Backing up is something people know they should do, but put off until some unspecified day in the future. It never seems urgent and there’s always something more pressing to do. At least, that’s true until the moment disaster strikes and you kick yourself for not backing up sooner.
In 2017, a lack of backups caused catastrophic destruction and expense across Europe and the US. Thousands of businesses and individuals lost important data, money, and time. We tend to focus on the immediate cause of data loss – in this case, ransomware, but those losses could have been prevented with up-to-date automated backups.
There is nothing you or I can do about the existence of deeply unpleasant people who think hacking and ransomware attacks are a good way to make a living. But we can protect ourselves from them, and backups are one of the best ways to keep your WordPress website safe and to deprive criminals of an income.
Ransomware is propagated by worms — a type of malware — or by social engineering attacks like phishing. Once a server or site is compromised, data is encrypted and the ransom demand displayed. From this point, the situation can go one of two ways. The victim could pay the attacker (a bad choice) or face the consequences of losing their data. Or, they could think to themselves, “Nice try!” before blowing away the infected site and restoring from a recent backup.
If you don’t have an automated backup system in place, there’s no better time than now to get started — ransomware attacks will only grow in sophistication and ferocity in 2018.
What Makes a Good Backup?
A backup that can protect a WordPress site against ransomware must be up-to-date, automatic, and stored offsite. If the backup isn’t up-to-date, it’s better than nothing, but the older it is, the more data is at risk.
The backup system should be automatic because you would have to be heroically disciplined about manually backing up to keep backups up-to-date. It should be off site because backups on the same server as the site or on a network-attached storage device are as vulnerable to ransomware as the site itself.
It should be mentioned that the standard backups offered by Nexcess for WordPress hosting plans shouldn’t be your only backup. They are useful for restoring files in some circumstances, but we advise WordPress hosting customers to implement an additional offsite backup strategy.
Backing up Your WordPress Site
There are several excellent no-hassle solutions for backing up a WordPress site to an external location. The easiest to use is Automattic’s backup service — a premium service that is part or the Jetpack plugin collection.
If you would prefer not to use Jetpack, BackupBuddy is a respected premium plugin that provides an intuitive interface for scheduling automatic backups to a range of storage services, including Amazon S3, Google Drive, and Dropbox. The free version of Updraft Plus is less capable, but more than sufficient for scheduling and managing backups on most WordPress sites.