WordPress Backup Best Practices

 In Plugins, WordPress

Whenever I build or manage a WordPress site, one of my top priorities is to ensure the site can survive failures. When I create a new site, a backup strategy is incorporated from day one. And if I take over management of an existing site, one of my first tasks is to assess the existing backup policies. In this post, I’d like to share some WordPress backup best practices I have developed over the past few years. We’ll talk about different types of backups, my favorite tools for managing backups, and how to ensure your WordPress backup plan makes sense for your site.

Anatomy of a WordPress Site

To understand how a WordPress backup works, you first have to understand a pretty fundamental concept: what is WordPress? I’ve talked about it before, but WordPress is basically 2 components: files and a database. These components are mostly independent, in the sense they can be moved, backed up, restored, etc. on their own or together. Of course they work hand in hand to make your WordPress site function, but for the purpose of backups it’s best to treat them separately.

The files are mostly PHP code and are organized into directories, just like your personal hard drive is. All the WordPress code lives in a single directory, which contains sub-directories to keep things organized. In fact there are really only 3 sub-directories that contain all the code required to run your site:

  • wp-content: This is where all plugins and theme files are stored, and it also contains a directory for all of your media files you upload. Some plugins may even create new directories in here to help do their job (for example, caching plugins may store cached files under this directory). This will by far be the biggest directory for most WordPress installs, in terms of total files and total size.
  • wp-admin: This directory contains core WordPress files related to the admin screen.
  • wp-include: This is where the core of WordPress functionality lives.
WordPress File Structure

As with most things in life, there are a couple exceptions to what I said above. First, there are a handful of PHP files that live outside the 3 directories mentioned. They live in the top-most directory of a WordPress site and deal with configuration, login, and a few other things. Still, even with these stray files, the organization of WordPress files is very concise and makes it easy to create backups. Some plugins may even create new sub-directories that live along side the 3 mentioned above, but again, this doesn’t change our approach to backups.

Second, some of the directories above have other files besides PHP. They include CSS, JavaScript, images, etc. that are needed to actually display your website in a browser (both the admin screens and the pages your visitors see). These files are typically not needed for your site to function, but without them your site likely would not display properly.

In addition to the files above, the other main component of every WordPress site is a database. This is where all of the user-generated content lives, along with many other dynamic aspects such as site settings, custom taxonomies, and much more. Different plugins will also utilize the database to store their own data. For example, WooCommerce saves customer, product, and order data in the database. The majority of WordPress sites use MySQL, but it is possible to substitute other compatible databases. MariaDB is a fork of MySQL that is popular with WordPress because it has better performance in some cases.

Creating WordPress Backups

Now that you are familiar with the structure of WordPress sites, you can begin to consider what it takes to create a backup. Essentially, you just need to duplicate all the files and the database. The file component is fairly easy, as it’s no more difficult than copying files on a hard drive. In fact, most backup approaches simply start at the top level of the site and create a large compressed file (.zip or .gz) of everything underneath it. The compressed file can then be moved to a safe location without impacting the operation of the site.

The database component is slightly more complicated to backup because it’s not as simple as copying a single directory or files on a disk. Luckily most databases come with various tools for exporting their data to a single file that can then be copied to a safe backup location. The choice of export format should be mostly transparent.

Different Approaches to Backups

There are two main ways to backup a WordPress site: plugins and external tools. Let’s take a closer look at each approach.

WordPress Backup Plugin

In this approach, you install a plugin that handles all the backup duties. The main advantage of this approach is that the backup functionality is integrated right into the familiar WordPress admin console. This means you can manage backups from the same area you manage content and every other aspect of your site. Using a WordPress backup plugin also allows you to make backups a part of your workflow, for example automatically performing backups prior to plugin upgrades.

The downside of using a WordPress backup plugin is that it requires WordPress itself to function. If your site gets compromised or is otherwise unable to load, any backup plugin would be rendered useless as well. Without a functioning WordPress install to execute the plugin code, you would be stuck having to recreate your site from scratch using a new install.

The other downside of using WordPress backup plugins is that the restore process usually leaves the site in a weird state that requires manual intervention. This is because the restore process relies on core WordPress functionality to do things like restore plugins, which often requires deactivating the installed plugins first. Think of it like trying to repair an airplane while it’s flying. What you’ll typically find after a restore is that most plugins are disabled, including the backup plugin itself, which means additional time to get the site back to a functional state.

External Backup Tools

The second approach to WordPress backups is to use a tool that is external to WordPress itself. Most hosting companies offer a management console that operates independently of WordPress, for example cPanel or Plesk. These management tools are agnostic of how your site actually runs, meaning they don’t care if you’re using WordPress, Joomla, or some other framework to power your website. So even if WordPress is unavailable for some reason, it doesn’t necessarily take down the management software, and backups can still be created or restored.

Of course the downside is that you have to manage backups separate from your WordPress admin screen. This means not only extra accounts to remember, but also wasted time switching between tools. If you’re doing major plugin or site updates and want to take backups in between each step, this can be a real pain.

cPanel Backups
cPanel backup management using Installatron.

How Often To Backup

So, how often should you be backing up your WordPress site? This is the million dollar question and there is no black and white answer. For some people the answer is daily (or multiple times per day), and for others the answer is sometimes. To help decide, ask yourself the following questions:

  • How often do you publish new content? The frequency of backups should roughly mirror the frequency of content changes.
  • How much tolerance does your business have for lost data? Can you lose a week of data? What about a day, or even an hour?
  • Are there local or national regulations for storing sensitive data? If your site stores customer data you might be obligated by law to backup the data with some regularity.
  • How much storage does your hosting company provide? Backups take up disk space, and most hosting companies don’t give you unlimited space.

All of these questions will determine how often you should backup you site. If you’re still unsure, nightly backups are a good starting point for most users, with supplemental backups before any major update (theme, plugins, or WordPress core).

And remember how the files and database are independent? This means they can be backed up (and restored) on their own schedule. In general, the files will change less frequently than the database but they will take orders of magnitude more space. Therefore, you can usually get by with with nightly backups for files. The database, on the other hand, will change anytime you create content, change s theme or plugin setting, and in lots of other cases. It also takes up much less space than the files do. This means you really database can potentially be backed up more frequently, say hourly or anytime new content is created.

Best Tools for WordPress Backups

When it comes to plugin-based backups, my favorite is UpdraftPlus. As someone who manages dozens of WordPress sites, it’s money well spent for me. The interface is very intuitive, it has a ton of integrations, and even the free version will work for most users. I choose the developer version so I can get access to all the add-ons and unlimited sites, but they have a wide range of pricing plans to meet most needs.

UpdraftPlus lets you manually initiate a backup whenever you want, but it also lets you schedule them on regular intervals. One nice feature is the ability to schedule your files and database on different schedules. Remember that files take up much more space and likely will change less often, so they can usually be backed up less frequently than the database.

Once a backup is complete, UpdraftPlus can automatically be configured to send your backups to a remote location such as Dropbox, Amazon S3, Google Drive, etc. You can even remove backup sets from those remote locations from the UpdraftPlus admin screen, which is a nice time saver. The paid versions also offer lots of additional features such as encrypting backups, ability to use a backup set to clone a site into a new WordPress install or domain, enhanced reporting and alerting when backups fail or succeed, and much more. If you manage more than a few WordPress sites I think you’ll find that UpdraftPlus is a worthwhile investment (especially since you can renew your license for a fraction of the original cost each year).

For external backup utilities, most of my sites use cPanel. I’ve had the best luck with their backup and restore features and find that it just works. And they allow automatic backups, as well as on demand. If you’re using a managed WordPress solution like WPEngine, they have their own daily backup tools. This doesn’t mean you shouldn’t supplement with more frequent intraday backups, though. Daily works for most users, but if you’re collecting important data that’s critical to your business, you should consider backing up your database throughout the day using a plugin.

WordPress Backup Best Practices

Configure Automatic Backups

The first step in any disaster recovery plan is to make backups a part of your workflow. Setting up automatic backups is the best way to ensure they are done with regularity. Most WordPress backup plugins will offer some ability to schedule both file and database backups on a regular schedule, as will most external tools. Whichever one you use, if your backups are not automated, you are likely not backing up enough.

Backup During Off Hours

When you do setup automatic backups, try to schedule them for a time when your site has the least amount of traffic. When you generate a backup up your files, it requires a lot of disk I/O to copy those files and create a single compressed file (not to mention the compression algorithm consumes some CPU). These are resources that your site needs to serve content to visitors. Additionally, when you create a database backup, the system has to temporarily prevent new data from being written to each table as it is backed up. While this may only be for a few seconds, it could prevent a visitor from doing some on your site such as placing an order. For all of these reasons, you should schedule your backups during the timeframe when you have the least number of visitors.

Save Backups To Remote Services

Anytime you make a backup, whether it’s automatic or manual, you should make sure it’s saved to a remote service such as Dropbox, Amazon S3, etc. While having your backup files on your web server will make restoring them much faster and easier, those files will not do much good if you lose them. Remember that the reason you’re even making backups is because one day your site might become inaccessible. This could caused by hackers, virus, or other software issue. But it could also be caused by a hardware failure, which means any file on your web server is at risk, including backups. Sending your backup data to a remote server means you can restore no matter what happens to your site. Plus, your web hosting provider may limit how much data you can store on your server. Backup sets can take gigabytes of data, so saving them to a remote storage can help keep your disk usage low (just remember your bandwidth usage will increase because you’re transferring more data to a remote server).

Test Restore Functionality Periodically

Having backups is great and helps us all sleep better at night. But how confident are you that you can actually use those backups if need be? If you lost your web site today, would you even know where to begin to restore it? It’s important to take the time and practice your restore process, at least every few months. Obviously you don’t want to do this on your production server, but there are a few options. First, if you’re using a traditional cPanel hosting plan, you can easily setup a second WordPress instance with its own sub-domain (i.e. dev.example.com). This secondary instance can be used for the sole purpose of practicing restores without impacting your live web site. Just make sure you take some precautions like setting the secondary site to noindex (this will prevent Google from indexing the site and potentially penalizing you for duplicate content).

If you’re using a managed WordPress service like WPEngine, you should have access to a staging server. Staging servers are great for practicing backups. Of course, most managed WordPress services have built-in backup and restore functionality, but that doesn’t mean you can’t make your own backups to save on a remote service for safe keeping.


We’ve covered a lot of information regarding WordPress backup best practices, but if you remember nothing else, here is what you need to know:

  • Backups should cover both the files and database that makeup your WordPress site.
  • File backups will take up much more space than database backups, but files can be backed up less frequently than the database.
  • Backups should be automatic. Nightly is a good starting point, as well as before any major changes (theme or plugin updates, etc).
  • Store your backups on remote services like Dropbox.
  • Practice restoring from your backup periodically.

Backups are not glamorous, but they’re a critical part of every web site. Make sure you have a solid backup plan, and make sure you’re ready to use them in the event your site is compromised or becomes unusable. As always, a little preparation today can literally save your business one day.

Recent Posts
Keyy WordPress Plugin CoverEvents Calendar Tooltip Cutoff Cover
Verified by ExactMetrics