugins and media uploads), WordPress config files, and your WordPress database. You may also want to back up WordPress core files, though you should be able to get fresh copies of those from the WordPress website when needed.
How Often Should You Back Up Your Site?
The frequency with which you should back up your WordPress site should be determined primarily by how often your content changes. Sites that change infrequently may be able to get by with weekly WordPress backups. Sites with constant updates, like new users, blog posts and comments may need to be backed up hourly. Many websites will be somewhere in between. The key question to ask yourself is: how much would it hurt to lose an hour of data? A day’s worth? A week’s worth?
How Long Should You Retain WordPress Backups?
To answer this question, you need two data points: how quickly do you think you will discover that your site has been hacked and how far back could you go back in time with a site restore and still have it be useful. Our site cleaning team unfortunately sees sites on a regular basis that had been hacked for as long as 6 months before the site owner noticed. The best way to answer this question for yourself is to think through the realities of each scenario. Would a 60-day-old backup of your site be useful, or does your site change often enough to need more frequent backups?
However long you decide to retain your WordPress backups, it likely makes sense to keep more of the most recent files and fewer of the older ones. For example, for a mission-critical site, you might decide to keep 24 hours of hourly backups, 30 days of dailies, and six months of weekly files. A site owner with a relatively static website might decide to keep one week of daily backup files and six months of weekly files.
In the case of a hacked website, the most recent backup created before your site was compromised is the one you want. Your backup strategy should seek to reduce the risk that you won’t have that backup available when you need it.
Where Should You Store WordPress Backups?
The key concepts to consider when deciding where to store your WordPress backup files are: access control, redundancy and independence. In addition, you probably have technology services such as AWS, Google and Dropbox that you are already using for other kinds of data storage. The ideal approach achieves your independence, access control and redundancy objectives while taking advantage of technology services and platforms you already have in place.
Independence
With regard to WordPress backups, the concept of independence simply means that you don’t want to rely on the same hardware, network or provider to store your backups that you use to host your website. With a compromised website, you don’t want the hackers to be able to simply delete your backups. In the case of a hosting company level issue, you don’t want your backups to be lost alongside your site.
Access Control
Getting access control right is critical when recovering from a hacked website. Faithfully backing up your site every hour won’t matter at all if a hacker is able to delete everything once they’ve taken control of your website. To avoid this, you need to configure the permissions for your WordPress backup storage so that new files can be saved, but saved files cannot be deleted using the credentials you use for ongoing backups. By using this approach you protect your backups from hackers even if they take full control of your website. Check out this great tutorial from UpdraftPlus on how to securely save backups to AWS S3.
Redundancy
In technology, the concept of redundancy means having extra components around in case of failure in other system components. In the context of backups, we want to make extra copies in case the others are either not available or compromised in some way. The number of copies of your WordPress backups you should store depends on how important your website is to you and how much you are willing to invest to reduce risk.
There are three aspects of redundancy to consider: hardware, geography and service / company.
Hardware redundancy is the most basic, and the easiest to solve. Simply put, you do not want hardware failure to keep you from accessing your backups. If you’re storing your backups in your own data center, or in a folder on your laptop (gasp!), make sure that something as simple as hard drive failure won’t take you out. If you’re using an online storage solution such as Dropbox, make sure that they have adequate hardware redundancy built into their systems.
Geographic redundancy can be incredibly important. Things like natural disasters and power outages can render your backup files unreachable for hours, days or even weeks. And it doesn’t take a hurricane to take out a data center: many a data center has lost network or power access due to something as mundane as an overzealous backhoe at a construction project next door. By storing your WordPress backups in geographically diverse locations you significantly reduce the risk that your files will be unavailable when you need them.
Service redundancy in this context means not relying on any one company to keep your backups safe and available. Internet services have outages all the time. And in some cases like the DynDNS outage last fall, a single event can impact a large number of services simultaneously. By storing copies of your backups with multiple, independent services you significantly reduce the risk of an outage impacting your access.
How Should I Manage My WordPress Backups?
The easiest way to manage your WordPress backups is via a plugin that meets your needs. There are a wide variety of options available, and as you can see from this feature comparison table, their features vary dramatically. The following are the features we think you should consider when evaluating your options.
Author Reputation
As with all WordPress plugins, the first thing you should consider is whether the plugin author is reputable. What rating has the plugin received on WordPress.org? How many times has it been downloaded, and how many sites have it actively installed? How long has it been since the plugin was updated?
By answering those questions, you should be able to quickly narrow your choices down to plugins you can rely on.
Automatic Restore
When your site has been compromised, time is of the essence. You want to reduce the impact on your customers, search engine rankings, your reputation and even revenue. The ability to automatically restore your site can significantly speed up the time it takes to restore your site to working order.
Support for Database Encryption
If your site database is encrypted, it is essential that your backup solution can both back it up and restore it. Make sure that you understand how and where your encryption keys are being stored and whether they will be available when you need them.
Backup File Encryption
It is very likely that your backup files contain sensitive information. Your backup solution should ideally allow you to encrypt your backup files before storing them remotely. As we suggested with database encryption, make sure that you understand how your encryption keys will be stored and that they will be available when you need them.
Secure File Transfer
Make sure that your files are being transferred securely. Communication between your website and storage locations should always leverage secure protocols such as SFTP, TLS or SCP.
Secure Administration
The account you set up to manage your backup service becomes a new target for attackers. Make sure that you can properly secure access to your backup administration functions. All administrative communication should happen via TLS (or other encryption protocol). Also, you should exercise the same level of password security you employ for your website by using unique, strong passwords and ideally enabling two factor authentication.
Multisite Support
If you are leveraging WordPress Multisite functionality, or plan to do so in the future, make sure that your backup solution supports it. Transitioning to a new solution can be a lot of work, so make sure that you aren’t forced to switch down the road.
Support for Hosting Company Migration
As we mentioned earlier in the post, we often find that security issues that occur are the responsibility of the hosting company. In many cases, the site owner is forced to change hosting providers to solve the problem. Not all backup solutions support seamlessly restoring your site to a new hosting account.
Conclusion
Implementing a well-thought-out backup strategy is a crucial component of a “defense in depth” security approach. Make sure you consider the following when determining your strategy:
- Take WordPress backups frequently enough to ensure that you can restore your site without significant data loss.
- The more important your website is, the more redundancy should be built into your backup storage approach.
- Make sure that your backup is kept secure during transfer and storage.
- Use a full-featured, reputable backup plugin to make implementing your strategy easy.
Comments
9:46 am
We began a system of regular backups several years back when all our websites were hacked (they were all in one hosting account!)
Our server is set to make backups and copy them on to a separate server on a weekly basis, placing the archives in date folders. We then log in at the end of the month via FTP and download these onto an external drive. We have weekly archives going back over two years now. I know we could begin to delete some of them now but hard drives are so cheap we haven't needed to yet!
It's a simply system but works well and gives us the assurance that if our sites were hacked 6 months ago (and the hacker is keeping under the radar) we can still go back to retrieve a clean archive.
10:16 am
Some backup solutions will back it up on a folder on that server. But I've seen some sites hacked and the backup folders were deleted by the hacker. You really need the backups located off the server.
10:59 am
I use Automattic's VaultPress on all my sites. I've never had to do a restore. Does anyone have an opinion on Vaultpress?
12:16 pm
We use Updraft Plus backed-up to our Dropbox account. We back-up the complete site and the database every day. We keep 7 days worth of back-ups in Dropbox, downloading them to a physical hard drive before they are deleted. We also keep back-ups of previous versions of all our plug-ins and theme in-case we have an issue with an update.
2:12 am
I backup 17 website weekly to dropbox using Updraft, and keep 5 weeks worth. I am concerned however that the backups could be deleted after the site is compromised.
2:26 am
Have now copied a set off of dropbox onto my own (not the website) server, only took up 1.7 gb so no real problem, I'll try to remember to refresh it every so often. Most of the sites do not change very much.
11:47 am
Been using Code Guard for years. Never even have to think about it. Great service.
1:08 pm
I'm using Backupery for Wordpress tool. Really easy to use and reliable and so love its ability to backup to several destination at once.
3:19 pm
If you can backup to ftp, it is a good idea to make a free account with a file locker as depositfiles.com. In the free version, you can upload as many files you want, and they will delete files without downloads only after 90 days. So even if you make an hourly backup, you will still have access to 90 days old backups. We use it together with Dropbox and some recent copies on the server.
7:51 am
The best approach is having a backup solution that must contact your host(s).
The setup used at my company is as follows:
1) The dedicated environment backup servers (located at another provider, in a different datacenter, at a different geographical location) connect using SSH to the Wordpress application and database servers. The backup servers can connect to the app and database servers BUT not the other way. That is in case of compromise it only works ONE way.
2) Using rsync the backup servers pull any changes to the backup system.
3) The backup systems run ZFS and copy the data to unique storage pools based on the node. All data gets copied at least four times. So in total the min count is five copies of the data (if you count the live).
4) ZFS snapshots are run every hour, every day, every week, and every month. So we can literally restore ANY data going back years. This is because we have hourly, daily, weekly, and monthly snapshots.
5) All of this is automated. Plus to restore we can simply rsync back any changes.