WordPress Backup Plugin (BackWPup) – Highly Recommended

backWPupFor anyone running a WordPress site, having a database backup is a very nice thing to have.  This can be achieved through several different plugins, including one reviewed here previously — Better WordPress Security, now known as iThemes Security.  I’ve also written previously about using a shell script to for database backups, especially on 1and1.com.

But what about the physical files and content directories?  Those usually require an FTP account or more. I was recently shown BackWPup, which backups not only database files, but also your entire content directory.  It does it extremely well, and with many important options in the free version.  (The paid version offers more options and controls, but for most people, the free version alone will work just fine.)

For the non-techie crowd out there, it’s interface may seem a bit daunting at first perhaps, but it’s worth learning to use.  I’ll try to outline some settings we suggest you use, too.

Let’s Go Step By Step

  1. Go to the “Add New” link under plugins.
  2. Do a search for “BackWPup” and you should easily find the plug for safe installation via the WordPress admin.
  3. Install and activate the plugin.
  4. Once you’ve got it activated, you’ll have a couple of new menu options – one at the top of your admin page, the other in the admin below your “Settings” options.  (There may be other items in between depending on what else you’ve added — we have iTheme’s Security in our left navigation panel.)  Click the Settings option under BackWPup.
  5. You’ll now have a screen with tabs for General, Jobs, Logs, Network, API Keys, Information.
    • Let’s start with General. The default setup is probably fine for everyone with checks next to “Show BackWPup links in admin bar” and “Protect BackWPup folders with .htaccess and index.php”.
    • Jobs – Again, the default setup is probably fine, but I would recommend a couple of changes.  First, click the checkbox for “No translation.”  Next, given you are most likely on a shared server for your hosting, it’s more than polite to select one of the options for “Reduce server load.”  I set mine to “medium.”
    • Logs – If you have the ability of creating a directory above the root web level, it makes sense to put the logs there and not within the web accessible levels of your site.  If you can do this, change the path to the log file folder to this “upper” level.  I also only keep 3 to 5 log files in my folders.  I also recommend selecting the checkbox for “Compression.”
    • Network and API Keys are not likely items you’ll need to touch.
    • The Information tab can provide you with some details if you are having any problems with this plugin out of the box. (I’ve never needed it.)That covers the “Settings” option.  Let’s move to creating a “Job” now. 
  6. job-viewClick the “Add new job” option in the left nav.  This is where you’ll be doing the most amount of setup.  We have five tabs showing by default, but we will soon have a sixth.  I’ll explain as we go.  Let’s take this tab by tab, too.
    • General – First off, let’s give the job a name.  I also check the “Check database tables” checkbox but leave unchecked the “WordPress XML export.”    You’ll see another tab at the top now for “DB Check.”Under the Backup File Creation section, prepend the archive name with your site’s name perhaps.  If you are like me, you may have multiple sites backed up to the same backup directory above the web level.Now it is important to pick the right Job Destination.  I don’t want large files emailed to me, nor put to DropBox, FTP, etc.  Just store this bugger in a folder that is above the root level for the web server if possible.  Click the checkbox for “Backup to Folder” and when you do, yet another tab will be visible at the top of the section.Valdate the email addresses in the Log Files section are correct and click Save Changes.schedule
    • Schedule – I prefer to have the backup run nightly.  I select the option “with WordPress cron.” When selected, you can edit the default 3am time if you desire.
    • DB Backup – Leave things as they are here, but you may also want to select Gzip under “Backup file compression.”  I do.
    • Files – By default, the program doesn’t backup its own plugin folder.  If you are backing things up to a directory above the web root, you can deselect the checkbox for “backwpup” in the “Backup plugins” section.  I also select the option of excluding thumbnails and .tmp, .DS_Store files etc.  Leave selected the “Include special files” checkbox.
    • Plugins – I compress mine with Gzip.  There’s no use leaving the backup large in my view.

    repair-db

    • DB Check– I check the checkbox for “Try to repair defect table” as this is a safe thing to do and may save you some pain.
    • To: Folder – Because we are saving things to a folder, it’s important to select the destination and the number of backups to save.  Again, I put my backups above the web root level.  If you can do that, it’s more secure.  If not, the plugin does a good job of randomizing and providing a security through obscurity model.  I don’t keep 15 copies of my site though – only 3 to 5 depending on the size.Now to move on to running our first backup.
  7. Click “Jobs” under the Dashboard tab.  You should see a screen with the job you just created listed on it.
  8. Mouse over the name of the job and you’ll see options including a link to “Run Now” – click that!

  9. If you’ve configured things correctly, you’re backup will run and show you the progress along the way.  The Gzip process may take some time depending on the size of your site and files.  Note also that if you did as I suggested above and minimized the impact to the server resources, it will take longer to run, too.  My backups tend to take a minute to as much as 4 minutes to run for a very large site with many files.

That’s all you should need to do to safely backup your database and your content for your WordPress site.  Hat’s off to the developers at BackWPup for their excellent work!

In a future post, I’ll show how to take a backup file and either restore a site, or use it to move to a new host.

iThemes Security – A must have

iTheme Security Pro Earlier I wrote about a plugin for WordPress I found to be extremely valuable – Better WP Security.  Specifically, its ability to block brute force attacks against simpler passwords and username combinations.  This was a major threat to all WordPress sites almost a year ago.

Since then, there have been many updates to the Better WP Security plugin, and the developer has also been hired by iThemes to continue his development (and monetize the plugin’s advanced features).  This is great news really as the free version of the plugin is excellent and there are now a wider range of paid advanced features many web developers and site administrators should consider using, now.  The plugin is more robust than it was even; no small task for a developer starting with what already seemed to me to be a full featured security plugin.

If you are still on the older Better WP Security plugin, before you update, deactivate the older version of the plugin.  Failing to do this can make your site inaccessible as there are conflicts in the features and the plugin’s ability to update them when active.  Once you’ve updated to the iTheme’s version, you simply need to reactivate the plugin and check to see what new options are available that you should consider including in your site’s security features.

If you failed to deactivate the plugin, you’ll need to move the plugin directory for Better WP Security out of your site’s plugin folder and perhaps remove any updates the plugin did to your htaccess file.  Once you do that, you should be able to complete the update or reinstall the plugin.

A New Template – Responsive Design

A long overdue change to our site came about today; a new template. It’s been years since we changed our template and while keeping the same header and color scheme for branding reasons, it’s nice to finally have a responsive design and not a separate template for mobile users. The separate template path never felt very clean or simple. The mobile view bothered me.

Again we are also reminded of the power behind a solid CMS platform. Changing our site’s look and feel was a simple thing and quite painless. Long live WordPress!

1and1 wp-login.php Redirection Issues

WordPresFor a time on December 30th, 2013, my hosting provider 1and1.com was redirecting all WordPress logins to 128.0.0.1 whenever one hit wp-login.php effectively blocking all attempts to login — and logout for that matter – from any WordPress installation on their servers.

Their response was less than desired; they stated that this issue was effecting only .5% of their customers.  Even if that were to be true, which I would find doubtful given the widespread use of WordPress, and it seems to discount the severity of the issue for WordPress user, a program that they say they support completely. Read more

Changing Content Management Systems

Having long been an advocate of several open source content management systems, I’ve also done the difficult task several times of moving content from one system to another.   Given these systems rarely (if ever) have built in export and import abilities (WordPress being one of them however), you can expect to do much of such a conversion by hand, one article at a time.  If you have a large amount of content, obviously, this is a very time consuming and expensive endeavor.  Moving users and passwords would require several complex database queries and testing as one must also understand how the passwords are encrypted. It’s a painful process and often too expensive for many clients to consider doing.

CMS2CMS

Here’s a resource to make this no longer an issue. CMS2CMS.com can make the conversion from one CMS to another in a matter of minutes.  They’ve written the complex scripts needed to perform these tasks and appear to be adding to the list of what they can support all the time.   They even have a script that will spider a site and push the content into the CMS of your choosing — take a look at the HTML to CMS path.  Here is the full list of supported platforms.

I used their services to move a Joomla based website running on 1.x Joomla to the latest WordPress version and their tools captured all of the content and most importantly, moved all 138 members of the old site to the new.  This was done in about 10 minutes time, including the time for me to put their “bridge” script on the client’s server.  This allowed me to get the conversion done in an amazingly fast way — my client could not be happier.  Me, too.

Securing Older Versions of Joomla

sheild

One reason I’ve begun to prefer WordPress over Joomla is that WordPress has made the upgrade process so much easier than Joomla. To upgrade Joomla 1.x to 1.5, you have to use special tools and again if you go from 1.5 to 2 or version 3, be prepared for a different toolset and migration path.  Ugh!  Worse still, Joomla Extensions have become very version specific due to a lack of backwards compatibility. WordPress on the other hand allows one to simply put the new code in place, and so long as there is not a conflict with a Plugin, the code takes care of everything else for you, including updating the database.

Perhaps it is only because I haven’t tried to migrate a very customized WordPress site that I feel this way, or that my more complicated older sites are nearly all in Joomla.  So long as I keep a copy of the changes I’ve made to styles or any core files, I’m able to keep things up to date really quite easily with WordPress. As noted above, sometimes an entire system isn’t easy to replace though.  There are times a client has invested heavily into very specific Joomla module or tool — only to have these items not become readily available to the newest versions of Joomla. (I am not finding this to be true of WordPress Plugins — another reason to go with WordPress today.)  So the problem to deal with is securing older versions of Joomla that have known security issues.  What exactly can one do to make an older Joomla site more secure? Let’s take a look at securing Joomla.

Read more