The Ultimate Checklist for WordPress Disaster Recovery

Posted on August 23, 2015 by in Tips & Tricks | 10 comments

The Ultimate Checklist for WordPress Disaster Recovery

Disaster recovery is something everyone hates to discuss, but something that everyone needs to be aware of.

A disaster recovery plan is more complicated than just pressing the restore button on your backup plugin, and is definitely something you want to be familiar with before you actually need to put it into action on your WordPress site.

We’ve compiled an ultimate checklist, covering the circumstances that lead up to the disruption or break in service. You need to know What, Where, and When before you can determine How and Why. In today’s more complicated technical world, you also need a checklist that can help you determine the Who.

This is not just another article listing software tools – we already have lots of great “best of breed” plugins and themes articles. We have instead summarized best practices that will help guide you to a successful recovery of your WordPress site. We recommend old-fashioned, low-tech methods that complement excellent software.

What Features Do Disaster Recovery Tools Have?

In general, disaster recovery tools include:

  • Scheduled backups to a choice of locations, including cloud-based storage.
  • Maintenance of a backup archive, with options for planned disposal.
  • Simple (and optionally advanced) settings for restoration.
  • Audit log files.

You need to know the What, Where, and When before you restore yesterday’s backup file. Audit log files, mentioned in the above feature list, are the kinds of information you use to begin the process towards a successful recovery of your system.

What Should You Know Before You Restore Your System?

Plugins and themes extending WordPress’ functionality can, unfortunately, also expose it to vulnerabilities. Any weakness increases the risk of software breaking and limiting access to your website. These are the kind of situations where you depend on separate hard copy lists of information to help you return to normal operation.

Years ago it was not uncommon for spinning computer hard disk platters to crash into one another. Those events were described as disasters because they resulted in “physical downtime”. Catastrophic events are less likely to occur today because of changes in hardware, software, and system design.

Distributed networks and redundant systems don’t often “catastrophically fail” in today’s online world; they only experience occasional “service breaks”. Understanding details about the What, When, and Where are critical in repairing a vulnerability and preventing its future occurrence.

Where Are You Most Exposed?

Successful recovery from a break in service requires accurate, up to date information. While some points of failure have predictable locations, the origin of a service break can pop up anywhere. A disaster recovery procedure begins by locating the source of the service disruption. You need a map.

Ultimate Checklist For WordPress Disaster Recovery

Exhibit 1. Vulnerabilities in a WordPress installation

Exhibit 1 is a simplified view of your WordPress website. The “Home” folder – marked #3 – holds core and include files (wp-admin and wp-includes). The wp-content/themes and wp-content/plugins folders hold theme and plug-in components that support these core system files. Unfortunately, sometimes a combination of either internal or external sources can cause service breaks. External agents have access to your WordPress installation at #1 and #2 (themes and plugins). The Home folder at location #3, in comparison, is more likely to be exposed to random internal failures than outside factors.

Adding to this situation, premeditated attacks from outside sources using techniques like SQL injection can bypass your software files (and most internal security systems) and directly access data files at #5.

Back to the Who, What, When, and Where

As software flaws and security vulnerabilities are uncovered, updates to WordPress system files and security patches are released to protect website installations. Unfortunately, people often do not apply these critical security hotfixes and updates to their websites. Developers of WordPress (or your hosting platform) have begun doing it for you by forcing an auto-update on your installation software. This relatively new industry practice of auto-updating your WordPress files has complicated the online world.

Any new WordPress update or patch can potentially break a previously working plugin or theme. Third-party developers must upgrade their proprietary code often to maintain compatibility with new software changes. The frequency and complexity of changes affect the reliability of an entire WordPress installation. A developer’s slow or incomplete update to their code potentially limits your software’s delivery of promised features, security, and website recoverability in the event that something causes a break in service. Ecosystems, whether in nature or online, are a subtle balance of all working parts.

The Ultimate Checklist

An Ultimate Checklist for WordPress Disaster Recovery starts and ends with your business objectives. Both your business plan and website design serve your business goals. Are you an e-commerce service business or information subscription service? Are clients paying for AdWords on your site? How would a service break affect on your business?

1. Background Tracking Features

You need to track all background events in your software installation. Remember the recommendation that good backup software has log files? Audit logs provide diagnostic information that help identify events leading to a service break. WordPress Security Audit Log (current v2.0.1) and its premium report generator are useful tools. An alternative example is WordPress Simple History (current v2.1.4).

wp-security-audit-log

Audit logs typically record every event that occurs in the installation – from bootup to shutdown. A best practice is to read these files like a diary, tracking the Who, What, Where, and When occurring every day in your installation.

Why read your logs? The best way to identify suspicious events is to know what “normal” looks like on a daily basis.

2. Plugin and Theme Revision Dates

Keep a separate inventory of plugins that add functionality to your website. WordPress Plugin Organizer (current v.6.0.4) is an example of software that not only lists these third party components but can selectively enable or disable their use.

plugin-organizer

With Plugin Organizer you can toggle your plugins on and off

Since plugins can cause service breaks – especially after an unannounced automatic update of your installation – tracking how well a developer supports their product is becoming increasingly important. Select plugin and theme component software in terms of their popularity and the developer’s support history – both of these aspects will reveal a lot about the state of the software you’re looking into.

Consider ordering your plugins based on “most recent update age”. You can list the most current software products on your website at the top of the list, much like the “Freshness” scores under the Support tab at WordPress.org. Consider replacing software products that don’t maintain a reasonable revision schedule.

3. Catalog All Your “Personal” Online Assets

Do you realize that your online presence is your “brand”? There are all kinds of online “belongings” unique to your website that define who and what you are. Compile a list and keep separate inventories of objects (intellectual property) such as graphics, articles, e-books, and posts that define you. There are database files that catalog this information so that WordPress can find it. Your “brand” graphics and publishable items are usually stored in separate folders.

Remember location #5 in Exhibit 1 above? WordPress TablePress (current v1.6) is an example of software that generates lists from these database tables.

wordpress-tablepress

Keep copies of all your “brand” assets off-site in case a catastrophic event blocks or deletes the file directories on your host platform.

4. Document Disaster Events With Time-Date-Stamped Pictures

When a service break occurs, take pictures to document the event. Premium tools like TechSmith’s Snagit (current v12.3.0), freeware snipping tools, or even your smartphone have many useful features like automatic time-date stamps.

techsmith-snagit

This enables you to record any irregularities, alert messages, or system events associated with a disruption in service.

5. Keep Emergency Contact Information Current

When strange stuff happens, who are you “gonna” call? Keep an accessible list of all emergency contacts like your hosting service, theme/plug-in developers, etc. Add information such as a website address, phone number, and email address as active hyperlinks to enhance accessibility on, for example, a smartphone.

If an audit report lists a plugin, you have the specific developer’s contact information and, in a separate source, your plugin’s version number, immediately accessible to you! Imagine a situation where you use your smartphone to take a screenshot of an error message, and you want to share it with that developer via SMS or email. The more you help a support person, the faster they can help you.

Wrapping It Up

To prepare and be in the best possible position when disaster strikes, follow our simple five-point checklist:

  1. Track all background events within your software with audit logs. Monitor them daily to enable you to quickly spot any deviations.
  2. Keep a list of your plugins, tracking version numbers and “last revision dates”. This will provide clues that possibly explain a service break.
  3. Keep copies of ‘brand-defining’ items offsite. Replacing software is relatively easy; replacing old graphics, articles and posts is an entirely different matter.
  4. Procure software that enables you to take screenshots with time/date stamps. They are a very efficient way to describe an irregularity to a support person.
  5. Create a report to house all important contact information. If something goes wrong, you’re going to know exactly who you should contacting, and how.

How do you prepare in order to have an easy and successful recovery of your system? Let us know in the comments!

Image Credit: Crystal Eye Studio / Shutterstock.com

10 Comments

  1. I don’t understand the reference to TablePress in this article. The TablePress plugin is for creating tables within your WordPress content. As far as I know, it doesn’t have anything to do with “generating lists from database tables.” What am I missing?

  2. Is it not that a managed wordpress hosting will solve all of the above problem?

    • Bigwas, I sure thought that was the purpose of hiring one. Maybe this article is targeted to those who manage their site in-house.

      All I can say is nowadays you’d best be qualified by some standard other than self-help.

  3. In few days our development team will finish wp safemode tool. An very useful toll for wordpress disasters. of course it will be free… if anyone wants to beta test, ping me on mail over the web site. 🙂

    Thanks

    • Upps! – The download is a picture???

  4. Always make periodical manual backup using an FTP program. Save database and all files on cloud, dvd or hard disk. Save SEO parameter, all text, articles, pictures, CSS and all you can use in case of recovery.

  5. Great article, but worth noting that hard drive ‘platters’ don’t crash into each other, it’s the read/write heads that come into contact with the surface of the platters that are deemed as a head crash or hard drive crash. *trainspotting* Soz. 🙂

    • You’re correct. That said, when I was an intern at the Yakima Data Processing Center, they had one of these drives blew up and knocked the other drive unit next to it. Both were out of commission. They only had the budget to repair the least damaged one. One of the techs said he was there when it happened and it sounded like a car crash. I think it was a R/W heads physically making contact with the platters bringing them to a screeching hault. So in this case, one drive unit did crash into the other drive unit.
      Here is a photo of a similar drive. I think it was only five megs. It stored the software. Data was put to magnetic tape. http://3v6x691yvn532gp2411ezrib.wpengine.netdna-cdn.com/wp-content/uploads/sites/default/files/story_images_2/20120921SAWG_fg16a.jpg

  6. I landed on your article after my wordpress based blog went down. After, spending 6 hours of continuous & painful work, I finally somehow managed to recover the blog.

    I’m saving your checklist on boards. Thanks for this!

  7. Hello Tom,
    This is really a very interesting topic that is less discussed about often. Disaster recovery is really a sentence that we hate hearing so, i think its better to take care of things before they happen.

    Its best to always do a manual backup of your database so you’ll always be on the safe side.

437,821 Customers Are Already Building Amazing Websites With Divi. Join The Most Empowered WordPress Community On The Web

We offer a 30 Day Money Back Guarantee, so joining is Risk-Free!

Sign Up Today

Pin It on Pinterest