Lots to Think About
In a nut shell you can adopt one of several backup strategies:
- Do nothing.
- Rely on your hosting ISP to have backups.
- Make a backup copy of everything before doing any updates.
- Routinely backup the site on a scheduled basis.
If we decide backups are a good idea we then have to decide where to backup to. Options include:
- On the same ISP server account.
- To a cloud account like Dropbox.
- To a local machine, like your own desktop or office server.
- To an email account as an attachment.
We also have to decide what to backup:
- WordPress core (not really necessary because WordPress keeps archive copies of all releases)
- Themes
- Plugins
- Customizations
- Database (WordPress always uses a database)
And then we have to decide how to backup:
- Via FTP
- Using a plugin (there are several)
- Relying on an ISP process
- Some combination
But there are other factors that need to be taken into account:
- How often do you update the site content?
- How often do third party components (plugins, themes) get updated, either with new features or with security releases?
- Is the site a web-app capturing visitor information?
- How much custom code is included?
- Is the site mission critical and a corner stone of a business enterprise?
Don’t Forget to Document
Backups are no good of course unless there’s a well known or documented process for restoring the site from the backup. Even if it’s not been tested, it’s good to know how.
Risk Management
Much of this is about risk management and how likely the site will be corrupted, causing loss of data or a business interruption! Here’s how you might lose your site and need it restored along with possible causes and some of our experience:
Failure Type | Possible Causes | Our Experience |
Lost credentials for an ISP Hosting Account | site managing developer disappears | several times |
Non-renewal and cancellation of the ISP Hosting Account | credit card expired or replaced, renewal notifications sent to an old email address | once |
Non-renewal and loss of ownership of a domain name | credit card expired or replaced, renewal notifications sent to an old email address | once |
Hijacking of the ISP Account by hackers, fraudsters or other miscreants | malicious attack | twice (but not recently) |
ISP Hosting Account system failure | going out of business | never |
ISP Hosting company failure | natural disaster | never |
So far most of the problems we’ve seem tend to arise from human error.
Next Steps
Let’s try and keep this simple for now for different types of WordPress based sites:
- For a glossy-brochure type of site, which just announces your presence on the internet with simple information about what you do, what you might sell in your bricks and mortar establishment that rarely chances from year to year and the site has no custom code, you might consider updating WordPress, themes and plugins as new versions are released and manually backing up once a year.
- For a blogging site with weekly newsletters, visitor comments and no customization, you might consider updating WordPress, themes and plugins as new versions are released and scheduling a back up once a month.
- For sites with more business features, say a Members Only area with free downloads and weekly content updates and no customization, you might consider updating WordPress, themes and plugins as new versions are released and scheduling a back up once a week.
- For sites with eCommerce features that represents a portion of your business that’s tied to a third party inventory systems, it gets more complicated because the inventory system has it’s own update and backup needs. You might consider nightly backups.
- For sites with custom code, updates are more complicated because any new versions of say, customized plugins, probably means you have to decide either to keep the original customized version, or have the developer update the new version with any relevant customizations.
Ask Us
It can get a bit complicated. So if you are unsure, we should probably do a review of the business needs, site architecture, any custom work done and resources available, or at least start a conversation. The level of risk that clients are willing to accept also plays a big part.
Even if your site doesn’t use WordPress most of the above suggestions may still apply! Call us now at 281-989-6272 or email robert@cirrillian.com for a free assessment.
Recent Comments