idrive plugin for secure wordpress backupWordPress Security topic has become near and dear to me in last year or so and proper backup is not only something I recommend but in fact is one of the cornerstones of the blog security as I have defined it in Triple “P” Of WordPress Security blog post and mentioned by other authority blogs on WordPress Security.

Like it or not but security always starts with preparation for disaster recovery and having good backup is one way to make sure you can do it quickly and with least amount of pain!

Today I want to share with you free plugin created by development team of iDrive that allows you to create a complete backup of your WordPress blog, including all files and database and using Free account. While free account is limited to 2GB it is a very sweet deal and will be more than enough for majority of the bloggers! They do give an upgrade option if you need more space.

Even if you have more then one blog this plugin can be used to backup your files.

Plugin will only work if your WordPress blog is hosted on Linux or Unix host (which is what most use anyway) but be sure to check with your hosting support if you are not sure. Here is list of features, quoted from main site, with my comments:

  • Immediate backup of WordPress blog data, both files as well as MySQL data dump, into your IDrive online backup account – this is complete backup option that allows you to quickly restore your blog.
  • Scheduled backups occur after 12 midnight every day – hands off approach that I like
  • Immediate restore of backed up data from your IDrive online backup account
  • Smart backup – Only the first backup transfers entire WordPress content, subsequent backups are incremental where only the modified data is backed up – saves you money by not wasting space on free account
  • Automatic notification via email on backup / restore status
  • Secure transfer of data to IDrive server using SSL. Non SSL transfer option is also available for non SSL servers
  • Detailed logging of backup / restore operations

Plugin is very simple to use and operates on principle of set it and forget it, which is what I like and hope you will too! I have seen some commercial solutions introduced that will set you back a bit while accomplishing similar task or you can just do it for FREE!

Things To Watch For When Using iDrive WordPress Plugin

While plugin is superb at doing what it is designed to do – it will not replace the need for proper security implemented on your blog. While I’m still investigating all the options few things come to mind already based on my “limited” exposure and experience with plugin:

1. Backup run time and schedule

You can’t control it and it runs by WordPress cron ( task scheduler) at midnight. Perhaps a good thing as I don’t think you want this backup running during busy time. Here is screenshot of my VPS server with backup running from wp-cron.php on this blog:

idrive-cron-cpu-usage

As you can see above – not very pretty picture and I would be interested to know how it performs on shared hosting account, as I can see possible problems here. Since I no longer have any shared hosting accounts – would appreciate your opinion!

NOTE: because my blog has a large number of files it could be the reason for above, new blog shouldn’t have this issue and since plugin is using incremental backup after first – you should be fine but please test it!

2. Timely Security Notification in Place

This one right now is purely a speculation as I just started using this plugin but based on what I read I see a possible issue with using this plugin, UNLESS you have implemented the WordPress File Monitor plugin as I recommend in Triple “P” Of Total WordPress Security blog post as well as my “Lock Your Blog” DVD.

If you don’t have some form of notification in place, such as mentioned above, that will tell you WHEN you blog is attacked and WHICH files were compromised – you have a problem.

Plugin will create an incremental backup (all changed files) every night and will include compromised (hacked) files unless you use a restore option before it does!And if it does – full restore will not work as you will just restore compromised files!

Do add the plugin I recommend to protect yourself! This way you can recover your blog quickly and safely! On good note – plugin will create automated backup ONLY as long as you are logged into your iDrive account. So once your blog is being compromised and you got notification from WP File Monitor, login into admin, navigate to Settings->iDrive and Logoff!

  1. Secure you cPanel account properly!
  2. Investigate the log that WP File monitor have sent you and DELETE any new files that hacker might have added to your blog directories, as more than likely they contain backdoor hacks
  3. Do a full restore of your blog

Even if you choose not to do full restore – you have a list of exact files compromised during attack and you can simply restore those files. Even easier!

But whatever you do – be sure to test all the steps and have a plan “B” in place!