Skip to main content

WordPress Website Backup & Recovery: Best Practices

Jan 8, 2021

A lot of website maintenance, monitoring, and security activities are designed to prevent service outages and website crashes. But we can’t always predict the future — sometimes even the most secure and well-managed websites can fall victim to unexpected outages, sophisticated attacks, and even natural disasters. If the unthinkable happens, and your website goes down, will you be able to restore it?

The last recourse in the event of an unfixable website issue is to restore the site from an earlier backup. It’s hard to overstate the importance of backing up your website regularly. The ability to recover your site can save your business and your livelihood in the event that something goes wrong.

What Is a Backup?

In the most basic terms, a backup is a copy of your website, and all the data and code therein. Not all backup files will contain every bit of information on your website, nor do they all need to. In some circumstances, you may only need a partial backup. Partial backups or the ability to edit what is backed up is a little bit more technical — not every web host will have the ability to do this.

For example, if you have a bunch of development happening on one part of your website, you may want to back up everything except that “under-construction” section — or conversely, just that section. If your site is very large or contains a lot of files, strategic backups can ensure that the functionality of your site is retained without filling your storage space with duplicates of image and text files.

Why are Backups so Important?

Most people these days understand the importance of regularly backing up your information. You’re constantly reminded to back up your computer hard drives, your phone’s memory storage, your banking and tax documents — and the list goes on. Your website is no different.

Just like the files on your computer, your website is made up of a hierarchy of files and folders that are stored on your host server. It makes sense that you should have at least one other copy of those files and folders stored safely somewhere else, just in case.

During development, when you’re still in the process of ironing out the wrinkles in the complex code that makes up your site, keeping backups can give you the freedom to experiment with different functions and designs without fear of breaking the site and losing everything when you have to start from scratch.

Most web hosts offer backups in some form — often free, occasionally as an add-on to a hosting plan. But just knowing that you should be backing up your website doesn’t mean you know how to do it correctly. There are some key factors to consider when it comes to taking effective backups that actually secure your site, such as…

How Recent Is Your Nearest Restore Point?

Backups don’t last forever — in fact, they can have a pretty short shelf life, especially if you have a large website, or a site that’s under construction.

Many WordPress plugins are configured to take backups once a week. This can be fine if your site is mostly static. However, most websites undergo changes and updates quite frequently. When you’re dealing with a site that has a lot of plugins and themes all updating asynchronously, minor changes to your website are happening on a daily basis. Bugs and security issues can arise at any time.

This is why WordZite configures a daily backup schedule for most of our websites, or under special circumstances, even hourly. Keeping daily backups allows for more precision when it comes to which version of your website you restore. A backup from just 24 hours prior to a major website outage will still contain most of your recent updates, changes, and content, so you don’t have to spend hours recreating those improvements.

How Much of a History of Restore Point Data do You Have?

In a perfect world, you’d notice a security issue as soon as it arose on your website. Unfortunately, we don’t live in a perfect world, and website issues can often go unnoticed for days or even weeks, sometimes only becoming obvious if someone attempts to make changes to the site. Plus, because websites are complex webs of code, files, and software, removing an issue often isn’t as simple as pruning a single branch from a tree — really, it’s more like a game of Jenga. You have to consider what other plugins and functions will be adversely affected if you remove that piece.

If you only keep two weeks worth of backups, then you might find yourself in a situation where every backup file you have on hand also contains the bug. In another scenario, it might take you several days to locate the source of the issue, while other updates run and content is added. By the time you find the source of the issue, the backup file you need might be quite out of date.

While building or redesigning a website, it’s not uncommon for developers to restore a site back to a point 10, 20, or even 30 days prior in order to fix a complex structural issue. Of course, backups still take up space, so you have to balance the need for more restore point data with your available storage capacity. An experienced web security expert can find that balance. On average, WordZite stores 90 days worth of daily backups for each website.

Where Are Your Site Backups Stored?

The problem with using your web hosts’s backup service is that, unless you’ve changed some key settings, you’re probably storing your backups on the same server as your website. What if that server is fried in a targeted attack, or hit by a flash flood?

If something were to happen to the server or the host, then any backups stored in the same location will disappear just like your website, and you’ll be left treading water. Additionally, locally-stored backups can inflate the size of your website on your server, which can be costly, and can slow down the site’s performance.

For these reasons, it’s vital that your backups are stored offsite, in a different location from the server where your website “lives”.

It’s also important to consider the location of your backups for privacy and legal reasons. Many countries and organizations have strict laws and regulations about where personal data can be stored. For example, in Canada, personal information collected by government agencies must be stored on servers in Canada. If your business is in a regulated industry, you’ll probably want to make sure your backup files are stored domestically.

Can You Actually Restore the Backups?

Most website owners have never needed to restore their site from a backup. This is both a good thing and a bad thing — good, because it means your site has never encountered a major, site-breaking issue. Bad, because it means that if the problem ever does arise, you may not have the experience necessary to ensure backups are correctly restored and implemented.

WordZite has many years of experience with WordPress website security, and therefore a long history of successfully restoring websites from previous backups in just a few minutes. For your website, it’s important to test and validate your backup and restore procedure. If your backup files aren’t functional, then you’re just filling up server space with junk.

How Quickly Can Your Site Be Restored?

If your site was to go down, you’d want to be able to restore it within a few minutes. A prolonged outage can cost you both in terms of business and reputation.

Have a plan and a method in place for restoring the site quickly and easily. WordZite’s system allows us to restore a previous backup with just a few clicks, minimizing the downtime for your website.


Backing up your site is the most important thing you can do to maintain your website’s integrity and function. It’s web security 101. Though it may be a last resort in some cases, this doesn’t mean it should be an afterthought. Make sure your backup files are stored securely on a separate server, and keep a long enough history of backups to ensure that a “clean” version of your website is accessible and restorable. It’s never too late to review your backup files and make sure your website is being managed according to web security best practices.