As the hackers get better and more numerous, it only makes sense to have full backups of your WordPress sites.
Once your site has been compromised it will quickly be removed from the search engines’ indices and your search traffic will be wiped out.
If you’re dependent on search traffic this will be a killer.
Repairing your site after it has had malware inserted is a tedious process and you can never be sure you’ve found and removed all the bad files.
So the surest and quickest way to clean up your site is to delete and re-install the entire thing.
The last time one of my sites was hacked I deleted it and was back up and running in an hour – with a clean site – thanks to maintaining an effective back up process.
Backing up WordPress
If your site is running on WordPress there are two distinct parts to it:
- The database – containing all your posts, pages and comments.
- The system files – the platform that makes everything work.
And you need to back up both on a regular basis if you want to be back up and running quickly after a hack.
The most important element to back up is your database, because it contains all your content.
And there are several good plugins that will manage your database backups for you.
I used WP-DBManager for a long time.
Installation and set up is easy and you can set it to make backups of your database on a regular schedule and email the zipped files to you.
It will also repair and optimize your database and it will restore previously backed up databases.
Other database backup plugins will do those things, of course, but not all of them offer the optimize and repair options – which is why I liked WP-DBManager.
Back up system files
While WP-DBManager takes care of your database, you still need to back up your system files.
To do that I used to copy (FTP) my system files back to my local computer each week.
This had the benefit of maintaining plugins, themes and settings, so if I needed to restore a site the process was straightforward: upload your system files, re-install the database and you’re done.
The alternative, of course, is to re-install WordPress after a hack and then import your most recently backed up database.
In this case, you can delete the new
wp-content folder after the installation and upload the backed-up one, which will restore your plugins, themes and media. You will also need to re-connect with the database, so you’ll need to update the
wp-config.php file with the new database name, database user and database password details.
If you choose not to use your previously backed-up
wp-content folder you’ll need need to re-install your plugins and themes, your media and re-set all your settings.
This is why I preferred to have a copy of all my site files on my machine: all I had to do was re-upload them to restore the site.
All in one backup solution
Today, though, I use the BackupBuddy plugin.
This backs up your entire site – both system files and database – with one click of a button or on a schedule.
Each Friday an automated complete site backup runs and is automatically transferred to Google Drive. From there, my Google Backup and Sync application downloads the backup file to my computer.
By this method the backup files for all the sites that I manage are transferred to my computer overnight every Friday – a completely painless process!
It also has a very neat import (restore) script.
This enables you to delete your entire site and database, upload the import script and the most recent backup (it’s a .zip file), navigate to the import file (in your browser), and it will restore your entire site – lock, stock and barrel.
Using the same import process, it can be used to migrate a WordPress site from one domain to another.
This is a huge time saver if you build client sites on your own development domains and then need to install them on the client’s domain once they’re happy with everything.
As with WP-DBManager, you can set BackupBuddy to automatically send your backed up site to off-site storage – e.g. Amazon S3, Google Drive, Dropbox and others, or even to another server somewhere – pretty neat.
I now install BackupBuddy on all my own WordPress sites, and all sites I build for clients, as a matter of course.
I wrote a detailed review of BackupBuddy on my WordPress Security site. If you’re looking for an all-in-one backup solution I recommend reading that review.
Having a good, effective backup process is essential if you’re serious about your WordPress site. It enabled me to make a very quick recovery when I was hacked and it helps me sleep better at night.
Owner – WealthyDragon