Comments / Description:
This podcast is all about the key considerations you need to take into account when backing up your WordPress websites. Whether you believe it or not you will have a moment that your WordPress site goes down and needs to be recovered….are you prepared!?
We will go over many of the key points that are in many cases overlooked, but if they are missed could make your day go from being inconvenienced to being destroyed. I know that you all have heard that Location, Location, Location is the key in real-estate, but it is just as critical in backups and you will get a first hand understanding of the importance of the data location in your backups.
In addition, I will go over the various plugins you can use for your backups and some of the more important aspects of that you may not have considered or thought about from a Security perspective.
Lastly, I will finish up with the Pro Tip of the week going over the nuances with SSL certificates and what you need to know as a online entrepreneur.
You will learn
- Importance of Backup Locations
- 3-2-1 Backup Strategy and how it affects WordPress
- The best Backup Plugins to use and consider
- Is a Hosting Provider a good backup solution
- SSL Basics that all entrepreneurs should know
Links and resources mentioned in the podcast:
Enjoy the podcast; I hope your enjoy the podcast and it helps you secure your WordPress site and your business online!
Click here to leave us an iTunes review and subscribe to the show! We may read yours on the air!
Thank you for listening!
Thanks again for listening to the show! If you liked it, make sure you share it with your other entrepreneurs you may know. My goal is to help as many online entrepreneurs secure their WordPress site and their online business. Help me by sharing the show!
If you have comments or questions, please be sure to leave them below in the comment section of this post. See y’all next week!
One quick question for you:
- Are you ready to deal with getting hacked or would you like to keep the evil hacker horde away from interfering with your business and personal life?
At WPSecurityDaily.com you can get in-depth step-by-step training products walking you through the processes of securing your business and WordPress site. There are volumes of training videos, printable worksheets, training guides, training materials that can be rebranded to your business, and so much more.
Get your daily updates on WordPress security…”keeping your business safe every day at WP Security Daily”
Can’t listen right now? Read the transcript below!
Shon: Alright. So today we’re going to be talking about WordPress backups and key considerations in backing up WordPress websites. Now you probably heard it and you’ve seen the blogs. You understand it and you should probably back up your stuff. Well you should. So the simple fact of the matter is that you are trusting the fact that something may happen to your site and you’re prepared. You’ll be alright. Things will all work out. It’s not a good option when it comes to dealing with WordPress, right? Especially if you’ve invested a bunch of time and energy in doing this. And it could be if it’s based on your livelihood that you could lose your business. So let’s get into a little bit about some key considerations when doing backups for your WordPress websites.
So as we’re talking about putting it off as my Ugandan daughter says, “Dad, is that bad?” And it can be very bad. So the question comes into is don’t put it off. Multiple instances I’ve had this happen to myself from including migration SSL, migrating my WordPress site that I’ve gone back on it. The pit in my stomach goes, “Oh no, this is not good.” So it’s important for you to do it just because you don’t know what’s going to happen. And it can happen in multiple ways, from the plug-in that you put in place to potentially theme updates, corrupted database or even worse a hacker. So you just don’t know. You don’t know what’s going to happen and if you don’t have that backup is the time that you wish you would have a backup.
So let’s talk about how we can get this taken care of and some of the key things for you to think about. So it’s a very simple strategy. It’s called the backup rule. 3-2-1. And how it works is you have three copies of the data. So you probably already have this and you don’t even know it but you have to have three copies of a specific data, picture or file, whatever that may be. And if you have those three copies, you’re now in the situation where you can copy wherever you need to go, right? But how often do you probably have something like that on a laptop and then you copy it over to another laptop? So you probably have those three copies but if this is an orchestrated effort to make that happen. And if you orchestrate it, then you know it’s going to be there versus going, “Oh no, where did I put that? I can’t remember. Oh, no. Where did I put that?” And then you’re hunting for it, right? And that’s also in the middle of something just deciding to die and go nuclear on you from your system. And then you’re trying to deal with that.
The other way that you may have it is in your hosting provider you may be on your system, your WordPress site itself. It can be backed up in their server. So it means it’s in multiple places. The other thing you may even have potentially is in your USB or online storage and you didn’t even know it. So those are places you can put it. A USB is your universal serial bus but you probably all know it as a thumbdrive. Those devices people store stuff like that on there all the time. So again 3-2-1 rule, three copies of the data. Now we’re roll in to number two.
Right so you have two different media types. What that means is you have different storage places you can stick it, right? And in a nice way. So if you put this storage media on a thumbdrive or on a CD or a DVD that is a media type. So that’s some place you can stick it. Or you can potentially put in on a hosting server. So when you host your WordPress website out there in a Cloud, it could be stored there. You can do a backup on there. Just depends, right? So you consider that data that you have out there on your WordPress site as one form, a backup as another. And then let’s say you created something on your computer that’s another, so that’s three types. And maybe you can store in multiple places. And again we’ve talked about the USB, the CD-ROM and the DVD. Those are different areas that you can possibly be storing your data as well. So three different data types, three different pieces of data, two media types. And then you’re backing up your core site to DVD and see if it was as complete or close to it. So you should back up all of that. So when you’re dealing with your core WordPress website, that should always back up to your backup provider.
And then you need to have one off-site. Now this could be a myriad, rather than $10 word, of locations. It can be your home, your office, it could be the Cloud, just really depends. As an example my dad, he backs up his data for his company to a hard drive that sits inside of a safe. It’s a fireproof safe. And though what he does is he takes that data home with him once a night or once a day. So when he goes home in the evening, he takes a copy with him. So just in case something happens with the office, he still has a copy of the data. And you know like anything else, if something would break, he now has it with him versus if ever the house or the office breaks down, he has something there.
Another thing you’ll look at is plug-ins are abate directly through your Dropbox account or Box or some other file sharing location. So if you get that set up, then it’s automatic. Auto-magic. Just kind of works. And that’s a really great option to set it up for the fact that you don’t have to keep remembering to do it. And it just goes through a Cloud account that you have out there.
Back up your site to a zip file and put on a USB stick is an option you can do. It may be a little hard to do that but you can do this. And you can do this through WordPress itself. You got this export area, where you can – I think it’s in the general settings. Where you can actually export your themes, your plug-ins and so forth to a file, a zip file. And then you can store that as well. Now this is good if your site doesn’t change a whole lot. However if your site changes a bit this can be a bit onerous and kind of unwieldy so you may want to consider that if that’s an option or not. But the nice thing is that you also have it set up so that it’s anything can be automatically set up.
Some they consider those like my dad’s safe and his hard drive. It’s kind of interesting because he actually drove a hole in the safe, puts the cables through it, then cocked up the holes with fireproof cock. And that’s where he’s got it going. Now the question comes in to those if this is one option that he’s done. I’ve asked him the other day. I said, “So have you backed up or have you restored from that?” And he went, “No.” Backing up is one thing. But restoring is another. And it’s not good to say, “Yeah, I got my backup.” You got your backup and then when everything goes to dickens and you have to come back and restore it, there’s nothing there. Not so good. So I recommend backing up but I also recommend restoring it every once in a while.
So that’s your one. That’s your off-site. So three different places or three different medias, right? Three copies of it. Two different media types. So you get your USBs and CDs or in the Cloud wherever you want to go and then one off-site location minimum. It could be your home. It could be the Cloud whatever.
So I’m talking about location, location, location. This is what you do when you’re talking to real estate, right? The better the location, the more they can ask for it. Well this is the same when dealing with WordPress sites in the fact that location is extremely important. Now if you decide to do your backups with your hosting server, your hosting provider, there’s the shared, there’s the virtual private server and there’s the dedicated, different options right? So this is based on what mine does. But they could have a very similar terminology but it’s the same concept. Like you share certain resources with somebody, you have your own virtual private server. Or you have an actual dedicated iron-clad, iron-running server. I’m trying to think really cool Gucci name that I’ve heard before but didn’t do it. Hard room, yeah. Or iron something like that, big iron. Alright. So you can set this up on your seat panel which is your control panel and this can be configured already. So like in the case I’ll choose Host Gate as an example. They do a random one time week backup. It was random. Just totally, right? So you could run the risk of it being two weeks from the time it was first backed up. So let’s just say they back it up on a Monday. The next week rolls around. And they decide to back it up. Or just come into that next week. They decide, “You know what? We’re going to back it up on Tuesday.” So now okay you got a weekend and a day. Well let’s just say they decide, “You know what, this week we’re going to back it up on Sunday.” So you can potentially have two weeks that you didn’t have any data that backed up. So something to consider to that. They also will charge you $15 if you use their shared plan, which means if you want your backup back you got to pay them 15 bucks for the headache and the day is solved. So you can’t consider if that’s what you want.
Virtual private servers, they have it in the case of Host Gate they have a dedicated weekly server or backup that they provide. And this includes everything that is on your virtual private server. So they would do this on a dedicated basis. They’ll do it for you. And I know there are some hosting providers that have this built in their packages which will do backups and they’ll restore it for you as well. Just you got to call them and boom it’s done. So it depends on what you want to pay for and what’s a better option for you in the future in how you want to handle that. So either you do it yourself or you potentially pay somebody else to do it. And in a dedicated server, in their case they have other options but they don’t really have a dedicated backup solution even if you have a dedicated server. They’re requiring you to do that. But again back to the previous comment, there are some hosting providers that will provide all for that for you and you don’t have to mess with it. So it just depends on what you really really want. If you have a long-term plan, the goal would be to get into something that has it already built in would be nice in your monthly fees. And then you don’t even have to mess with that. So it’s just comes down to how much pain do you want to off-load to somebody else.
So location and back to location, location, location. Again another one is click Cloud Storage. Get your OneDrives, Dropbox, Amazon, S3 and Glacier. Okay Amazon and Glacier are awesome, great. We’ll get into those different challenges. So plug-ins well these will create some automation for you. Again plug and play, you did your setting, forget it, you’re done. It’s a really cool, little one-liners right there. Wish I came up with them. But it will set up the automation for you on Mondays, Tuesdays, and Wednesdays at 6 am, 12 pm, whatever you may want. You can set up the hourly rates. You can set up daily whatever, how you want to do it.
Something to consider when you’re doing backups is do at least once a day. The reason I say that is because if you do more today, about anything that changes you will have it. Now, if your site’s continually changing, so you run a forum or something like that, you may want to consider that backup to occur once every six hours or so. Maybe every 12 hours. The point of this though is you need to think about when you do those backups. If you do those backups during high peak times, it could cause some performance issues. So consider who your audience is, consider when they usually hit your site and then set your backups to that time frame. Okay another thing to consider is the size of your backups and how much free storage you actually have available. So when you first start off your WordPress site, you may not have a whole lot as far as size goes. And let’s just say, you don’t have a podcast or like a WordPress Security Daily, selfish blog there. Say you have another thing out there, video content on you site, whatever it may be, that the point is you want to probably want to store out there to begin with, it will affect your performance but two, lets just say you did store out on your WordPress site, you will quickly balloon in size that it can get to a point where the free storage, if you’re trying to get free storage on Dropbox or OneDrive may get exceeded by it. So just something to consider on that. But that your backups will get bigger with time. Now if your storage requirements do push you on the edge, you may want to consider getting a different hosting provider or buy some storage space.
With that, we’re now talking about Amazon Glacier. Amazon Glacier is great in the fact that it will allow you to archive data for a long period of time. So it’s great for backups, that you don’t plan on getting back. It’s cheap, it’s very inexpensive. The downside to it though is once it died, and you’re trying to get your data back, it does take a long time to download it. It takes some serious time to download it. So if your business is running off of that, I knew you got this thing up and running quickly, Amazon Glacier is not your best choice. However if you got large amounts of data that have to be backed up into the Cloud and you really don’t, you just put them out there for archive storaging, you’re not expecting to go back and get them on a routine basis, then Glacier is a good option for you.
Another option you can do is copying your files to a personal computer, whether that’s a Macintosh, a Mac book, whatever it may be. Or it could be just really Windows device. But copying it to your personal PC. The plug-in, the backup plug-in, you will directly do that to your PC or to your shared server. You can set up the plug-in to do either one of those. And then you do file transfer protocol or FTP as it transfer file to the PC. So there are lots of different options if you want to bring it back to your computer. And you may bring it back to computer and your computer’s backed up on a daily basis, you recover it. It just kind of depends on what works best for you. But the thing key files you want to focus on on the site database like number one, it’s got all your stuff sitting in that. Your WP config contains all of your setting and your WP content directory plus the content that’s got your I-themes, your themes and your plug-ins. So make sure that you get those files and you use your site database. And there might be reasons you want to do this. However, let’s be clear. I like this simple. I’m lazy. And if I can just push a button and it works then giddy-up I’m ready to rock and roll. So just something to consider how much pain you want to put yourself through and then again remember more complexity — The antithesis to security is complexity. So more complex, less secure. And in most cases also, more complex, more chances for things to break. That’s my fuel in life. But again you can do what you want.
So the key thing to think about is you automate it and make it auto-magic. I don’t have the time and you may not and you will forget to do it. And other high you will miss something. It’s guaranteed, right? So just set it up and set it and forget it. Let it go. Let it rock and roll. And then you don’t have to mess with it. But keep tabs on it because you want to make sure it doesn’t break on you. But you still just set it and let it go. The good thing is back up the backup. And we talk about the 3-2-1 principle. But the rule of thumb around data backing up and so forth is that if the data does not exist unless you have at least two copies of it. So we talk about having three so that’s even better but at a minimum you’d have two copies. So that will be one on one computer and one on another. That’s at a minimum. Okay? Don’t keep your only copy on your hosting provider server because you know what? It can take them a long time to get back to it. And by the way, if for some reason your site is hacked and they consider your site hacked as hosting provider, they will nuke it. And if they nuke your WordPress site and if they haven’t got a good backup lately, you may have a chance to go clean it up, you got trouble. So again a backup to the backup. And also restore it before you need it. Yeah, we talked about it earlier but you need to make sure that maybe you set up a subdomain to your WordPress site and you will restore it to that subdomain. So you have mystore.com, right? Well set up test.msytore.com and install WordPress on that subdomain test and then restore your mysite or mystore.com to your test site. They’ll take it real quick as far as how you’re doing. And if it will back up or restore from the backup, okay? But key thing to consider and especially there’s always a big warning sign at the bottom, if you delete any content, so like say you had a whole bunch of pictures and then you go, “Hey I need to delete those pictures,” while you’re in the test domain, they share the same database. So with pictures. So if you blow it away and you say, “Oh I’ll just go overhead and delete all my pictures.” You can potentially delete all the pictures that are in your site as well. So just be careful with any of that. Research it a lot before you go and do it.
There’s a wide range of plug-ins available depending on your need and functionality. So there’s Updrop Plus which is a good free version for the basic blogger in a scathe yearly pricing. It’s going to launch you 1 G of online storage. Now it allows you to put to a Dropbox or other account. So you don’t necessarily need their 1 gigabit of online storage. Backup Buddy is another really well-recommended solution and one thing I like about is it does provide malware inspection. So it will actually inspect your data as it’s being backed up to make sure there’s no malware. And the reason why this is important is because sometimes bad guys will put their stuff on your site, you back it up. When you go back to read it. “Hey I’ve been hacked.” Now you go back to restore it. And you restore it and guess what? Oh you restored the malware as well. So that’s a really good option from Backup Buddy. And in VaultPress is another really highly recommended one that does yearly, monthly pricing as well. So just some thing to consider about which one is the best option for you at the time of your business.
Right, so we’re going to roll right in to the pro tip of the week. So let’s talk about SSL basics. And we’re just going to need a real basic stuff on this because it can get a little overwhelming very quickly. So first thing is certificates. We’re talking about certificates here. So this is what we’ll encrypt or the encryptic communication that you’re going to have between you and other parties on the web. The big push is to try to get everybody with the domain validation certificate which means you are validated as an entity that you give as certificate. Now anybody go and buy it and honestly there’s now a huge amount of checks that goes along this. But it does give you a certificate. It allows you to be secure while you’re communicating on the web. It also helps your SEO when dealing with Google. They like that. I think that’s a good thing. So it will be who of you to get it. If you can do it through let’s encrypt and then self-sign are using their domain validation certificates, there’s a little bit of wonkiness that has to go with that but they’re getting better with it, then that’s a great option. If you want to go pay for one of your hosting provider, that’s another option as well. But the self-signed certificate is the easiest. You can do it with you internal memory. You can do it right now at home. You can sign your own certificate and it basically say anything on your home system, your home computer. So all the computers in your network talking to each other. You trust, you have signed for the authenticity and that this is going to be secure. And when you do that, they can all talk to each other using a self-signed certificate. Now if you try to go to the Internet or you try to put a self-signed certificate on your WordPress installation, you can do this but it’s not a good thing with search engines. They will not look at it, and most people, it will come up as a flag saying, “No, this is a self-signed certificate. Do not trust.” So I would not recommend that. Domain validation is one of the easiest ones. We’ll give you an actual certificate for your domain address. It verifies that you are in the case of the WP Security Daily, you are wpcsecuritydaily.com. There’s organization validation which actually goes the government checks out your actual organization or your business. That’s pretty much it. It just says, “Hey, if you’re with billsblindcleaning.com they will verify that yes, billsblindcleanning.com is actually a business and you’re good to go.” That’s organizational site. It will be a little bit more expensive. Extended validation is the best. It’s the granddaddy and it costs more. Obviously but what it does is it doesn’t give you just a little padlock and show the URL. It’s got a nice big green bar up there. There’s a lot of great things that it does. It takes a lot longer because you’re doing organizational checks, they’re doing a lot of stuff to verify yeah, you are who you say you are. So you see this in like PayPal’s, they all have that. And I’m not there. [inaudible] but once business starts growing more, I will be in extended validation search because it’s just good business. It’s a good way of doing business.
There are multidomain certificates so this addresses subdomains that are associated domains. And like in the case of you got mysite.com, right? www.mysite.com. Well but let’s say you own mysite2.com. So that’s another domain that you own. So you have in the case of that, you own this other domain, you want to go ahead and have that domain under a cert. You can. You can do it. But you have to buy a multidomain cert rather than buy an individual cert for mysite1, mysite2, mysite3, you can buy this multidomain and it helps. It also helps with subdomains that are tied to it. You have wildcard certificates. This is in the case if you have a domain where you’re using male.mysite.com or blog.mysite.com, you have subdomains to that, or just splat.mysite.com, the wildcard will allow you to basically put an SSL certificate on all of those. So it’s a really good option for that. And it gives you much more flexibility. So you just got to decide which is best for your situation and what you want to actually encrypt. Now you don’t have to do everything. It’s not a mandatory or requirement that you do that. It’s just good online business but you also got to consider the data. Is the data word being encrypted? Maybe. Maybe not. If not, if you could care less, then don’t do it. If you think that it’s important and you worry about things like that, then you should do it. You just have to decide what level of protection you really want to deal with.
Alright. So just an overview, we talked about how important it is that you don’t put off your backups. But just do it. Just do it. Just say yes. Just jump into the pool. The water’s warm. Just do it. 3-2-1; yeah, you’re basically different. Your three different copies, your two media types and your one off-site location. Some key consideration think about when you’re doing your backups and the importance of doing it. But some key points to consider especially like dealing with Glacier and so forth. And the backup plugins that work out best for you depending on what you really wanted to do. So those are different areas. And then our pro tip of the week we talked about our SSL certificates and how they’re in a nutshell for squirrels to come take them away.
Alright. So that’s the overview of what we’ve done. Hopefully you got a lot out of that information. I was there to provide it for you. So it was good times. I really enjoyed it.
Make a Difference
I am a firm beleiver in making a difference in this life and that is why i am promoting a site called Mercy for Mamas. Below is why Mercy for Mamas was started, from Melissa Busby:
Mercy for Mamas started in 2010 as a small personal project for Melissa Busby. Melissa felt a burden for the pregnant women of Uganda during the adoption of her daughter Mercy, whose mother died from delivery complications. Shortly before traveling to Uganda in 2010 to complete Mercy’s adoption, Melissa learned about mama kits and decided they would be a great way to honor Mercy’s mother. She collected a few donations and thought that would be it. But as Mercy’s adoption story dragged on, Melissa decided to continue the work. She heard stories again and again of women dying in childbirth. She heard testimonies of the difference these simple mama kits could make. She knew she had to do more. She again explained the need to friends and family and this time the response was overwhelming. During the ten months Melissa was in Uganda she was able to distribute nearly 700 kits. We’ll never know what could have prevented Mercy’s mother’s death, but Melissa wants to do all she can to keep more women from dying during childbirth.
If you feel so called to help out you can visit thier site here or click the button below.
Just think….you could actually save a life today! How cool is that!
Thanks so much for listening and being a part of WP Security Daily!