The online backup business has quite simply exploded in the past couple of years. Well, it has as far as your personal computing environment is concerned. There are so many vendors offering cheap cloud storage for your PC it’s bewildering. But what about your website? How are you backing that up?
Most CMS systems have some form of backup software available as an addon, plugins, or extension. Some are quite good – many are not.
However, one thing most website backup systems have in common is that they rely on locally installed software, usually written in PHP. That can pose a number of problems, particularly in shared hosting environments:
- Spike Loads – Backing up a large website can present a considerable spike load to the server. PHP may not be allowed the necessary resources to package up a large website due to CPU/Memory/IO throttling that many hosting provider put in place to protect quality of service.
- Privilege Requirements – Many backup applications require PHP to use shell functions – something which is often restricted for security reasons.
- Internal Authentication – The backups are invariably PUSHED to the destination, meaning that the means of authentication is locally held. This means that a compromised website might lead to compromised backups (depending on the visibility of existing backups to the application).
- Lack of Incremental – The backups are usually not incremental, meaning a full backup has to take place each time. This places unnecessary load on your hosting account’s resources.
- Compatibility – Some backup plugins struggle to integrate with security plugins.
Due to 1.) and 4.) many people end up excluding core CMS directories (after all, you can always obtain a copy of WordPress). This certainly makes the backups smaller/faster but it also makes disaster recovery more of a hassle.
CodeGuard – A time machine of secure website backups
If you want to create safe secure website backups then you should consider using CodeGuard. CodeGuard takes daily snapshots of your website and databases, allowing you to recover your files or database tables to a point in time. Like a magic undo button, but for websites. Here’s why CodeGuard really shines.
- Incremental Backups – Once the initial backup has been taken, susbsequent backups are relatively tiny, consisting only of the changes to your data. No load spikes.
- External Authentication – CodeGuard logs into your hosting account using secure SSH technology to PULL your data out. Now matter how badly your website was hacked, it would be impossible to access the data at CodeGuard.
- Security – Your files are initially backed up to the Amazon EC2 (Elastic Compute Cloud) for version control, and then compressed and sent to Amazon S3 (Simple Storage Service) where they are then encrypted using AES 256bit algorithms (military strength). The working data on EC2 is then destroyed.
- Malware Detection – Your backups are automatically scanned for malware infection.
- No Local Software – CodeGuard does not rely on any local software to be installed on your hosting account. No compatibility problems. No security risks.
- Insight – CodeGuard doesn’t just report whether your backups have completed, it provides insight into the changes that take place to your files on a daily basis – very useful to detecting unauthorised activity.
Downside? It ain’t free – but then few things this good are. A basic plan costs only $5/month – I figure that’s small beer for peace of mind. So, without further ado, here’s how to get secure website backups with CodeGuard.
Step 1 – Sign up
Pop along to https://codeguard.com/pages/plans and sign up for the plan of your choosing – for this guide I’ll be using the entry level Ninja package (currently $5/month).
Step 2 – Add Website
From the dashboard view, add your website by clicking the ADD WEBSITE button.
Step 3 – Fill in website connection details
Most web hosts will allow you to connect using SFTP. This is a secure version of FTP. If your host doesn’t provide SFTP, and only provides FTP then my advice would be to find another host – seriously.
Fill in your details as shown, and click the TEST WEBSITE CONNECTION button. If you got things right then you’ll see a confirmation that all is well and you can click the CONNECT YOUR WEBSITE button.
Step 3 – Choose files/directories to backup
You will now be asked to choose which directories from your hosting account you wish to backup. This will vary depending on the type of account you have.
- Plesk accounts – select the httpdocs as a minimum, and possibly the httpsdocs, private and other directories – if you are not sure, then ask who developed your website.
- cPanel accounts – (Shown in example) select the public_html directory as a minimum. Again, if you are not sure, then ask who developed your website.
- Other/Proprietary – for other hosting providers you should select whichever directory you uploaded your website into.
When you are happy with your choices click the CAPTURE CODE button.
That’s it! CodeGuard will now take the first backup of your site’s files. You don’t have to wait for it to finish, it will carry on in the background. Now you can add your database/s.
Step 4 – Backing up your database
From the CodeGuard dashboard you will now see your site listed as above. Click on the Edit link.
Click DATABASES from the left hand navigation buttons as shown above, then click the ADD DATABASE button.
The really cool thing about CodeGuard is that they support SSH tunnelled MySQL connections. This bit of gobbledygook means that the connection to the MySQL database service on your server from CodeGuard will be secure. Without this feature, MySQL connections are unencrypted, and vulnerable to eavesdropping.
This is crucial (or a legal requirement), especially if your website is an e-commerce application that requires PCI compliance for credit card processing, or you are dealing with personally identifiable information.
To backup your MySQL database securely, click the SKIP THIS STEP link.
Step 5 – Adding a secure database connection
To connect securely, select the TUNNEL OVER SSH button as shown, and fill out the form using your own details.
- Database Hostname or IP : This should be the name of your server. You can usually just put your site’s domain name in here e.g. endlessgeek.com
- MySQL Username : This should be the MySQL username that your website uses to connect to MySQL. You can find this from your hosting control panel, or from your website’s configuration files.
- MySQL Password : You will have to check in the configuration file for your website to find this information (unless you have kept this information somewhere secure). e.g. wp-config.php for WordPress sites.
- MySQL Port : This is the TCP port on which MySQL listens for connections. The default of 3306 should be fine.
- SSH Username : This is usually your main domain username for Plesk or your main login username for cPanel. SFTP is enabled by default on cPanel – on Plesk you will have to modify the main FTP account type to /bin/bash (chrooted)
- Password : Your main domain user (Plesk) or main account (cPanel) password.
- SSH Port : This can normally be left as 22, but some hosting companies put SSH on a different port so check first.
Then click NEXT STEP.
Step 6 – Select database
If the connection is successful then CodeGuard will present a list of databases available using the credentials you supplied. Just select the database you want to backup from the drop down list (if you only have one database, it will already be selected). Click ADD DATABASE.
That’s it – you’re done! CodeGuard will now be backuping your database. Again, you can watch the progress screen if you wish, but the process will continue in the background if you leave the page.
Ongoing management of your backups requires no effort. By default, CodeGuard sends you a summary of the changes that have taken place to your website after each backup. The dashboard also shows a timeline summarising the amount of changed data for each backup.
The database backup summary is intelligent enough to recognise for WordPress, for example, the number of new posts, comments, users etc. This makes it much easier to spot if unauthorised changes have taken place.
Disaster Recover with CodeGuard
So, now CodeGuard is backing up your website and database, how do you recover from a disaster? Well, it’s actually pretty simply. You can either download a zip file of your files and/or database, or you can get CodeGuard to automatically restore your files and/or database for you on the fly.
It works very well. While you have to wait a short time for your files to be staged up from the encrypted backup system, but it’s all automatic, and you will get a notification by email once it’s complete.