You may or may not have noticed (probably the latter) that I haven’t posted anything in the last few months. It’s not because I had nothing to say, it’s because the account running this blog was hacked and I needed to migrate to a new server.
I kept my WordPress installation up-to-date, kept my plugins up-to-date, and used strong passwords (randomly generated letters, numbers, and symbols). Then one day I received an email from my webhost saying my account was suspended for spam.
Shocked, I discovered that scripts were running on my account which (in the webhost’s words) gained access to my cPanel account and were using that to send spam emails. Even more annoying, I was on vacation at the time and couldn’t do a whole lot about it. Try configuring websites from a cell phone, it’s more annoying than you think 🙂
These days, it’s not enough to assume that keeping everything up to date will save you from security breaches. You have to assume that someday, you’ll need a backup copy of your website. It could be a breach at the web host administration level, not via your account. It might even not be hacking, it could be that your hosting provider goes out of business. It could be that you end up at the front page of reddit.com and need to set up a mirror somewhere. In any case, it’s best to have a backup copy in your possession, and not rely on your webhost, though you can use that in addition to your personal copy.
As a side note: It’s best to purchase your domain names from one company, and your hosting from another company. That way you retain control of your domains in case of any disputes. If you do online business such as selling products or web design consulting, it’s likely to happen eventually 🙂
What good is a warning without a tutorial? If your hosting provider uses cPanel, here’s how you back up your WordPress (or other) web site:
- Log in to cPanel. You should be greeted with a screen similar to the following:
- Click on that button that says “Backups”
3. Click on “Download a Home Directory Backup”, then click on “Download a mySQL Database Backup”. You’ll have to click each database separately.
4. Click on each individual link under “Download Email Forwarders” and “Download Email Filters”.
5. Copy the files you’ve downloaded to a safe place. I personally use Dropbox since they’re stored both on my computer and a separate online location.
6. Every week, download the Home Directory and all mySQL databases again. I recommend you put a repeating reminder in Google Calendar to do this.
You might wonder why I suggest downloading each part individually instead of “Generate a Full Website Backup”:
- Your Home Directory and Databases will change constantly, as you upload new posts (with pictures) and users comment on your site. It’s rare that you constantly add Email Forwarders or Filters, so you only need to back them up when you edit them. Also those generally don’t get hacked, unlike the first two.
- Second, having them as separate files means in the event of problems, you can restore what you need by clicking those “Upload” buttons to the right.
I recommend keeping multiple versions of your backups, in case your account is compromised and you don’t notice it for a while. Assuming you haven’t upgraded WordPress or changed themes since, you can compare files (diff) to see what has changed.
I’ve been designing and maintaining websites since 1996, and my average time with a good web hosting provider is 3-4 years, with a bad one it’s a few months. Sometimes the good providers eventually get bought out or sell their company, or raise their prices. But hey, as long as you can restore your sites from backups, why worry about that?
Please excuse the horrible image annotations 🙂