I’ve just finished writing a new WordPress Plugin which creates a Snapshot Backup of your entire website: that’s your Database, current WP Core, all your Themes, Plugins and Uploads. The resulting single archive file is then uploaded to an FTP repository of your choice.
Peace of mind included 😉
Download from the official WordPress Repository
UPDATE AUGUST 2012
Due to heavy workload and high demand I can currently no longer find the time to support Snapshot Backup. I may pick up this project again in the future and put new PHP skills to work. Thank you for being kind enough to understand.
In the meantime I’ve discovered a wonderful by Daniel Hüsken which does all I ever wanted Snapshot Backup to do and more: It’s called BackWPup – download it here. It’s way ahead of my plugin and under active development.
———————————-
Disclaimer
I’ve recently been flamed a lot by users who are less than happy with this plugin. That’s tough, so I wanted to state some very obvious facts that most of us do take for granted:
This plugin does not work for everyone. It works fine for me, and I’ve written it for me and my own servers. I’m distributing it in the hope that it will be useful to others, but with absolutely no guarantee that it will work on every Linux system out there.
You are free to use Snapshot Backup, but I strongly advise you to test it on a dummy system before deploying it to your precious live site. Users have reported every possible horror scenario, from complete site deletion to an empty database file. Please test the plugin on your system and check that it creates a reliable backup that can be restored before relying on it to work. Remember: you are using Snapshot Backup at your own risk.
Thank you!
Installation
Upload the ZIP file under Plugins – Add New – Upload. Alternatively, unzip all files and upload via FTP client manually.
Activate the plugin and find the option Snapshot Backup in your Dashboard options.
Usage
Snapshot Backup has been designed with ease of use and simplicity in mind.
Once the plugin is activated, you’ll find a new top Level Menu called Snapshot Backup on the left. Under Settings you configure your FTP Details and and additional directory you’d like to back up. Now you can either head over to to Snapshot Backup and create a Snapshot manually, or you can setup automation and let the plugin create a Snapshot for you at regular intervals.
Make sure your wp-content/uploads directory is writable – Snapshot Backup needs somewhere to write files to locally before they get sent away to your FTP server (this would ideally be a second server, preferably with a different host in a different data centre).
In the current release your screen will go blank while the script runs through the various stages. Depending on the size of your site this could take a while… be not alarmed and keep an eye out for the browser status bar. While it appears your browser is working Snapshot Backup is working too. I’m attempting to fix this in future releases and give you a status report of each stage.
Automation
Included since Version 2.0 we have the long awaited automation feature. This creates Snapshots while you sleep and even auto deletes older ones. You can set all this up under Automation and receive a friendly email ever time a Snapshot has been created (optional).
For the automation to work I’m using the WP Cron feature, which in turn relies on your website being visited every once in a while. On live production sites with 100+ visitors per day you’ll be fine, but on low traffic sites you may notice that Snapshots are created at irregular intervals – I’m thinking of test sites with blocked search engines or brand new sites.
To help this along and make the process more accurate you can create a Cron Job which calls the index.php file in your WordPress installation directory (usually http://www.yourdomain.com/index.php)
Screenshots
Snapshot Philosophy
Archiving dynamic websites isn’t all that easy and we all tend to forget that because the web is such a fluid thing. The idea of Snapshot Backup is that you may want to create an “as is” version of your entire website for archive purposes. With each click you’ll create a “time capsule” of sorts – this could be for legal, sentimental or security reasons.
Other solutions mirror or sync your installation – which is a great idea too, however if you only notice a week down the line that your site has been compromised then your synced copy most certainly is too. Snapshot makes it easy to go back to a clean version from x days/weeks/months ago.
How does it work?
Snapshot Backup first reads out your entire database into an file. Afterwards it uses the Linux shell command tar to archive all your content. Then it deletes the SQL file and then it uploads the resulting archive file over to your FTP repository.
Please note that this plugin does not work on Windows servers… sorry ;-(
Restoring a Snapshot
I’m working on a simple script that will do this for you. In the meantime you’ll be on your own – with some written guidance from yours truly. Have a look at this article which explains how to restore via FTP.
Known Issues
Even though this plugin is a great idea, it may not work for everyone. I’ve had reports from users reporting that either the plugin creates a 0MB backup file or does not include the database in the tar ball. The following hosts are known to be problematic:
- Media Temple
- Netpower
- MyWebHost
- Momwebs
Alternatives to Snapshot Backup
Roadmap: The Future of Snapshot Backup
There are plenty of things I want to add to and improve on this plugin:
- make sure the screen doesn’t go blank while the Snapshot is being created
- add translation
add the ability to run Snapshot automatically via WP Cron or Cron Jobsdone since 2.0make the admin interface look prettier (and easier to find)done since 2.0- manage FTP repository from admin interface (i.e. list and delete older backups, local and FTP)
- give this plugin its own website for documentation (snapshotbackup.org)
- finalize Snapshot Restore script
add FTP Port selectiondone since 2.1- add cloud storage support (Amazon, Dropbox, etc)
If you have any suggestions for future features please leave a comment.
Enjoy Snapshot Backup responsibly 😉
Hi Jay,
Thanks for the speedy response.
I agree, the port should probably in the settings menu,.
Much appreciated.
“Snapshot Backup first reads out your entire database into an SQL file. Afterwards it uses the Linux shell command tar to archive all your content. Then it deletes the SQL file and then it uploads the resulting archive file over to your FTP repository.”
It does not backup the database, but only files? I do not see any SQL file in the .tar file.
Hi Igor,
the .sql file is in wp-content/uploads – the full path to it depends on your server configuration. For example, on Red Hat distributions the full path is /var/www/vhosts/yourdomain.com/httpdocs/wp-content/uploads.
Very good. Your plugin is a complete solution! Thank you. I hope that the following information helps you or your users.
I use .htaccess rules to secure the archive files on my Apache server. This will prevent unknown parties from downloading the archive, which remains a security risk until or unless the archive is deleted.
Copy and paste the following into the existing .htaccess in the wp-content directory or create .htaccess there if it does not already exist.
# Whitelist
# Replace 111.222.333.444 with your own IP address
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^111\.222\.333\.444
RewriteCond %{REQUEST_URI} \.(tar|sql|log|bak|ini|old|gz) [NC]
RewriteRule ^(.*)$ – [F,L]
#
The above code uses a whitelisting strategy. Replace the IP address 111.222.333.444 with your own static IP address. The code will prevent anyone from downloading the .tar file–or any file with the text “sql”, “old”, “ini”, “bak”, “gz” or “log” in it, except for someone at the specificed IP address. If placed into the .htaccess in wp-content, it will control access for all files and directories within wp-content. It does not affect the parent of wp-content.
Another way to protect the archives, instead of using a whitelist, would be to demand that the downloader enter a password. This is also possible to do in .htaccess, but I went with the whitelist, because it’s more convenient for me.
Incidentally, the same whitelisting strategy is highly effective for the .htaccess located in the wp-admin directory. Do not allow anyone except one IP address to access the adminstration log-in. This will lock down security on your WordPress site. A way to ward off brute-force attacks and other games hackers play. It could be adapted for sites with multiple admins, as long as the IP address of each admin is known and remains static. Could be a problem with a mobile admin, though!
RewriteCond %{REMOTE_ADDR} !^111\.222\.333\.444
RewriteRule ^(.*)$ – [F,L]
A recent widespread attack that has damaged many WordPress blogs exploited the file permission of wp-config.php. The permission for that file absolutely must be 400 or 440. Search for yassine edder on Google, a scum that is running an automated script out of Tunisia. Hacked a friend of mine, and I worked for three hours to analyze and then undo the damage. But now I know some things about WordPress security.
I cannot stress enough the importance of setting the file permission of wp-config.php. Lock it down tight. Do not delay, do it today.
Igor,
thank you SO much for this – I love the approach, and I am also concerned about leaving files and directories unprotected. This is a superb strategy to keep the backups safe.
The only downside is that most of us don’t log in from a static IP address so perhaps I can integrate this via a lock / unlock option from within the WordPress backend. Say you wanted to lock down the uploads folder, the file gets written. If you hit the unlock option, it’ll be deleted – since we need write protection to said folder anyway this would work fine. Whatcha think?