The best backup strategy for your WordPress website

Avoca Web Design mountains image small
backup benjamin lehman gnyjcepvrs8 unsplash

Do you have a backup of your website that you could restore in under 5 minutes? Do you know who you could call to get that done?

Having a backup is essential protection from a whole raft of different problems your website can encounter:

  • Hacked? Have backups that go back before the hacking event occured
  • Deleted something accidentally? Restore to last nights backup
  • Broke something on your website? Restore to last nights backup
  • Plugin update crashed your site? Restore to last nights backup

The keys to “backup peace of mind”

To be able to quickly rectify these issues you need to have backups in place that run automatically. There is a few criteria for truely having “backup peace of mind”:

  1. The backups need to run nightly, automatically. If you run an ecommerce store or a membership site that has a lot of transactions or changes happening on it you might even want them to run more frequently so you don’t lose too many transactions if disaster strikes.
    • If they are not running automatically then as far as we are concerned it’s not backup, it’s purely window dressing. We can virtually guarantee you’ll forget to run it regularly.
  2. The backup system needs to keep at least 14 days worth of backups. If you get hacked you don’t always know it the exact moment it happens and you may need to roll back to some days in the past. If you only have the previous days backup, this isn’t any good to you. Also you will want to think about having at least 30 days of backups in an ideal scenario.
  3. You need to know how to restore the backup (or have someone who does that you can contact quickly). When disaster strikes, downtime can cost you money, especially with ecommerce websites.
  4. Backups need to be stored off site. That means away from the server that the site is hosted on so that if something catastrophic happens to the server, you can at least recover the backups of your site and relaunch the site elsewhere.
  5. Ideally you’ve got more than one form of backup. For WordPress sites that means as well as the server level backups the website host should be taking (please check that they are), you should also have a backup plugin
  6. Most importantly, don’t just assume that it’s sorted. Ask questions of your service providers and note any procedures or limitations to the service they provide. It could save your bacon if disaster strikes.

Step 1: It starts with you website hosts backup system

In order to make sure you can truely relax about backup, get a website host that automatically backups up your website every day. Many managed WordPress hosts do this. Howeve, be aware that you need to be able to restore an individual site not just the whole hosting account if you have any issues. Restoring the whole account would roll back all the sites you might have which can lead to unintentional data loss.

Most website hosts will list how many days of backups they keep in their plan details. If they don’t be sure to ask their support team what their coverage is.

Additionally you ideally want the ability to have them back up to both locally on your hosting (or to their internal systems which will sometimes be in a different location) and to an external service you choose such as Amazon s3, Wasabi or Backblaze. That way you have quick restoration options from within the hosting and also a copy of the site that is held externally from the hosting.

Server level backup is essential in a hacking situation

The hosting provider needs to be running these backups at a server level, not from a plugin installed within the WordPress installation.

There have been instances of hacked sites where the attacker disables all backup plugins that are installed in WordPress and prevents any restores via these plugins. Sometimes the backups can be manually restored but time is of the essence in these situations and having the primary restore method blocked is a major issue.

Ideally you’d be able to restore a server level backup that had been kept at a remote location rather than one locally on your server. This eliminates any possibility that hackers tampered with any backups you are restoring.

What Avoca Web Design does on our own hosting

We use a wonderful hosting platform called GridPane. They have excellent automated and incremental backups that can run to both the local server and a remote location baked into their hosting platform.

We implement both types. The local server backups might sound like that violates the rule about not storing the backup on the same server as the website. That’s true but it’s also super fast to restore backups from that location, much faster than downloading the backup from the remote location first. So we keep the last 7 days backups on the local server and that’s our first port of call if disaster strikes.

We setup remote backups to Backblaze B2 for every site using the same system. These we keep daily backups for 30 days and then monthly backups for up to 90 days. That gives us great coverage and redundancy.

Their backup system is extremely efficient and fast. This means that it doesn’t overload servers and we can run a backup before ALL updates so we have the ability to roll back the website if we need to.

Step 2: Have an alternative form of backup

Having just told how important Just relying on your website host to backup your website is leaving everything in their court. While most hosts are competent and caring, mistakes can and do happen. To cover yourself we recommend that you also have a backup plugin installed in your WordPress website that runs regular backups. This gives you an alternative restore option if something fails at the web hosting end.

When choosing a backup plugin we have some important criteria to consider:

  1. The plugin should backup to a reputable third party storage service. Backblaze B2, Amazon S3, Dropbox or Google Drive are all good options here. Many businesses already have either Dropbox or Google Drive storage they can utilise for this purpose. Using Backblaze B2 is very cost effective and fast as well (it is our preferred choice). This keeps the backups away from the web server.
  2. The plugin should not use too many server resources. Running backups can be intense, especially for large websites. Choosing a well made backup plugin will ensure that the load on the website is kept to a minimum
  3. The plugin should be able to create an incremental backup. This is a backup of just the files that have changed since the last snapshot was taken. This saves space on the

Many hosting based backup solutions are specific to the hosting platform and won’t work on other website hosts. Having a WordPress plugin that can restore the site means that you have a viable option to restore to a WordPress installation in a completely different part of the web if something happens to your website host.

Step 3: Test it and checkup on your backups occasionally

It’s no good having a backup system in place only to find that when you really need it, it doesn’t work or you don’t know how to use it.

Make sure you talk to your website host about whether you can restore their backups or whether they need to do it for you. Take note of the process and make sure your organisation knows who to call.

Pick a quiet time and test the restore. To do this you can make a temporary change to the site then initiate a restore. If the temporary change is successfully rolled back you’ll know your backup works. Take note of how it works and how long it takes. That way if you have to use it for real you’ll know what you are in for.

Depending on your hosting configuration you might be able to restore the backup to a staging site and check it there. That saves the live site from being affected by the testing process.

Make a diary reminder every few months to check that there really are backups running.

If you know your backups are working and how to restore them in an emergency that goes a long way towards keeping your website safe.

Brendyn Montgomery

Brendyn is the manager of Avoca Web Design, a keen trail runner and an accomplished and award winning musician.

Related Posts