While building your business website, the first thing you are generally concerned about is getting your site up and running; it takes a lot of work, the main thing is to get everything working.
So, it’s up and running smoothly, and suddenly, something happens. It’s gone. Your files are missing.
If you have built your website on a local server, you may feel you already have a backup. You have everything in two places, right? Files exist on the server, and on your computer.
What could go wrong?
It doesn’t take a lot of imagination to think of what might happen. Your computer dies for some reason, be it an unexpected power surge, or your 3-year-old decides it’s fun to pour milk into your laptop. But hey, you’ve got it stored on the server, so why should you worry, right?
Not so fast….
What if the server has a problem, or that super-cheap and seemingly reliable hosting provider goes belly-up without warning? What about the fact that your website runs a database? Do you have an exact copy of every file on your computer?
This is where backing up a website becomes imprtant!
In this article, I’ll cover everything you need to know about backing up your website, including the why’s, what’s, and how.
Why backup your website?
There’s a variety of reasons why you should back up your website.
Without going into too much detail, there is no such thing as a completely secure system. No matter how many security procedures and protocols you put into place, all systems are vulnerable.
While there are degrees of secure, some systems are more vulnerable than others. It is virtually impossible to prevent your website from all types of attacks, and more so if you actually expect people to use your site.
Think of this like your house; you could seal it up like Fort Knox, but then nobody could get in at all, so you have to have doors. Sure your doors have good locks, but someone could always break in through a window.
The weakest point in any system is humans. All it takes is one bad click, or responding to what looked like an important email, to succumb to a phishing attack. Once someone is in your system, through software or otherwise, it is possible they could take control of your files for ransom.
Instead of having to shell out money to some unknown who may or may not return your site or files, you are far less vulnerable if you have a copy.
2. Deleted files/Bad commands/Human errors
Something as simple as deleting the wrong file on your server, either with a simple “click/delete” on Windows/Mac, or a command-line in Linux or its derivatives could wipe a key file or for that matter all files.
(In Linux, the command rm -r diretoryname removes a directory and all the files in it, often with no confirmation, even worse, rm -rf / can delete even read-only files and everything from the root, which will essentially kill your entire machine!).
Malicious behavior is more common than we’d like. Sometimes it is not even as simple as a malware, or ransomware type hack; there are many out there who hack into websites as sport. Even if the content of your website is something that you might not think is of high value to a hacker, this can still occur.
This is particularly a risk for those who use popular platforms such as WordPress, which have many well-documented weaknesses, which, if not patched, leaves you with a big target on your back.
4. Bad developer/Employee/Whoever
Many businesses rely heavily on third parties to design our sites. In most cases, web developers are as honest as the rest of us. Most (like <smile>yours truly </smile>) are great, and honest people (and modest!).
However, perhaps you get into a payment dispute? People being people vary widely when it comes to what they consider ethical behavior. It is very easily for an angry (or nefarious) employee who has access to your website back-end to simply take down the site if they are not happy, or for whatever reason.
This is something we don’t like to think about, but it’s generally a good idea to be safe.
5. Server Crashes
Technology is great when it works. In most cases, especially if you are using a solid and reputable hosting company, server crashes where your data is wiped out is a rare occurrence.
But even the best providers have problems.
Also, in many cases these days, your site is mostly likely being hosted on a virtual server. In other words, your data is not on an independent physical computer, but shared with many other people or businesses. It is very common for hosting providers to host many different “virtual” instances on one physical server.
For most cheap web hosting companies, this is more common than not, and unless you are willing to shell out the the big bucks to get your own physical server, you are very likely to be sharing space. If something goes wrong on another segment, it could affect your site and your files.
Also, even if you have hosted your site on one physical server, it is essentially still just a computer. While servers tend to be stored in safe places, much like with your own computer, there is still always the chance that something could go wrong.
Servers can overheat, there could be an unexpected natural disaster, a power fluctuation at exactly the wrong time, or even a hidden manufacturer’s flaw that could cause the loss of your data.
On top of this, server farms can be a target for coordinated Dedicated Denial of Service (DDOS) attacks which in extreme cases can require a full reboot; this always has the potential risk of some or all data being lost.
For these reasons, it’s generally a good idea to keep a copy of all crucial data in another place, so if one of these possible, no matter how unlikely (varying from case to case) these are to occur.
What should you backup on your website?
The types of things that you may want to backup can be divided into the following categories:
These are all of the files that make up your website. They include all pages/scripts/CSS files and images or documents, or any multimedia content that are the core part of your website.
You can think of these are content which does not change; they remain as static objects. As a result, they are typically the easiest parts of your site to manage and back up.
As is likely the case, most websites uses databases to store products, individual pages, or other items that are likely to be variations of duplicated content.
If your database is somewhat static (i.e. most items on your site rarely change) it is relatively simple to keep backed-up, much like the files.
However if, as in most cases, this content is fluid, such as blog posts, products, transactions, or anything else that changes or is added to in a regular fashion, you will need to find a way to regularly back up this data.
3. Email accounts
If you are storing a record of users’ emails or contact information. You also likely have a full email server and records of all of your email transactions through your host. You will likely wish to keep all records of your interactions, emails, and mailing lists using this account.
QUICK NOTE: If you are storing contact information in a database other than your mail server, you also will need to back that up!
How to backup your website
Backing up your site is not particularly difficult, but to begin so, you need to understand there are multiple methods. They vary by quality, reliability, and ease (depending on your skill level). It’s generally a good idea to use more than one.
1. Through your web host
Any good web host should create an automatic backup of all the files on the web server. The web host should do this internally and will typically make daily backups regardless of what you do.
So you should be able to fall back on your web host’s backup if anything should happen.
However, web hosts typically don’t keep multiple backup versions and you’re at their mercy. They will have some sort of tool for you to manually create your own backups.
For example, you can easily create a full backup of your website via cPanel, a common control panel used by most web hosts.
To use your server’s backup tools, you will need to ask your provider and read any manuals they have provided. Typically your files will be stored as a zipped file, and will be stored on your server.
You may need to specify which type of format you would like, depending on your platform. They will also provide instructions for how to restore a backup if it becomes necessary.
The advantages of using your provider’s services are fairly obvious; it’s typically seamless with your host.
However, the drawbacks have specifically to do with your hosting provider. While they may be excellent at hosting your site, it’s never wise to keep all of your eggs in one basket.
If something goes wrong, such as there is a fire in their server farm, or they come under some sort of attack from hackers (yes, this does occur upon occasion; nobody is immune and hosting providers are prime targets).
For these reasons and more, it is a very good idea to occasionally download a copy of the files to your computer. You also will likely still wish to at least manually keep a copy of your site yourself.
2. CMS website backup plugins
However, backup plugins can typically have the negative effect of slowing your site down. As PHP is the native programming language for WordPress, most plugins use PHP as well.
While this can be effective, it can tend to run slowly, meaning that they could slow down your site in the process of running (they typically will run off of the same engine that is producing your site), also adds clutter to your site, and is also a higher-level abstraction than is ideal.
Another factor is that you may, ironically, be making your site more vulnerable. PHP itself has some known security issues, especially if the code being used is outdated, or sloppily written.
Unless you are absolutely certain of the code going into these plugins (and seriously, who has time to pore over someone else’s source code?), the plugin you are using to keep your data safe may make it less secure. (Yes, many are reputable and provide quality code. I wouldn’t panic here, but this is something to keep in mind).
While PHP is a great coding language (it’s among my favorites, and I use it daily), it’s a good idea to keep as many features running outside of this platform. Typically if you want to run any backups at the OS level.
If you are running Linux or any of its derivatives, you would probably want to be running a shell script, or a batch file in Windows, or a macos file on an Mac.
3. Manual website backups
Many of us may be familiar with the “old school” way of backing up files: making a copy of all files and putting them on a removable hard drive or storing them in the cloud.
This is essentially the same method that you would use with your website, with some caveats.
Of course, if you create your website locally, and then transfer it via FTP (or hopefully SFTP) to your host, you technically already have a copy of your site.
However there’s a key difference…
If you have a database on your site, you very likely have different content locally (in your test database) than on the live site. This is especially true if you are using some sort of CMS software (WordPress and the like).
If this is the case, very nearly all of the content on your site is stored in a database and lives in no file at all, outside of the database itself.
Backing up the database is actually relatively easy, particularly if you use MySQL. You simply need to get an SQL dump of the database; which just a plain text file that contains all the content of your database.
Once created it can simply be uploaded or run as a file to rebuilt the database.
This is relatively straightforward. The following command will backup an entire database.
$ mysqldump -u [uname] -p[pass] db_name > db_backup.sql
If you want more details on running these, and the various options, check out the MySQL documentation
Go to the export tab of the database, choose all of the options you need (typically you will likely want to include “drop tables” and create database options to make loading a new copy over an older version possible, but buyer beware… it will truly wipe out existing data to replace with a new copy).
You can then take all of the files that are created (the source code, the database and the images) and zip them up and keep copies where you like (I personally like to use cloud storage such as Google Drive, or Dropbox).
The obvious drawback is that you must remember to do this and it is very easy to forget. So if you want to take this a step further, you can write scripts that do all of this and use the system to run these on a periodic basis.
In Linux it’s relatively easy to run the sql dump via command-line and then run this script as a cronjob, to run once a day, week, or whatever time-frame you like.
In windows you can use a batch and the built in task scheduler. My typical way of doing this is to run a batch with an sql dump and then a bulk copy of an entire directory to my Dropbox account.
QUICK NOTE: You will want to periodically clean out the directory where these are stored; while sql files, which are text files, tend to be small, they can build up over time, and if you are running other backups of images or multimedia files, you can find you have your drive/server bursting at the seams before long.
4. Website backup services
Of course, handling all of this manually can feel a little overwhelming; it still requires attention and something as simple as forgetting to clean out a directory can result in files being dropped or sudden fees being added to your account (Dropbox allows a few gigs for free, but then it quickly goes up from there).
For this reason, if you are running a business site, it’s probably a good idea to use a professional backup service. These will typically do everything mentioned by all of the above, but in a more reliable fashion.
Unlike manual backups, someone else will do the work for you and take care of all of those little problems you might run into. Unlike plugins, they will run outside of your site; you don’t need to add them. They should take away no processing speed and won’t create any security vulnerabilities while doing so.
Below is a very brief sampling of some popular backup services. (Disclaimer: This is not intended to be even remotely a comprehensive guide, just enough to get an understanding of what is out there. I have not tested all of the mentioned services).
- Sucuri Backups – a great solution since we recommend using Sucuri for your website’s security.
- Drop My Site
Website backup strategy: Best practices
No matter which method you choose, backing up your website should have a workflow plan.
While all of the methods mentioned above will work, you absolutely will need to have a strategy in place, or any mentioned system you have could suffer some serious vulnerabilities.
Make a checklist and determine answers to the following categories:
1. How often to backup your website?
This is important. Do you want to run backups daily or monthly?
You might consider the idea of running one every time there’s a change to your site (new product, new blog post, etc). This is up to you, but you should make sure you have a plan in place.
2. Automated scheduling
Following the above, setting a schedule is key. As a baseline, you will probably want to set a schedule for when backups will occur.
3. Use remote storage
Where are you storing this data? You will not want to just keep copies on your server, or even your laptop. Are you going to use an external hard drive? The cloud? Which cloud service?
4. Retention span
How long do you need to keep copies of each backup? Will files from a year ago be necessary, or are they just gathering dust and can they be replaced by more recent backups?
Security for your backups is important, particularly if you have proprietary information (such as confidential product pricing information, or even more important, customer records).
Have a plan for keeping backups encrypted & protected (AES 256-bit private key encryption and TLS/SSL transport security). Learn more about encryption.
6. Store backups on RAID Arrays
RAID Arrays (Redundant Arrays of Independent Disks) are not only a good idea for creating multiple copies of your website and/or data, but also improve performance.
They will provide extra protection in case one of the disks fails. This is a typical feature provided by professional backup services.
7. Selective Restore
Have a procedure in place in case you don’t need to restore every piece of your site. Maybe most of it is fine, but some pieces may have been lost.
For instance, if one product table is damaged, you only need to replace that piece in your SQL dump. This is typically a better idea than wiping out everything to replace one file.
In fact it’s a common mistake to replace everything if something goes wrong. Sure, this will work, but you will lose everything that occurred after the last backup.
It’s best to identify if you need to replace everything. Save full backups for a last resort if everything else fails.
How to restore your website backup
Okay, so your site disappeared, but you have a backup. How do you restore your site from the backup? This relatively straightforward.
If the copy is stored as a zip file, simply unzip it and load all of the files back into their original location.
Take the SQL file (the text file that was created during the SQL dump) and either recreate the database using the command-line, or if using phpMyAdmin (or any other graphical database management system like MySQL Workbench), and either import the file or copy the entire thing into an SQL window and run it.
Test it out locally, and if everything is working, then load it all back up on to the server. You should be back up and running in no time.
If you are using a professional backup service, this process will likely be even easier. Any decent service should provide you with tools for restoring your backup, be it a partial restoration or a full site restoration.
Bonus Tip: Use staging for development
Beyond the simple backing up of existing files, if you are developing your own site, or working with a team of developers you may wish to consider a versioning system for keeping a record of all stages during the development process.
When building your site, typically there are going to be versions and changes to the way your site is designed. Perhaps you are doing a complete redesign of your site, but would like to keep a copy of the old site.
Also, as is often the case, while developing the site, something goes horribly wrong and you need to find a file the way it was before it was changed. You will also want to keep a local development version of your site for making updates or changes before you launch it publicly.
This is where versioning systems come into play. These are similar to making copies of folders each time you make a change, but are much more organized and can allow for collaborative development.
Git is a fantastic tool for keeping your development process well organized. It works at creating good code backups both locally, and also to be easily moved back and forth to the cloud for safe remote backup.
Instead of having multiple copies of files in different directories; they are stored in branches, which can enable multiple people to work on files without as many risks of conflicts.
When they are ready they can be merged into main development branches and eventually to a master branch to be deployed.
Below are two of the most popular Git repositories.
- GitHub is free if you are willing to share your source code (it’s Open Source at its heart), but also offers very affordable private code repositories. It’s also a great place to look around for code snippets, and hosts a great community of developers
- BitBucket is similar; while not as large of a community, they do offer some private repositories for free.
While some methods have better advantages over others, backing up your website is a necessity that should not be overlooked. Ideally you should consider using a combination of the methods mentioned above.
Making sure that you have duplicate copies of files will save you a huge headache down the road. Even if nothing bad happens to your site, and you don’t need this, think of the extra sleep you’ll get not worrying about it.
You backup your files on your computer; your website should follow the same rules.
THE BEHIND THE SCENES OF THIS BLOG
This article has been written and researched following a precise methodology.Our methodology