Nowadays data protection is an increasingly significant issue – be it the protection of data on a personal computer, in a local network or in the Internet. It can be really frustrating when a lot of resources and time has been spent on a certain project and then a malfunction occurs (database error, a virus etc.) that destroys the data. If backup copies were created before the malfunction occurred then it won’t cause any issues. If not then it will be necessary to start all over again.
The article was last updated on August 23rd 2016.
Nowadays data protection is an increasingly significant issue – be it the protection of data on a personal computer, in a local network or in the Internet. It can be really frustrating when a lot of resources and time has been spent on a certain project and then a malfunction occurs (database error, a virus etc.) that destroys the data. If backup copies were created before the malfunction occurred then it won’t cause any issues. If not then it will be necessary to start all over again.
You can ask why it is necessary to create backup copies yourself when your webhosting provider also offers backup services. But webhosting companies may also have malfunctions and system failures, moreover a possibility of negligence shouldn’t be excluded (staff forgot to create a backup), especially by “low-cost webhosting”. Furthermore site backup copies are often stored on the webhosting account in the same folder as the site itself. Thus in case of a serious malfunction these backups will be lost as well as the site contents.
Data can be also lost because of a delay of the payment for webhosting service. In this case the website and backups are stored for 1-2 months and then removed irretrievably. There is a known case that occurred when one Russian webhosting company didn’t receive the payment on time and all the data was removed after a certain period of time. And the issue wasn’t caused by the client’s negligence as they paid for the webhosting services, but money wasn’t transferred to webhosting company. Such things also happen sometimes. The client had to pay for the webhosting again and restore most of the data from scratch as most of the content upload and site configuration work was conducted when the site was already online.
We are well aware of similar cases and thus we recommend to our clients to take certain data protection measures.
What can we suggest to our customers?
- Migrate the sites from older versions of Joomla! CMS to the latest one. Security releases for Joomla! CMS 1.0.x -2.5.x aren’t issued anymore. This means that if a security issue occurs in an older version, no one will fix it. These versions aren’t supported at the moment, new extensions for them aren’t created. If you had older data protection components’ versions they won’t be renewed as well which can lead to a significant decrease in the security level of the site. Here you can start thinking of additional expenses for the site migration to the latest version of Joomla! CMS and their advisability. Then you need to calculate possible expenses for the lost data restoration and compare the sums.
- So you have the latest Joomla! CMS 3.6.x. Change the superuser username (admin) to another one and change the password as often as possible. This is a rather simple option of raising the security level of your resource as prior to hacking the superuser password it is necessary to find out the username as well.
- Change the path to the ‘Temp’ folder in site global configuration (Admin panel >> Site >> Global configuration >> Server >>Path to Temp Folder). Clear this folder from time to time, especially after new site extensions have been installed. Don’t forget to remove zipped installation packages after uploading them to the site and extracting.
- Prior to downloading and installing a new extension on your website please check its security and backup the site before the installation (see point 5). Check the lists of dangerous extensions at http://forum.joomla.org/viewforum.php?f=296 and if your new extension is blacklisted then it is better to discard it.
- Install an extension that allows creating site backups. There are a lot of extension with similar functionality and the most popular are Joomlapack and Akeebabackup. We won’t describe the configuration of these components here, you can check it at their providers’ sites. There is something though that should be mentioned about the Joomlapack component. This component is integrated to administrative panel of Joomla! CMS upon the installation and allow to create full backup from there easily. Another Joomlapack advantage is that it creates a backup of the site and site contents in a single archive. To restore the site from backup it is necessary only to copy the archive to the webhosting and remove the ‘configuration.php’ file from the site root folder.
Akeebabackup is Joomlapack’s successor. This component works similarly to Joomlapack. It also creates a full backup in a single archive.
It is also necessary to mention the AdminTools component here. Akeebabackup and AdminTools are the products of the same developer. If you decided to use Akeebabackup, it is recommended to install and use AdminTools with it. AdminTools allows to change the standard ‘Jos_’ database prefix to another one, set access permissions for site files and folders, configure additional username and password for admin area and change superuser ID (identification number).
Please note that after creating a site backup (regardless of the component used for backup creation) it is necessary to copy it to the local disk or to some portable data medium (for example on a flashcard), that will be stored separately. Thus you will be able to protect your site completely.
If for some reasons you don’t want to install components for data backup you can employ the services of an experienced administrator who can create database and site file backup using the already available tools (PHPMyAdmin etc.) and will update them regularly.
It’s better not to cut down on time and finances when it’s about the protection of your website as you can lose much more if you don’t guarantee your data protection beforehand.
For instance imagine you have a eLearning portal where a lot of people take paid courses. They have paid for the knowledge and they are intent on receiving it. If for some reason force majeure occurs and all the data is lost you can lose customers as well. They won’t wait patiently till you restore the courses, they are free to go and take their eLearning somewhere else.
But if you have created a backup copy of your site and update it regularly then all your users will continue studying almost from the same step after the site is restored. Which means you won’t lose your clients anyway.
What to read next?
LMS Security Matters
10 Reasons to Build Your ELearning Project With JoomLMS [Infographic]
ELearning Project Launch CheckList
