Let’s Backup a Minute!

We recently enjoyed Bill Nye’s (‘The Science Guy’) new series on Netflix where Bill Nye Saves The World! In each episode he delves into a scientific subject and brings it alive with insightful explanations, demonstrations and discussions with an expert panel. In some episodes he likes to Take A Minute to make a passionate point about a topic. Subjects include climate change, alternative medicine, artificial intelligence, vaccinations and many more in the 13 part series. So it inspired us and we decided we should Take a Minute and discuss disaster recovery strategies for backing up and updating WordPress based websites.

Lots to Think About

In a nut shell you can adopt one of several backup strategies:

1. Do nothing.
2. Rely on your hosting ISP to have backups.
3. Make a backup copy of everything before doing any updates.
4. Routinely backup the site on a scheduled basis.

If we decide backups are a good idea we then have to decide where to backup to. Options include:

1. On the same ISP server account.
2. To a cloud account like Dropbox.
3. To a local machine, like your own desktop or office server.
4. To an email account as an attachment.

We also have to decide what to backup:

1. WordPress core (not really necessary because WordPress keeps archive copies of all releases)
2. Themes
3. Plugins
4. Customizations
5. Database (WordPress always uses a database)

And then we have to decide how to backup:

1. Via FTP
2. Using a plugin (there are several)
3. Relying on an ISP process
4. Some combination

But there are other factors that need to be taken into account:

1. How often do you update the site content?
2. How often do third party components (plugins, themes) get updated, either with new features or with security releases?
3. Is the site a web-app capturing visitor information?
4. How much custom code is included?
5. Is the site mission critical and a corner stone of a business enterprise?

Don’t Forget to Document

Backups are no good of course unless there’s a well known or documented process for restoring the site from the backup. Even if it’s not been tested, it’s good to know how.

Risk Management

Much of this is about risk management and how likely the site will be corrupted, causing loss of data or a business interruption! Here’s how you might lose your site and need it restored along with possible causes and some of our experience:

Failure Type	Possible Causes	Our Experience
Lost credentials for an ISP Hosting Account	site managing developer disappears	several times
Non-renewal and cancellation of the ISP Hosting Account	credit card expired or replaced, renewal notifications sent to an old email address	once
Non-renewal and loss of ownership of a domain name	credit card expired or replaced, renewal notifications sent to an old email address	once
Hijacking of the ISP Account by hackers, fraudsters or other miscreants	malicious attack	twice (but not recently)
ISP Hosting Account system failure	going out of business	never
ISP Hosting company failure	natural disaster	never

So far most of the problems we’ve seem tend to arise from human error.

Next Steps

Let’s try and keep this simple for now for different types of WordPress based sites:

1. For a glossy-brochure type of site, which just announces your presence on the internet with simple information about what you do, what you might sell in your bricks and mortar establishment that rarely chances from year to year and the site has no custom code, you might consider updating WordPress, themes and plugins as new versions are released and manually backing up once a year.
2. For a blogging site with weekly newsletters, visitor comments and no customization, you might consider updating WordPress, themes and plugins as new versions are released and scheduling a back up once a month.
3. For sites with more business features, say a Members Only area with free downloads and weekly content updates and no customization, you might consider updating WordPress, themes and plugins as new versions are released and scheduling a back up once a week.
4. For sites with eCommerce features that represents a portion of your business that’s tied to a third party inventory systems, it gets more complicated because the inventory system has it’s own update and backup needs. You might consider nightly backups.
5. For sites with custom code, updates are more complicated because any new versions of say, customized plugins, probably means you have to decide either to keep the original customized version, or have the developer update the new version with any relevant customizations.

Ask Us

It can get a bit complicated. So if you are unsure, we should probably do a review of the business needs, site architecture, any custom work done and resources available, or at least start a conversation. The level of risk that clients are willing to accept also plays a big part.

Even if your site doesn’t use WordPress most of the above suggestions may still apply! Call us now at 281-989-6272 or email robert@cirrillian.com for a free assessment.