Probably everything has been written about website security on the Internet and in books, but unfortunately only a small part of blog, website and shop owners take the trouble to analyse this very important topic.

I do not know exactly what this is due to. A lack of fundamental knowledge, blind trust in the webmaster, agency or operator, a tendency to put important things off until tomorrow, treating a website or online shop as something that does not physically exist and therefore cannot be protected, because how? Maybe a bit of everything.

Before I show you a simple way to secure a copy of your WordPress site, I feel obliged to shed some light on the topic of 'lack of motivation to do something'. It's important for you to be aware of how you should fear for your property. It's your property, not your webmaster, the agency you work with or the hosting company!

Lack of knowledge, the most dangerous error

Something you cannot afford to do unless your business is large and has a competent IT department within its structure. However, even in this situation, you should have fundamental knowledge and check from time to time that the security strategy is properly implemented and followed. Nothing relieves you of this obligation. I will say it again: it is your business and your money-making property.

If you leave your real-life office or shop, I'm sure you check carefully to make sure you haven't accidentally forgotten something. Lights are down, devices that could be dangerous e.g. causing a fire are off, windows are locked, alarms are on, doors are locked, storerooms are safe... You know it all because you care about your property and don't want anything bad to happen to it.

Why don't you do the same for your website or online shop? After all, it's also a part of your business, sometimes a fundamental one, without which your income can drop significantly. You take care of everything around you, but not the online shop, not the website! Why?

Boom in Strasbourg

The lack of awareness in this area is a serious problem, as demonstrated by the events at OVH in March, where the server building burnt down with all the data in it. The surviving sites are still not fully operational, some five weeks after the incident, and the owners of some of the sites located there still have no way of accessing their data. This is not a day, not two, but more than a month, and there is no telling how much longer this will last.

Those who have had the misfortune to have their projects located in a destroyed building have no choice but to rebuild the pages from their own copies. And what about those who never did? There is frustration and often a nervous search for someone to blame. The first to go in this situation is usually the webmaster, agency or hosting provider. This is natural.

As a people, we have had, we have, and we will probably have for a long time, great difficulty in admitting our own negligence and lack of knowledge and the fact that we have not done everything that should have been done.

"I'm not a computer scientist, I don't know anything about it, it's not my role..." The point is that you don't have to be a computer scientist. Below I will show you how simple these steps can be. If someone can upload a product to their shop, they will also take care of their copy in minutes. We'll get to that.

The more severe the loss we experience, the more aggressive we become, completely denying even the slightest responsibility in our minds. To such people it is usually difficult or even impossible to explain, because even the most delicate attempt escalates the wave of hostility on the part of the victim. He knows better. This is how we are constructed and every experienced webmaster, agency and operator understands this, or at least should.

Two examples - one of ignorance and one of deliberate error

A real example, not fiction. I won't give you the name of the company, but I'd like you to see what ignorance and disregard for your own business or uncritical trust in an incompetent webmaster or advertising agency that you entrust with the care of your online business can lead to.

Online shop with women's items. Base not particularly extensive, maybe 200-300 products, some blog posts. The shop has been running since 2017. The owner invests in marketing, so in Google Ads and in SEO campaigns, maybe Facebook Ads is also used.

The shop sells and generates income for the company. Apart from Allegro, it is the only sales channel as the shop does not do stationary trade. It operates only online!

It strikes midnight on March 9-10, 2021, and within the next hour the fire in the server room spreads to such an extent that the network and power supply fail. The following hours, until the very morning, is a fight against the element, which finally turns out to be a losing battle. The entire data centre area, including buildings not affected by the fire, is cut off from the world.

The shop owner loses access to it and what does it turn out? He has never in nearly 4 years made a copy. There is nothing. The unrest begins. After a week of the shop being inaccessible, nerves come to the fore. There are absurd accusations and intimidation. Nothing pleasant. The owner in no way accepts the idea that he should have his own copy of something that is so important to him and makes him money every day. He claims that he is not the one to make copies and it is not his responsibility. So who is?

Even if the shop earned little or even stopped earning money, its owner is the administrator of the personal data of its customers, which, if only for this reason, should induce him to independently secure a copy of at least the shop's database. Meanwhile, no movement has been made in this field apart from the insertion of information about RODO on the shop's pages. You will admit that this is paradoxical.

A lot of money, a lot of downtime and a lot of stress. This is the cost that this shop owner paid, and it could have been avoided in a trivial way. Unfortunately, he did not want to learn anything, until finally this ignorance bore bitter fruit and he suddenly realised the problem, but not in time. They say that a Pole is wise after the event, but you will not make that mistake.

Example number two. This is not ignorance, but error or, if you prefer, negligence. Also an online shop, but this time selling music. It has been on the market since 2004, so it will soon celebrate its 18th birthday. The product database consists of thousands of records and, unfortunately, a similar scenario. The shop owner loses nearly 18 years of work because he did not have a copy of even the shop's database. A real tragedy.

However, in this case he was aware of the fact that he should be making copies, but simply didn't for some reason. A costly mistake, but also an excellent lesson for the future.

They both did the same thing, or rather, did not do the same thing. The former has been on the market for 4 years, the latter for almost 18. The former is completely out of touch with his shop and prefers to count his money, while the latter knows how his shop works and adapts it to his own needs, but has forgotten something important.

The consequence was ultimately the same, but due to the different awareness of the owners, there was a completely different level of communication. The owner of the first shop took a demanding and attacking attitude from the start, while the second, despite having lost much more, started up the shop from scratch and communication and support was a pleasure.

They will probably get their data back when the server room gets everything up and running. However, there is no certainty. With copies they would be completely independent of the incident and the interruption, as with many others who have experienced the same thing after all, would last a few hours or so rather than a month or more.

Don't be an ignoramus who starts an online business completely unprepared. You never know what will happen in the future, and this is your business, your treasure, your property!

Any hosting provider will be happy to help or suggest how to implement additional security mechanisms, but cannot guess if you need such knowledge and assistance. If you don't ask, don't expect to get an answer.

Copy guarantee

No such thing exists. Your hosting provider makes copies primarily for themselves in case of hardware problems. Some give their clients access to them, others do not. Our strategy is that our copies are available to us and yes, if necessary, we can restore data from them at the request of the client, but in addition each client can create his own schedule and send copies to his external drives such as OneDrive, Amazon, Google Drive, DropBox and from there, if necessary, restore any part of the service: website, mail, databases, etc...

That is the point. Does the procedure described below require IT skills? Judge for yourself.

How to set up a copy on DiDHost hosting

In the accounts WordPress hosting We use double backups. One is ours, inaccessible to the client, and the other is also ours based on Acronis, where data in encrypted form goes to the Amazon cloud and is available in the panel for each client.

However, if you want to additionally protect your files with your own copy (it's worthwhile at least once in a while) just follow the steps below:

Login to your hosting account panel and on the right hand side click on the link "Backup Manager"

Hosting account panel

In the next step, you need to configure the connection to the external drive. To do this, click on the "Remote storage settings" button

Remote storage

The available services you can connect to will appear. In our example, we'll use Microsfot's OneDrive.

List of external drives

Just click on the icon. You will be redirected to the Microsoft Services login page.

Logging into OneDrive

Once you have successfully logged in, you will be asked to confirm your connection with a link which you just need to click on.

copy05

You will be directed back to the Hosting Account Panel, where you will click on the OK button approving the default settings. If you absolutely want you can change them, but I suggest leaving them unmodified.

copy06

The connection is now set up. In the list of available integrations, you should see under OneDrive that it is ready to use.

What I suggest is to additionally encrypt user passwords in the database. Just enter any string used for encryption here. You need to remember it or save it in a safe place.

copy07

You now have two options. You can manually initiate a copy of your account once in a while, or you can set up a schedule (Timetable). We will choose the latter option:

copy8

We modify the timetable according to our own needs, but below is the optimal configuration, which I recommend and will comment on in more detail in a moment.

copy09

The first field in the list is the activation of automatic tasks creating copies of your account, as well as the indication of the time at which the creation of copies should start. Suggestion: Try to choose night hours, when your website is least loaded.

Leave the incremental backup option checked. This is currently the best way to make copies with minimal impact on workloads and such a copy generates much faster. In this configuration you see full copies are made once a week, and the other days they are incremental copies. These are copies containing changes that have occurred since the last full copy was made.

In the settings, you can exclude from the copy certain resources such as domain configuration, mail and email backup, and even page and database files. If, for example, you use hosting only for mail, and the rest is not important, you can safely exclude user files and databases. You decide.

Further down you can see that the data will be sent to the OneDrive service we previously connected to, and below that an option that will disperse larger amounts of data into smaller volumes. This can be important if the site is sizable and there are limits on the size of a single file where packages are sent.

Further settings concern exclusion of log fileswhich do not affect the functionality of the site or mail, and can be quite large so there is usually no point in including them in the copies. Additionally, there is a place where you can enter paths to directories or individual files that you want to exclude. This is also useful. If you are using a cache plugin, it has its own cache data folder. Also, there's no point in including them in the archive because they can unnecessarily increase its size, sometimes significantly. You don't need these files for anything. The only thing you need to do is to track down the location of the folder where the plugin throws data of optimized pages and exclude it.

At the very end, you can activate email notifications in case something goes wrong in the backup process.

That is all!

Now when it is time to create a copy it will appear in the manager.

copy10

Just click on the date and then decide what you want to play.

Does this require IT skills?

I mentioned arguments like "I don't know how to make a copy because I'm not a computer scientist". What I showed above does not require a computer science degree, and I hope you can see that perfectly. This activity is so simple that I would venture to say that it can be handled by a child in the early grades of primary school. You just have to want it, nothing more!

Don't make excuses if you haven't taken a bit of trouble to check whether it's actually a complicated task and you can't cope with it. When someone says something like that, they immediately put their cards on the table. It's as if he's saying outright that he's never been interested in it.

If you don't have tools on your hosting like those shown above, you can always use plugins WordPresswhich do virtually the same thing, although they secure the site itself rather than the content of the entire hosting service.

I recently wrote about the plug-in WPvividwhich I recommend if you don't have other options available for making your own copies. For online shops where there is a lot going on every day, I suggest using real-time copies to further minimise potential problems. Such an option is provided by Vault blog.

Our clients interested in this solution are invited to contact us in order to receive individual conditions for access to the application.

Why all these tools?

To use them! If your data had a 100% availability guarantee no one would even bother to create plugins to back up your sites. They simply wouldn't exist. Take a moment to think about this, and then do something with this knowledge here and now to avoid unpleasant situations in the future.

I'm not talking about another fire in server room X or Y, because that's an unprecedented event that you may not encounter again for the rest of your life, but there are many other threats coming from the Web that are constantly mutating, posing a serious threat every day. The recent Facebook data leak is another example of how no one is safe enough.

Share

See also

DNS Anycast

DNS Anycast - what is it?

DNS Anycast, is a topic not directly related to WordPress, but one that affects how quickly a site can load, which means better quality results.

Free information on JZS news

I invite you to become a subscriber! Thousands of readers already subscribe to news from JZS.

You can unsubscribe at any time. Your address is safe here.

Featured LifeTime Offers!

Now4real

Build community and increase engagement on your site using Now4real.

Virusdie - Lifetime
Virusdie

An excellent tool to protect your website from attacks, as well as a tool...

PayForm lifetime offer
PayForm

Generate quick payment forms. You can increase your conversions with this tool!

Leave a Reply

Your email address will not be published. Required fields are marked *