If you have a dynamic website such as ecommerce, a CMS (Joomla, WordPress, Drupal, etc), or just have database driven scripts such as event managers and calendars, you need to ensure that your site database/s are backed up on a regular basis. If you are unclear on what a database is for, or the reasoning to do a backup, let me explain.
A database stores all of text content in the dynamic website. What this means is that the website pages are “dynamically” created wherein the header, body, footer, all graphics and scripts are assembled per a query based upon the template layout for each page. The text content is stored in the database since there is no physical pages, there is simply code that renders the page so that it appears as a typical static XHTML or HTML5 website page. The advantage of the dynamic website is that the pages can be changed immediately by the owner, or by a user with write permission (such as leaving a comment about a blog post).
When it comes to security of a website, no dynamic website is 100% safe from hacker intrusion. Of course there are measures one can take to help keep a dynamic website secure, but even the largest industry level and government websites get hacked periodically. The “hack” here is typically of the SQL Injection type which is done by including portions of SQL statements in an entry field in an attempt to get the website to pass a newly formed rogue SQL command to the database. I’ve seen databases exploited through web mail servers as well, and there are likely other exploit options.
If you do have a dynamic website, my suggestion is to perform a database backup before any major website changes are made. This simply ensures that you have a point of reference in case your changes cause problems. I know from experience that not all plug-ins, components, and scripts work well together, and taking the time to do a backup can save a lot of headaches later. It is also important to do a backup before any template/theme upgrades, version changes, etc. Most dynamic platforms will update the versions rather frequently, and it is “almost” always a good idea to update since these typically provide security improvements in addition to other incidental improvements.
PHPMyAdmin Database Backup
In the past I’ve written about how to easily create and manage database backups for the Unix/Linux hosting platform with cPanel. Currently more than 60% of the world’s top hosting companies do use cPanel, yet if you use a hosting company (such as GoDaddy) that doesn’t provide it then you’ll need to backup the database using the utility provided, which in most cases will be phpMyAdmin. PhpMyAdmin is an open source tool written in PHP intended to handle the administration of MySQL with the use of a web browser. If you are unfamiliar with it then it may looks a little daunting, so I wanted to provide you a quick walk-through of how to use it.
Backing Up a Database
Okay, so depending upon the phpMyAdmin version provided by your hosting company the layout may look a bit different, but the same steps will be used no matter which version. When you open it up you’ll see a list of your databases at the left column. Left-click on the name of the one you want to back-up, and you’ll be taken to its page. As the screen shows that follows, on the database page you’ll see all of the database records shown both at the left and right columns.
The next step is to click “check all” at the bottom left “Tables” column. At the right there is the “With selected” drop-down box. Select “Export” as shown below.
Next you’ll see options for the “quick” and “custom” method. Some earlier versions don’t have this, they simply provide a variety of options. In either case, all you need to do is export as a “SQL” file, so in this example I selected “Quick”. Just click the “Go” button and you will be able save the database file to your default download location. At this point I would suggest creating a folder called something like “My Website Database” and then add the date to it as well, ie, “My Website Database – 3-24-13”.
Installing a Database
If you need to install the database the steps will be similar to what was shown above, yet with a few differences.
Okay, so again you click on the database name from the left column. You again select “Check All”. Next, in the “With Selected” box you now select “Drop”. This will remove all of the previous database entries. After selecting “drop” you’ll get a pink colored screen asking you if you really want to? Select “Yes” and all of the tables will be removed.
At this point you click on the “empty” database name (if not still selected) and choose the ‘Import” option (button at top of page next to export). There is a “browse” field where you navigate to your SQL file that you’ve saved previously, and you select the file. The other options of “character set” should be left as-is (utf-8), and check the allow partial import box, though this is typically only needed on very slow servers, and/or very large databases. Next there is “Format”. Again we select “SQL” since this is the format that it was saved as, and is needed for MySQL databases. Under SQL compatibility mode select “NONE” (note that in rare cases there may be compatibility issues. These are caused by some hosting platforms using very old database versions. Since our purpose here is simply to backup and then restore a database from the same hosting server, there won’t be a compatibility issue). Lastly, check the box “Do not use Auto-Increment” for zero values. Then select “Go”.
Now your previously saved database is in place and your website is restored.
Final Notes:
I wanted to write this post in part because one of my clients recently contacted me about a concern for his website’s security. In this client’s case, he has an XHTML website which doesn’t use a database. This is the most secure website platform possible since nothing can be written to it dynamically. Yet that being said, is his site 100% safe, well no. Here are some things to keep in mind:
Firstly, most people will unknowingly install trojans, key-loggers, or other forms of hacker intrusion which is used to locate access information for later exploit. These trojans are downloaded by people in a number of ways … poor personal firewall security, the clicking of links sent in spam emails, malicious malware websites, and phishing attacks. I note this since the majority of people don’t take the precautions necessary to keep their website data safe.
Everyone needs to start with a good virus scan application. As for myself, I password protect my computers through the MS-Dos system so the system doesn’t even boot-up until proper access is provided. I use the best firewall possible (Kaspersky), encrypt client data, regularly check for updates, and scan for exploits; yet I still recognize that no system is completely safe so there needs to be contingency plans.
What some don’t realize is that anytime you send data across over the internet there is a possibility of it being intercepted, which is true for FTP and emails. Most FTP programs will have the password hidden upon transfer, but the best option would be to have the entire transfer encrypted in some fashion. SFTP (secure file transfer protocol) is generally considered one of the best options to ensure safety since it uses a SSH (secured shell) private data stream. I use SFTP for all my clients who host with me. For email I recommend using Gmail or some other reputable web mail option with a secured “https:” data transfer.
I always encourage my clients/friends/family to back up anything of value at least in two places. This should include your website of course, as well as any personal content you don’t want to lose. In addition to my primary workstation I utilize two external hard drives to ensure backup redundancy, and both are turned off until files are sent to them. One of my colleagues also backs up all of his files on a cloud server. I don’t simply because I know that if worst case scenario I could simply log into the FTP client and re-download all of my client files after the catastrophe was over. And all reputable hosting companies do routine backups, which most provide for free.
Finally, you need to ensure that your passwords are not easy ones. I recognize that you want one that you can remember easily, but using a password generator is really the best option, especially for banking, FTP, and other places where there is sensitive content being transferred. And if you use a wireless network at home, ensure that there is strong encryption in place here as well.
As always, if you have questions about what I’ve noted here, or anything else, feel free to contact me.
