A guide to WordPress Backups and Staging

This WordPress Backups and Staging Guide is a guest post by .

If you’ve run a WordPress site long enough, you’d know how making changes to it can be tricky. Sometimes, even minor changes can cause major glitches. This makes backups and staging such lifesavers!

Every WordPress site should have backup and staging solutions in place. And not just any solution, one that actually works! I say this because in my experience, relying on host backups and staging environments have too many limitations and a tedious process. So I turned to plugins, but there too, I found so many options, it was hard to pick the right one.

In my quest to get a permanent solution, I stumbled upon BlogVault. It was easy-to-use and reliable with a great support team behind it. Ever since, it has been my go-to for WordPress backups and staging.

So today, I’m sharing everything what I think WordPress site owners should know about backups and staging and why BlogVault works best.

Let’s begin with a few basics.

Difference Between Backup and Staging

Many ask If I have a backup, why do I need staging? Well, the two solve very different problems. Backups are for reverting to a previous version when a problem arises on the site.

For example, you run an update on your website and it causes your site to malfunction. You find that plugins are not compatible with the new version of WordPress. It would take considerable time to update these plugins or find replacements. To solve the issue immediately and get your site back to normal, you can restore your backup.

Backups come in handy when things go wrong such as botched updates, human errors, presence of malware, and so on.

Coming to staging, it enables you to create a clone of your WordPress website. This is done specifically for development. You can try out new themes, plugins, designs and layouts. You can test out updates and even test restore your backup! None of the changes you make will affect your live site.

There are staging solutions that have a feature to merge your changes. This is extremely handy because you might make multiple changes and it would take time to replicate the same on your live site. So you can just push the changes to your live site. Simply put, staging enables progress!

Now that you know why you need both solutions, let’s check out the backup solutions available for WordPress sites.

WordPress Backup Solutions

There are many options to backup your WordPress site, but not all of them are easy to use or reliable. The main options available to back up your site are – manually, using a plugin, or through your web host.

Manual Backups

For this, you need to access your web hosting account. Once you’ve logged in, go to cPanel > File Manager > Public_Html. Here, you’ll see all your WordPress files. Simply compress and download them.

Hosting Control Panel Manual Backups

It seems simple enough. But there are issues with this method. For one, the process is time-consuming. Spending time taking manual backups regularly is simply not feasible when you have tons of other things to focus on. Plus, you need to take responsibility to encrypt your data and store the backup locally. A backup has all the information on your website and needs to be stored securely. If hackers get their hands on an unencrypted backup, it’s already a data breach, but you can be sure your site will be hacked as well.

But above all, the biggest hassle with this method is the restoration process. Sometimes, the backup just doesn’t work at all. Other times, you restore your site only to find it malfunctioning or missing functionalities. Which means more time wasted on troubleshooting and debugging troubles. This is why I prefer using a plugin. But among these too, there are so many options available, how do you choose one?

Well, after trying out a couple of them, I stuck with BlogVault. It’s great for backups and even offers inbuilt staging at no additional cost.

Backups with a WordPress Plugin – BlogVault

To start off, setting up BlogVault was easy to use – with a simple install and activate process. Once you sign up, the backup automatically runs. It gives you the following options which I think is not only cool but essential for WordPress:

  • The option to schedule your backups. Plus, you can take a backup on demand whenever you want, any number of times. This is good to have when you want to make major changes to your site or roll out big updates. Taking a backup before any major change is absolutely necessary.
  • It’s all automated so you don’t have to worry about the technicalities.
  • The restore process is just a few clicks. It takes a few minutes and it’s guaranteed to work. So you needn’t worry about your site breaking or losing data.
  • The process is handled offsite on their own servers so it doesn’t affect the performance or speed of your site. Plus, it doesn’t take a full backup every single time. It smartly copies one full backup and then subsequently, only the changes made each time are backed up.
  • Lastly, your backup is encrypted and multiple copies of it are stored securely. That takes away the pain of storage.
  • Creating a backup using the BlogVault WordPress Backup Plugin

    Apart from this, there are handy features like 365-day archives, real-time backups, website management, site migrations, multiple site management, uptime monitoring, and staging.

    Next, you can also back up your website using your web host itself. I’ve checked out two of the most popular ones.

    Backups with your Host – WP Engine

    WP Engine takes backups for all environments by default. This includes production staging, development, and legacy staging. It’s automated, encrypted, and stored offsite on Amazon S3. You can also take manual backups. It keeps up to 40 backup points. Older data up to 60 points may be accessible but you need to contact their support team for that.

    To access a backup, log into your user portal. Go to sites > environment name > backup points. You’ll find your backups here. You can also create a backup on demand.

    To restore, simply click on the backup point you want and click the Restore button.

    Creating backups in WP Engine
    (Image source: WP Engine)

    The process seems simple enough. But WP Engine also has some drawbacks. The restore process can take several minutes to several hours. And it’s important to note that they do not copy all files of your site. The following files aren’t included:

    Files excluded with WP Engine backups

    Additionally, it’s a destructive backup which means, during the restoration process, all content is overwritten. So, if you have files on your website that are not present in your backup, they will be wiped out. Your site will be restored to the contents of the backup alone.

    Backups with your Host – Kinsta

    Kinsta provides daily automatic backups for your WordPress site. It also has system-generated backups for all the sites listed in your account. The backup is a snapshot of your website’s files, database, redirects, and Nginx configuration. When you restore your backup up, all of these elements will be rolled back to when the backup was taken.

    You can also create manual backups if you want one immediately and don’t want to wait for the scheduled one to run. You need to visit the ‘Backups’ tab, click on the ‘Manual’ tab. Here, you’ll find the ‘Backup Now’ button for on-demand backups.

    Creating backups on Kinsta
    (Image source: Kinsta)

    The duration for which your backups are stored depends on your hosting plan. It can vary between 14 days and 30 days. Kinsta also allows you to increase the frequency of your backups to hourly and 6-hour backups at a premium.

    When it comes to restoring your site, you can simply click on the ‘Restore’ button next to the backup of your choice. While the restore takes place, you cannot access your site. The process can take a few minutes to a few hours.

    What I liked about Kinsta is that it takes a backup of your site before restoration. So you can undo the restore and get back your site to as it was.

    That brings up to the end of backups. With a backup solution in place, we can move on to staging. Here, I’ll touch upon – the manual method, show you how you can do this with the BlogVault plugin, and also talk about staging with your hosting provider.

    WordPress Staging Solutions

    Staging a site can be done manually through your hosting account. But it’s riddled with problems. The process to create one is quite technical, and for a regular WordPress user, it’s not a feasible option.

    Next, if you want to merge the changes you made, you need to download the updated files from your staging site and upload them to you live site. This is risky business as you could wipe out data and even crash your site.

    Fortunately, there are other options! You can create a staging site with your host or by using a plugin. Coming back to BlogVault, it also offers a staging feature that makes the job much easier.

    Staging with BlogVault

    If you’ve already installed BlogVault, staging is a free feature compatible with any web host. On the BlogVault dashboard, you’ll see an option to ‘Add staging site’. It takes a few minutes, and you’ll be notified when it’s done.

    Creating a WordPress  staging site with the BlogVault Plugin
    (Image source – BlogVault)

    The plugin handles migrating your site to a dev environment, so you don’t have to bother about the file transfer and the database export and import. The staging site is password protected and blocked off from search engines so migration does not affect your SEO.

    With everything taken care of, you simply need to start using your staging site. Once you’re happy with the changes you’ve made, you can simply merge the changes to your live site. There’s no need to upload files or replicate changes.

    BlogVault WordPress merge tool

    You can also do a selective merge. BlogVault gives you a comparison of your live site and your staging site. You can then select which changes you want to merge to your live site. In the example below, I made changes to my plugins, themes, uploads, and a few other files. But I wanted only the changes made to plugins. By clicking on the ‘+’ sign, I could see the list of plugins I added or modified. I selected the ones I wanted and merged in just two clicks.

    BlogVault WordPress file comparison tool

    The best part is that you can create as many staging sites as you want. So that’s BlogVault. It’s straightforward and easy to use. It won’t break your site when you merge the changes so your site is in safe hands.

    Next, let’s take a look at staging options with web hosting providers.

    Staging with WP Engine

    WP Engine gives you options to create three kinds of environments – production, staging, and development.

    To carry out the staging process, you first need to add your site to the user portal. Next, log into the user portal and access Sites > Name of your site > Add staging. Your staging site will be created using the backup point of the existing environment.

    WP Engine WordPress staging

    In case you don’t see the staging option, you need to convert a single environment site into a multi-environment site.

    Once you’ve made the changes you want, you can copy the changes from staging to your production environment.

    WP Engine also allows you to copy changes from a staging environment of one site to another website. This means you can roll out updates or changes to all your sites without repeating the staging process for each site. However, this can get a bit complicated and isn’t recommended for those new to WordPress.

    Staging with Kinsta

    Creating a staging site with Kinsta is quite easy. Access your Kinsta dashboard and select your site. Here, on the top right, you have the option to create a staging environment for your website. It takes around 10-15 minutes to create a staging site.

    Kinsta WordPress staging

    Once you refresh the page, you will see your staging details. You can make the changes you like to your staging site and then push them to your production environment. To do this, under the ‘Staging Environment’ tab, there’s a ‘Push Staging to Live’ button. Simply click on it and all the changes will be made visible on your live site.

    There’s no selective merge option here. So if you’re pushing changes to live, be aware that all changes will be merged.

    Final Thoughts

    That’s a wrap on backups and staging for your WordPress site. To summarize, hosts may offer free versions of backup and staging, but you’re limited in terms of features and functionality. As your site grows bigger, you would need to upgrade to premium plans which are quite expensive. However, when you opt for a plugin like BlogVault, it’s reasonably priced, gives you access to premium features, and above all, it works seamlessly.

    Whichever be your choice, make sure you can rely on your backup to work and be restored easily. Finally, always carry out changes in a staging environment before updating your live site. This will keep you out of trouble and ensure your site is always up and running.

Safeguard your email address by registering a domain

A primary email address tied to your email provider could set you up for a great deal of inconvenience if they shut down. Registering your own domain helps control your email regardless of which company you’re currently using.

On Thursday, 8th August 2013, a secure email service provider called Lavabit suddenly suspended operations. Its founder, Ladar Levison, wrote in an open letter on the company’s website that he would rather shut the company down than “become complicit in crimes against the American people.” Although Mr Levison took what he believed to be a principled stand, Lavabit customers were understandably angry at being blocked from accessing their emails. Without warning, long-time customers lost years worth of archived messages. Active users who relied on the company to host their primary email now face the inconvenience of updating their contacts and online accounts with a new address.

One may be tempted to think that a simple solution would be just to set up another email account elsewhere. After all, there are many free email providers offering reliable services. If you’re in this camp, ask yourself how your day-to-day life will be affected if you suddenly and unexpectedly lose access to your email account.

  • Do you conduct business over email? How much productivity will be lost re-establishing communication with clients?
  • Have you saved passwords, document attachments and important account information in your webmail folders? What happens if you can’t log in to the webmail account?
  • How much time will it take to inform all your relatives, friends and contacts of your new email address, especially if your address book was also hosted with the lost email service?
  • How easy is it to reset the passwords of your other online accounts (internet banking, Facebook, Skype, etc.) without that lost email address?

Keeping control of your email address

There are some important lessons we can learn from the Lavabit incident and two things can save you from similar trouble:

  1. Register your own domain and link it to your email provider. That way, you can switch providers while retaining the same email address.
  2. Do not rely on webmail as your only method of accessing your messages. Set-up an email client on your computer and regularly download copies of your email.

Exactly how you go about using your own domain and downloading emails depends on your existing set-up and requirements. I’ll give a quick overview in this post but please note that it only briefly touches on some steps which can be quite technical.

Step 1: Register your own domain

An email address under your own domain keeps it independent of the email host. Your current email provider may go out of business, get bought-out or become unreliable but having your own domain means that you can switch to another while retaining the same email address.

To get an email address under your own domain, you first need to register a name with a domain name registrar. (See this post for more information.)

You can register your domain with the following companies but a web search for “domain registration” will bring up a list of other providers:

  • Another Cup of Coffee Limited – we’ll handle the details of domain registration under your name for £9.99 GBP per year
  • 123-reg.co.uk – a popular UK-based registrar and hosting company
  • namecheap – a US-based registrar that seems to have a good reputation for customer service (I personally haven’t used them)
  • Network Solutions – one of the oldest and well-known registrars but quite expensive

Regardless of which domain registrar you choose, the whole process should only take a few minutes to complete. However, depending on their system, it could take a few hours to a day or more before it’s available for use.

Step 2: Link your domain to your email provider

Linking your domain to an email provider can be intimidating for non-technical people. To make matters more complicated, some end up with different combinations of registrar, free web-based email, business email hosting, and web hosting. Everything can be under one roof or you may have different companies handling each component. The exact steps needed will depend on your subscription packages so covering them in a short tutorial is not practical. (That’s why companies like us exist!)

In general, your registrar will give you an online control panel. This lets you specify settings to hand over control of the domain’s email to an external email provider. Alternatively, it may offer an email forwarding service that automatically redirects messages to another address, such as Gmail or Yahoo Mail.

Changing email providers then becomes a matter of adjusting the control panel to reflect the new company’s settings.

Here are some help pages for a few of the popular email providers:

Step 3: Download backups of your emails

For many people, their main method of checking and sending email is through their provider’s webmail interface. It’s very convenient because there are no programs to set up on your computer. All that’s needed is to open up a web browser and log in. The downside is that you do not retain any copies of your messages. As some of the Lavabit customers found, you will lose everything if the provider suddenly ceases operations.

The solution is to set up an email program (also known as an email client), like Mac Mail, Microsoft Outlook or Mozilla Thunderbird to download emails from your server. Even if you prefer webmail, periodically connecting from your email client ensures that you save the latest messages on your computer’s hard-drive.

Most email providers offer you a choice of ‘POP’ or ‘IMAP’ as mechanisms for retrieving your email. POP will simply download all the messages and if set in your email client, delete the messages after they’re read. IMAP synchronizes your email client with the server so it copies the same structure of read, unread, sent messages and saved folders. (This Rackspace article gives more detail on the difference between the two.) I find IMAP to be the most convenient option. If you mostly use webmail, you should also use IMAP if it’s available.

Too much trouble?

These steps might seem daunting but you don’t need to be a computer expert to get everything set-up. Business users usually have more complex configurations that may need an IT administrator to get everything working properly. However, for personal users and micro-businesses with simple needs, a little bit or research and background reading should allow you to get the job done without any help.

Of course, if you’d rather not go to the trouble of doing this yourself, we’ll be very happy provide you with a quotation. This is not a big budget job as the whole process is fairly quick for those familiar with what’s required.

Some background on the Lavabit incident

I’ll make a slight digression from technical matters as the Lavabit incident may have wider implications for anyone using US-based internet services.

Lavabit offered encrypted email services and was reported in the press to have been used by the NSA whistleblower Edward Snowden. Unlike most email systems, the company’s technology meant that there was no way for them to directly read user emails. While we may never know the truth, it seems likely they were ordered to participate in ongoing surveillance in a form that the founder believed to be against the United States Constitution. Levison was issued with a ‘gag order’ preventing him from giving details on the matter. Shortly after the Lavabit news broke, Silent Circle, another secure email provider, pre-emptively shut down its own service in order to protect its customers.

There is increasing industry speculation that the US government’s surveillance is jeopardizing the country’s businesses since they can no longer be trusted to protect their users’ privacy.

It’s clear that no matter which country you’re in, if your email is hosted with a US provider, you need to assume that the US government will want (or already has) backdoor access to them. Whether or not this is acceptable is a discussion outside the scope of this post. Regardless of where you stand, it’s important to realize that the industry landscape is changing and we can no longer be complacent about safeguarding our data.

Creating emergency-resilient electronic file backups

Most computer users know about the importance of backups as it’s all too common to have years worth of information and memories wiped out by a computer crash. Generally though, the average backup strategy involves copying files into some sort of device in your home or office. This may be of little use if the building is destroyed. Furthermore, fragile electronics may not survive an evacuation should you need to leave your home in an emergency.

The key to creating emergency-resilient electronic backups is to have both local and remote copies to create several layers of redundancy.

  • Local backups (or on-site backups) are kept in your primary location, such as at home or the office. These are for convenience since it’s usually easier to make more frequent and larger backups. Should you need to restore, they are easily accessible.

  • Remote backups (or off-site backups) stored at another location are for redundancy in case your local ones are destroyed. These are likely to be the ones you’ll fall back on after a large-scale emergency.

Local backups

Your local backup storage options include CDs, DVDs, external hard-drives or memory sticks. Since they can be connected directly to your computer, you can quickly backup and restore large files. Unfortunately, they’re also the ones most likely to be lost in the event of a house fire, earthquake, flood or any number of emergencies.

To help protect them, these should ideally be stored in a strong, waterproof and fire resistant container. There are commercially available data safes that are rated to protect your backup media from fire, water and theft but these are expensive. A cheaper but still pricey alternative would be to use professional waterproof hard cases from Pelican or Wonderful. Those on a very tight budget can simply try putting the backups in a sealed plastic food container such as those from Lock & Lock or Tupperware.

However, the biggest drawback with these local backups is that you are faced with a dilemma:

  • You can keep your backup media stored in the protective case and schedule regular backups. They’ll have some protection in the event of an emergency but it’s easy to postpone or forget about making the backups. You also won’t have a copy of any files that have been edited between the backups; or

  • You can make frequent backups to a constantly attached drive, usually automatically through backup software. This makes your backup process more reliable but leaves the media at risk since they’re left out.

Image of laptops and hard-drives in temporary office space during an emergency
A make-shift office of laptops and backup drives laid out on the dining room table

Remote backups

The most convenient way to keep remote backups is to use an online service like the following:

By far the easiest to use are Dropbox and Carbonite but the most secure are rsync, SpiderOak and JungleDisk. (There are many more services available but these are the ones that I’ve personally tried.)

*SpiderOak and Dropbox have a free option. If you want to try one of these, use my referrer code and we’ll both get free extra space.

These types of services host their servers in business-grade data centers; your data will be housed in a secure facility with its own disaster recovery systems. In other words, they do the job of keeping your data safe for you. (Of course, you should never give full trust to a third-party so local backups are still important.)

Keep in mind that due to storage fees or internet speed limitations, some types of data, such as a large music or video library, may not be practical to store online. You should also expect your first backup to take a while since you’ll need to copy everything onto the remote server. For example, the first time I used SpiderOak, it took several days to backup almost 30GB of data. Fortunately, subsequent backups are quicker as most services copy over only the changes.

A solution to keeping remote backups of large files is to create a ‘backup-ring’ with friends and relatives from out-of-town. The principle behind this is quite simple: make backups and then swap disks when you visit your out-of-town friends; you keep their drive and they keep yours.

Synchronization

File synchronization is a technology that’s matured over the past few years and combines benefits of local and remote storage. It works by copying files from your computer onto online storage and when any changes are made, the older file is automatically updated with the new version.

Most services also allow you to synchronize several computers so if you have a laptop, desktop and office computer, they can all be updated with the latest changes. This feature alone can greatly simplify your backup and restore process; if one computer is unusable, you simply log in to another, synchronize then pick up where you left off. The same process applies when buying a new computer. Just install the synchronization software and your files will be copied over from the servers.

Some even offer web and mobile device access so in an emergency, you don’t even need your own computer to get hold of your files.

Dropbox, JungleDisk and SpiderOak offer computer synchronization. Note that these services require an internet connection to synchronize. During a wide scale emergency, internet links may be down or unreliable so it’s a good idea to ensure that your computers regularly go online to get updates.

Other tips

  • If your email provider supports it, try using the IMAP protocol for your emails. This essentially keeps your mail server synchronized with your computer’s mailbox changes. Even if your computer is destroyed, you can still connect to the server and have your emails in the same state of your last access: new, read, saved and deleted emails will appear as they did on the destroyed computer. Those who use web-based email, like Gmail, Hotmail and Yahoo won’t need to worry about this.

  • Remember that your backups may contain confidential files. For privacy, make sure that all backups are encrypted. Your backup software may have this feature built-in. If not, you might want to try TrueCrypt which is well-known and trusted encryption software.

  • Some files use special formats so make sure you also backup any software you need to access your files. As much as possible, try to save or export files into a widely used format. For example, PDF files can usually be opened in pretty much any operating system and most devices come with some sort of PDF reader.

  • Don’t forget to run a test restore. You may be diligently making backups but they’re useless if some error in your process means that you can’t retrieve the files when needed.

It’s all about continuity

While keeping your data safe might seem like a low priority in comparison to other preparedness tasks, the purpose behind creating emergency-resilient electronic file backups is continuity. Crises always pass and life eventually returns to normal. Since a large part of our assets, both business and personal, are now electronic, rescuing your data files will speed up your recovery.

More than anything, having data backups provide emotional security. Knowing that your digital archive of family photos or vital business documents are safe can help you focus on the immediate needs of getting through an emergency.