What Sort of Data is Necessary for WordPress Backups?

When planning to take a WordPress backup, there are a few recommendations to consider. Whether you have a small site with one or two databases or multiple databases across the site, there are many options. The first thing to consider before you take a backup is what data needs to be included when archiving and restoring an archived database dump of your site.
Consider the many programs that are available that manipulate these databases, since knowing what primary tables to save is critical.

Core WordPress tables include:


  • wp_commentmeta
  • wp_comments
  • wr_links
  • wp_options
  • wp_postmeta
  • wp_posts
  • wp_term_relatonships
  • wp_term_taxonomy _terms
  • wp_usermeta
  • wp_user

*These do not include the various plugins that possibly pair with the tables (for example Contact Form 7)
When choosing a method to take your backup, consider the fact that it can have an impact on how it packages the data. For example, choosing to use a WordPress plugin for your backup will include tables that will be in each and every backup that you take or schedule. But if you choose to take a backup of your data with more intrinsic tools, such as MySql commands, you forgo the tables. These tables are generally needed to be included to restore your site. Pairing such tools with MySQL Workbench may be an option if you choose not to use the plugin features of WordPress or phpMyAdmin.

How important is it to back up your data based on the use of your site, and at what frequency should it be done?

As a rule of thumb, the recommended number of backups is usually at least three. If your site is used more frequently, then you may want to consider more frequent incremental backups. Choosing what sort of information to back up is also a decision that you can make in order to save time, space, and most importantly the integrity of your data. Besides taking backups of the core tables there are many tables that are beneficial. Taking more frequent backups will also prevent any loss of data in an emergency situation where you need to retrieve an archived database. It is recommended that the backups be stored across several different formats (CD, DVD, secured server, etc) as a security precaution, as well as a way of having the data in the most valuable format. If your database relies on unarchiving a database dump, then there is a chance that some data will be corrupted.
Choosing the right program to take your backup is equally as important as the backup itself.
The unfortunate side to phpMyAdmin is the fact that the program cannot handle large database dumps (depending on the use of your website, this program may not be viable). Prioritize the data that you know needs or uses a program that can handle the size of your website. Keep in mind that backing up the database does not include the files and folders of your website. These need to be backed up separately. Selecting tables that you feel are the most important will benefit from:
1) knowing your data inside and out, and
2) selecting the data that you can restore the most efficiently in an emergency situation.
For example, using phpMyAdmin and MySQL workbench – both are popular database manipulating programs, yet each has a significant impact over the way that you choose to take your backups. cPanel is generally used for archival purposes and not recommended for full backups, And WordPress plugins should also be heeded with caution since they too can be unreliable. This is generally due to dependence on the compatibility of the server the data is hosted on.

What sort of security precautions do you need to consider once you decide to take a backup?

The biggest vulnerability of WordPress is the use of themes and plugins that are targeted by those intending to target the site with criminal intent. Therefore, a major consideration is maintaining the constant stream of updates that WordPress releases. Taking timely updates will keep your data current and adaptable to site modifications. While some security precautions are intuitive, such as using trusted sources for plugins or securing your network integrity, some are more unique to the WordPress environment. This includes having multiple databases to manage one site as well as changing the WordPress database prefix to make it harder for intruders to compromise your website. Another recommendation is changing the default permission schema of your file path directories. This way intruders or users who may have been overlooked when implementing the least privilege principle do not have access to resources based on a default directory path. Another fail-safe method of monitoring the traffic coming in and out of your site is by maintaining a log that generates and stores your logs greater than twenty-four hours. This means that if you do find that your database has been compromised, you will have the security in knowing that you have the accessibility up to date, preventing the loss of data.