Backing up your WordPress site (or multisite) is an important task if you care about your content. A good backing up system can save you a lot of time if something happens to your data or, even configuration. This tutorial will go through how to setup and use Akeeba Backup CORE for WordPress.
Requirements
- WordPress has been fully installed and configured
- Have root Priveleges
Installation
Akeeba Backup CORE for WordPress is a plugin, so install it in the same way you install plugins. If you are running a WordPress MultiSite installation then you will have to do it manually, as seen here
Configuration
Press on the Akeeba Backup menu item on the left in your admin panel. At the top you should see Configuration wizard. When you click it, the configuration will start. If everything is set up correctly then you should get a success message. However in my case there was a problem in that the wizard was not able to write to the output directory, which by default is in the apps/backups/ directory in the plugin directory. Let’s go into the server and check out this problem:
[ahmed@amayem ~]$ cd /path/to/wpinstallation/wp-content/plugins/akeebabackupcore/app/
Let’s take a look at the permissions:
[ahmed@amayem app]$ ls -l
total 276
drwxr-xr-x 32 ahmed ahmed 4096 Sep 13 18:14 Awf
drwxr-xr-x 2 ahmed apache 4096 Sep 15 02:17 backups
-rw-r--r-- 1 ahmed ahmed 7451 Sep 13 18:14 CHANGELOG.php
-rw-r--r-- 1 ahmed ahmed 707 Sep 13 18:14 defines.php
-rw-r--r-- 1 ahmed ahmed 8661 Sep 13 18:14 htaccess.txt
-rw-r--r-- 1 ahmed ahmed 3460 Sep 13 18:14 index.php
drwxr-xr-x 4 ahmed ahmed 4096 Sep 13 18:14 languages
drwxr-xr-x 7 ahmed ahmed 4096 Sep 13 18:14 media
-rw-r--r-- 1 ahmed ahmed 219685 Sep 13 18:14 restore.php
drwxr-xr-x 10 ahmed ahmed 4096 Sep 13 18:14 Solo
drwxr-xr-x 3 ahmed ahmed 4096 Sep 13 18:14 templates
drwxr-xr-x 2 ahmed ahmed 4096 Sep 13 18:14 tmp
-rw-r--r-- 1 ahmed ahmed 104 Sep 13 18:14 version.php
The problem is that only the user ahmed can write to the backups directory. We need to give apache write permission, but the problem is that to do that I would also have to give everyone permission to write to the directory. Instead I will change the group of the directory to apache and give that group write permission:
[ahmed@amayem app]$ sudo chgrp apache backups
[ahmed@amayem app]$ chmod g+w backups/
[ahmed@amayem app]$ ls -l
total 276
drwxr-xr-x 32 ahmed ahmed 4096 Sep 13 18:14 Awf
drwxrwxr-x 2 ahmed apache 4096 Sep 15 02:17 backups
-rw-r--r-- 1 ahmed ahmed 7451 Sep 13 18:14 CHANGELOG.php
-rw-r--r-- 1 ahmed ahmed 707 Sep 13 18:14 defines.php
-rw-r--r-- 1 ahmed ahmed 8661 Sep 13 18:14 htaccess.txt
-rw-r--r-- 1 ahmed ahmed 3460 Sep 13 18:14 index.php
drwxr-xr-x 4 ahmed ahmed 4096 Sep 13 18:14 languages
drwxr-xr-x 7 ahmed ahmed 4096 Sep 13 18:14 media
-rw-r--r-- 1 ahmed ahmed 219685 Sep 13 18:14 restore.php
drwxr-xr-x 10 ahmed ahmed 4096 Sep 13 18:14 Solo
drwxr-xr-x 3 ahmed ahmed 4096 Sep 13 18:14 templates
drwxr-xr-x 2 ahmed ahmed 4096 Sep 13 18:14 tmp
-rw-r--r-- 1 ahmed ahmed 104 Sep 13 18:14 version.php
Looks good now. Let’s try the configuration again, and we should get success.
Restricting Access to the Backups Directory
Click on backup now at the top and you should get an interesting warning at the top:
Akeeba Backup for WordPress may not work as expected
Akeeba Backup for WordPress detected the following potential problems:
The link to the warning documentation explains the danger of leaving the output directory as the default directory. Basically the directory is browser accessible, making all your data open to the public. You can check this yourself by going to the following url in your browser:
yourdomain.com/wp-content/plugins/akeebabackupcore/app/backups/index.html
If you get an empty page then you were able to access that file. In fact you can go to that file in your server and modify it and your modifications will show in your browser when you refresh.
Having your data so accessible by the public may not be such a good idea. In that case, Akeeba suggests using a .htaccess file, if you are using apache, to prevent access, by adding the following in it:
order deny,allow
deny from all
These instructions tell Apache to order the filters with deny first then allow, and then specifies the first deny filter as denying all. This should fix the problem. I, however prefer not to use .htaccess files because it would cause a performance hit. Instead I prefer changing the httpd.conf file as I did here
Changing the httpd.conf
Access the file as follows:
[ahmed@amayem ~]$ sudo vi /etc/httpd/conf/httpd.conf
Search for the last occurrence of </Directory> by typing in /</Directory>, and pressing n to go through the occurrences. When you reach the end press i to enter into insert mode, and paste the following after the last occurrence:
<Directory "/var/www/wpadmin/wp-content/plugins/akeebabackupcore/app/backups/">
order deny,allow
deny from all
</Directory>
Exit with Esc or ctrl+c then save by entering :x. Now restart apache:
[ahmed@amayem ~]$ sudo apachectl restart
Done. Now try to access that website again and you should get a message saying that access to that file is forbidden.
Backing Up
Now that we have restricted access to the output directory time to backup. The warning will still be at the top because we haven’t changed the default directory, but we did secure it so we shouldn’t be worried about it. Click on Backup Now to start the backup. Once it is finished you can see it using manage backups.
