2. WordPress backups MUST be stored offsite (i.e. off your server).
While many servers promise to backup your website for you, I have spent more than twenty years in the business, and I have seen server backups fail for many different reasons. You should be backing up your website and storing it offsite. In other words, the backup should be stored somewhere else besides your web server. These backups can be very large (depending on your site), so sending them to your email address is also a bad idea. We use Dropbox to store all our clients’ backups, but you can also use any cloud backup system. It’s the safest way to backup your WordPress website and there are many to choose from. We prefer Dropbox, but you could use Google Drive, Microsoft OneDrive, Google Cloud, Amazon S3, Microsoft Azure, or many more.
If you store your backups away from your website server, you can also be sure that they will stay safe, even if your server is hacked. Server managers go to great lengths to keep servers safe and protected, but sometimes things go wrong, and we need to revert to backups to get websites up and running again. You want to be sure that your backup is safe and secure on a separate system.
3. WordPress updates can break your website.
It doesn’t matter how long you have been working with WordPress, or how experienced you are, there will be times when you update a piece of software on your site (like the WordPress core, your theme, or a plugin) that breaks your website. While there are many ways to try to rectify these problems, there are also times when the only possible solution is to revert to a backup of your website to get it up and running again. WordPress themes and plugins are built by independent developers all over the world, and there is no central point where they must test their software to check if it’s compatible with all the other WordPress software available. This means that one developer might update their plugin, and suddenly it conflicts with another plugin on your website and your site breaks. It’s frustrating, but it happens. Sometimes a backup is the only way to reverse the update and go back to the older version of the plugin to fix your site.
4. Your backup system should be easy to restore backups.
There are many different ways to backup your WordPress website, but the best plugins to do this backup your site in separate pieces. A really good backup plugin will back your site up into sections: the themes, the plugins, the database, the uploads (and sometimes the core, if that’s how you’ve set it up, although this often isn’t necessary). If your backup plugin works like this, then it’s much quicker to restore the part of your website that was broken by an update. In order words, if you updated a theme and the site broke, you’d only need to restore the database and the themes to get your site working again, instead of restoring the entire website. On big websites, this makes a massive difference and can save very valuable time when trying to fix a broken site so your website isn’t down when users come to visit.
5. Your website could be hacked.
It doesn’t matter how brilliant your website security is, there are MANY different access points for hackers. As web developers, we do our best to ensure that we block as many of these access points as possible using security plugins, extremely strong passwords, and close security monitoring, but the sad truth is that sometimes websites get hacked anyway. A plugin or theme may have been badly coded, which gave the hackers entry to your website. If you are on a shared server (as almost all small to medium websites are), you are vulnerable to other website’s security practices. If they get hacked and their website is on the same servers as yours, the hacker might be able to access your website too.
We need excellent backups to make sure that we can recover a website if it gets hacked. This is also the reason why we update website software so regularly. WordPress theme and plugin developers are constantly updating their software to patch security holes, which will make the software safer to use on your website. We always want to make sure that we have the latest version of the software installed on your website at any time, so we know we have the best security that we can possibly have.
6. Check that your backups are working.
It’s extremely important to check regularly that your WordPress website backups are working correctly. Sometimes, strange things go wrong. The WordPress scheduler might fail and not trigger your backup. You should check regularly that your backups are working (and succeeding, without any errors) so you are sure that your website is being backed up on the schedule that you’ve set, and that they are being transferred to your offsite backup space (like Dropbox).
7. Always backup before doing ANY updates.
On of the most important reasons to have strong, reliable WordPress website backups, is to make sure that we can safely update WordPress software. If an update breaks your website, you need to be able to toll back to the website before the update, as soon as possible. You can only do this if you have a backup of your website that was made right before you started to update your website. Therefore, you should ALWAYS backup your website right before updating any software, and after making any big changes to your site, so you know you always have a clean copy to work with, if you ever need it.
8. Keep enough backups!
You should keep AT LEAST EIGHT versions of your WordPress website, backed up offsite. Errors can occur at any time (particularly if you have auto-updates enabled, which is NOT a good idea). Sometimes you can’t be sure where an error has occurred, so you need to restore from older backups to get a clean version of your website. This is especially important if your website was hacked, and you didn’t know about it. We backup websites every single week, and we store eight copies of the site, so we effectively have two months of backups, should we need them. This has saved us many many times!
WordPress website backups should not be taken lightly. You should be using a reliable backup plugin, set your backups to automatically backup at a low-server load time, and you should check them to make sure they are happening correctly and on time. You should backup before updating any software on your website and should backup after any major changes on your website, so you can be sure that you have a clean copy of your site, should you ever need it.
This list might sound complicated, but it’s critically important that each step is followed correctly, so you aren’t forced to rebuild your website from scratch, should anything go horribly wrong. And it CAN go wrong…
If you don’t feel like doing this yourself, we offer a weekly offsite backup system, or contact us if you’d like to ask us any questions first.