The Importance of Doing Frequent Backups
Suppose your website is hacked. The hacker might deface your site and delete some of your precious online files. If you did not perform regular backups, you'll find it very hard to start all over again; in some cases, it may even be impossible to replicate the site exactly as it was before.
Another possible scenario is that you accidentally delete some of your files, or even a database. This can damage the normal operation of your website. If you do not have a backup for the deleted file, it is impossible to restore it.
You might know there are a lot of backup solutions for WordPress. Some take a plugin-based approach, while some are commercially-based solutions that require a monthly fee. It is also common to back up WordPress "manually," without the use of automated and commercially-based solutions.
A good example of a commercial approach to doing backups and protecting your site is vaultpress.com. The basic plan is around $15 per month; if you can afford it, it is nice to use. But most bloggers using WordPress find it a little expensive, especially when they're just starting out.
A plugin-based solution also looks nice. However, the risk is that WordPress keeps updating, while some plug-ins are no longer upgraded and tested to keep up with the blogging platform's latest version. As a result, the plug-in might not work; it might have some incompatibility issues with WordPress, or even introduce some security-related issues.
On the other hand, the most common backup method adopted by most bloggers (including beginners) is to simply download the entire WordPress website to their local computer using FTP, and download the WordPress MySQL database using FTP and PhpMyAdmin.
The down side is that your entire website can get pretty big, and it takes a long time to download and complete the backup. A glitch in your FTP connection/server can cause you to miss a lot of important files in the downloading process.
Downloading the WordPress database and important files such as wp-config.php using FTP is not a secure solution. Your traffic is not encrypted, and your sensitive information (such as passwords) might get compromised somewhere between your server and your computer.
The use of phpMyAdmin using the HTTP protocol is also not entirely secure, since the traffic is not encrypted. If security is of importance, you should use the HTTPS protocol for your phpMyAdmin, or download your database using secure shell (SSH).
This tutorial was written for beginning bloggers looking for free, secure and non-plugin-based solutions for doing WordPress backups.
Back up your WordPress files
A common mistake in doing backups is to download the entire WordPress website, including the WordPress core files. This is an inefficient approach, and is not recommended.
There are two types of files in your WordPress website. The first type is WordPress core files, while the second type is your personal and customized WordPress files.
The WordPress core files are the files provided by WordPress. If you are confused as to which ones are the core files, simply go to this page: http://wordpress.org/download/ , download the WordPress package, unzip and see the files.
Bear in mind, though, that wp-content is not considered one of the WordPress core directories because most of the owner's personal files are saved to this directory (plugins, themes, uploads, etc).
Your personal and customized WordPress files are the files maintained and created by you. These files are the following:
To have an efficient backup system, you must regularly back up only your personal and customized WordPress-related files. You can schedule either weekly or monthly backups. The actual steps are as follows:
1. Use SSH in uploading/downloading files. Most paid hosting accounts include this feature for free. So you need to enable this first in your hosting account. You can enable this using SSH Manager:
Your SSH username, password and hostname is most likely the same as your FTP login credentials, although for some hosting companies, they may not be the same.
2. Use an SSH client such as Filezilla: http://filezilla-project.org/. Depending on your hosting provider, most SSH connections require Port 22 and SFTP-SSH File Transfer protocol under "Servertype."
Below is the site manager configuration of Filezilla recommended for using SSH:
It is advised that you use "Ask for password" so that Filezilla will not store your passwords in your unencrypted hard drive.
If you find it inefficient to enter your SSH password every time you log in, there is another secure approach, for Windows users.
First, create a TrueCrypt container. A 4 GB NTFS container is fine. It is very easy to create a TrueCrypt container in Windows; just follow the steps in this tutorial.
Second, use the portable Filezilla version: http://portableapps.com/apps/internet/filezilla_portable. This is a standalone version of Filezilla, and does not need to be installed.
Copy the portable Filezilla version to be inside the encrypted TrueCrypt container.
Finally, launch the portable Filezilla to automatically connect to your SSH server without asking you to re-type the password; under "Logontype," choose Normal.
In this way, Filezilla will store your passwords in an encrypted section of your disk.
3. Download the following files to your local computer (you can also download these files to your TrueCrypt container):
Do NOT include the WordPress core files in your backup.
blog comments powered by Disqus