Website backups go hand in had with security. They are security for a disaster or if you website gets hacked. You should make regular backups of your website. This applies not only to websites, but blogs, Joomla and Mediawiki sites.
Most hosting companies do not do backups for you. They backup the server installation, but leave you on your own for your blog. The better hosting companies will do periodic backups of your websites. If anyone know hosting companies that do or don’t provide backups please add them in the comments. I am talking about the basic hosting services that many bloggers and simple websites use. Siteground does weekly backups, while Hostmonster, Dreamhost, and Cyberwurx do not.
To do a backup, you usually have 2 options with most hosting company control panels. These 2 methods are as follows:
- Full backup of your entire site
- Includes your website, database and home directory files
- Options:
- Save this to your local computer
- Backup locally on the hosting server and then download when complete
- Separate backups for your database and your website
- Run this after you add plugins, themes, images, podcasts, videos or other files on your website
- Backup your database on a more regular basis
My recommendations for backups would be to do a full backup after you have your website completely setup and then again once a quarter. I would then recommend doing a website only backup monthly unless you make many changes to your website on a regular basis. This does not count frequent posting updates. I would then do the website backup at least weekly or whenever a large number of changes are made. Lastly, I would recommend backup up the database at least weekly. If you post multiple times a day you may want to make backups daily or find a service that does it for you.
To make these backups faster, more reliable, and quickly accessible, allow the backups to run locally on the hosting server. When it is complete, download them to you local computer.
While on the topic of Wordpress, I thought I’d share 2 simple and quick tips to help secure your Wordpress blog installation.
Security Task 1
The first tip is one you should have done when you installed Wordpress, but is easy to skip over and not do. This task is to remove the install program. If not, you run the risk of someone trying to reinstall your blog or what is more likely using it to get information about your account and server to hack your database. To remove the install program do the following steps:
- Log into your hosting account control panel
- Open the file manager and traverse to your blog/wp-admin directory
- Find the install.php file and delete it. If you wish you can download it to your computer first if you are paranoid about having a copy.
Security Task 2
The second task involves your blogs database security. Wordpress, along with many other web programs, place their database settings in the configuration file that resides within the web directory. For Wordpress, that file is wp-config.php and it resides in the root blog directory.
In most instances nothing will ever come of this although it is a major security risk. What can happen is that for some reason your blog does not work and displays the actual php code, you just exposed your database settings to a potential hacker. They can use this to delete or edit your content very simply. To fix this, do the following:
- Log into your hosting account control panel
- Open the file manager and traverse to your blog root directory
- Edit your wp-config.php file
- Find the lines of code that contain your MySQL settings. They’ll look similar to the following example code. Leave this window open for later use.
// ** MySQL settings ** //
define(’DB_NAME’, ‘putyourdbnamehere’); // The name of the database
define(’DB_USER’, ‘usernamehere’); // Your MySQL username
define(’DB_PASSWORD’, ‘yourpasswordhere’); // …and password
define(’DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value
- Copy these MySQL setting lines so you can put then into a new file outside of your web root directory. For example, your account directory when you log into your file manager is /home/youraccount. The web root would most likely be /home/youraccount/www or /home/youraccount/public_html.
- Create a new file in /home/youraccount directory. You can name the file whatever you wish, just make sure it ends in .php as shown in the example. For this example the name to use is blog.database.php
- Open blog.database.php and insert the lines copied in step 4 above as follows:
<?php
// ** MySQL settings ** //
define(’DB_NAME’, ‘putyourdbnamehere’); // The name of the database
define(’DB_USER’, ‘usernamehere’); // Your MySQL username
define(’DB_PASSWORD’, ‘yourpasswordhere’); // …and password
define(’DB_HOST’, ‘localhost’); // 99% chance you won’t need to change this value
?>
Notice the 2 additional lines, 1 at the beginning and 1 at the end. This tells the web server to run this file as PHP code. If you don’t put these lines in the file, you will again have your database information shown in plain text in the browser. An additional tip here, DO NOT leave a blank line after the final ?>. If you do, you will have unexplained issues in your Wordpress Control Panel, particularly in the Presentation and Plug-In screens (and yes, I found that out the hard way).
- Go back to your wp-config.php window and remove the MySQL setting lines now and replace them with the following:
require_once( ‘/home/youraccount/blog.database.php’ );
- Test your blog to make sure everything still works. If it does not, retrace the steps here to make sure you don’t have any misspellings and everything is correct before trying again. Linux is case sensitive, so also ensure the capitalization is correct. I would suggest going all lowercase anyway for simplicity.
These steps are simple, but effective in protecting your blog. Of course these won’t protect against every attack, but they go along way in protecting you. In addition, in case of a disaster you still have the backup that you can restore. Hopefully , you’ll never need any of these tips. However, it is better to be prepared just in case.
Powered by FireStats