Interesting question on Twitter today: "Can someone clue me in to backing up my files on WordPress"
As the hackers get better and more numerous, it only makes sense to have full backups of your WordPress sites.
Once your site has been compromised it will quickly be removed from the search engines' indices and your search traffic will be wiped out.
If you're dependent on search traffic this will be a killer.
Repairing your site after it has had malware inserted is a tedious process and you can never be sure you've found and removed all the bad files.
So the surest way to clean up your site is to delete and re-install the entire thing.
The last time one of my sites was hacked I deleted it and was back up and running in an hour - with a clean site - thanks to maintaining an effective back up process.
Backing up WordPress
If your site is running on WordPress there are two distinct parts to it:
- The database - containing all your posts, pages and comments.
- The system files - the platform that makes everything work.
And you need to back up both on a regular basis if you want to be back up and running quickly after a hack.
The most important element to back up is your database, because it contains all your content.
And there are several good plugins that will manage your database backups for you.
I used WP-DBManager for a long time.
Installation and set up is easy and you can set it to make backups of your database on a regular schedule and email the zipped files to you.
It will also repair and optimize your database and it will restore previously backed up databases.
Other database backup plugins will do those things, of course, but not all of them offer the optimize and repair options - which is why I liked WP-DBManager.
Back up system files
While WP-DBManager takes care of your database, you still need to back up your system files.
When I was using it I also used to copy (FTP) my system files back to my local machine each week.
This had the benefit of maintaining settings, plugins and themes, so if I needed to restore a site the process was quick and straightforward.
The alternative, of course, is to re-install WordPress after a hack and then import your most recently backed up database.
While this route will guarantee a clean site, you'll still need to re-install your plugins and themes, and re-set all your settings.
This is why I preferred to have a copy of all my site files on my machine: all I had to do was re-upload them to restore the site.
All in one backup solution
Today, though, I use the BackupBuddy plugin.
This backs up your entire site - both system files and database.
And, because it does both jobs (on a schedule) it has more than halved the time it takes me to get full copies of my sites onto my local machine each week.
It also has a very neat import (restore) script.
This enables you to delete your entire WordPress site, upload the import script and most recent backup, navigate to and run the import file (in your browser), and it will restore your entire site - lock, stock and barrel.
Using the same import process, it can even be used to transfer a WordPress site from one domain to another.
This is a huge time saver if you build client sites on your own development domains and then need to install them on the client's domain once they're happy with everything.
As with WP-DBManager, you can set BackupBuddy to email your backed up site to you, but you can also set it to FTP your backups to Amazon S3 or another server somewhere - pretty neat.
I now install BackupBuddy on all my own WordPress sites, and all sites I build for clients, as a matter of course.
Having a good, effective backup process is essential if you're serious about your WordPress site. It enabled me to make a very quick recovery when I was hacked and it helps me sleep better at night 🙂
Leave a comment with any questions.