I work for a data protection company. I spend a decent amount of time (and a small amount of money) writing blogs posts on my WordPress site that runs on an AWS Lightsail instance. So after publishing a few posts to my blog I naturally started thinking about how I was going to backup my site and protect it against any unforeseen glitches or hacks.
An AWS Lightsail instance runs on a single physical server. That server could have hardware problems and/or reboot unexpectedly. Which means your instance could experience an unexpected outage, similar to pulling the power plug when you were least expecting it. In a worst case scenario it could lead to data corruption to your WordPress config files, your operating system, or your mySQL database.
Think about it from a security perspective as well. WordPress sites get hacked all the time, it would be nice to have the protection of a point in time copy of your instance plus your WordPress data that you could roll back to in case things your site gets compromised. A website is public facing, it is very likely someone could scan your site for vulnerabilities and hack it. For me it would be more a nuisance than anything else but I still don’t want to lose hours of time spent that I could have easily avoided against with backups.
UPDATED DEC 7th, 2018 – See my Github site for sample code to backup WordPress on Lightsail!
WordPress – what to backup?
WordPress is pretty simple, we only have to protect a few things:
- PHP – WordPress is written using PHP as the scripting language, we’ll need a good copy of the PHP config
- Apache – Apache is the web server that runs WordPress and serves up web pages, we’ll need a copy of the Apache config
- mySQL – mySQL is the database used by WordPress for data management, this is an important component of our backup because it contains our website data
- Lightsail instance / operating system – Our website won’t run without an operating system, we need a way to keep a point in time copy of our Linux OS
If you are running WordPress on a hosted site you probably don’t need to worry as much about backups. Your service provider is probably running your WordPress backups and charging you for the service. However, if you are running a Lightsail instance with a preconfigured WordPress application you do need to worry about protecting your site and OS. Why? Because AWS is simply giving you a Linux instance running in their cloud with a preconfigured Bitnami WordPress app installed. AWS doesn’t take care of your backups, you have to do this yourself and this is part of the AWS shared responsibility model.
What about still using a WordPress backup plugin? You certainly could use a free or paid WordPress plugin to backup your WordPress site. These usually take care of the all the config files and the mysql database that makes up WordPress. Personally, I’m not terribly enthused with WordPress plugins, they expose your site to vulnerabilities, they constantly need patching, they get abandoned and deprecated over time by the developers, and they just seem clunky to me.
Also, what if my Linux operating system is corrupt or hacked? With a WordPress backup plugin, I would have to redeploy my instance from scratch with a blank WordPress installation and then try restore using the plugin. I want a copy of my Linux instance so I have less work to do in the case of a disaster. If my instance vanished tomorrow, I just want to bring everything back in a few minutes without reinstalling a bunch of packages, plugins, then manually restoring.
Getting a clean copy of your WordPress site in a backup
You might be tempted to just take a Lightsail snapshot of your running WordPress Linux instance and call it a day. Snapshots are a point in time clone of your Lightsail instance disk that can be used to spin up a copy of your instance in case of disaster or to launch a second identical instance. You can create snapshots from the Lightsail console, the AWS API, or the AWS CLI installed on your instance. I might sound paranoid for this, but an operating system snapshot isn’t adequate for my WordPress backup. Just look at the Bitnami documentation for creating a full backup of your WordPress site.
PHP, Apache, and mySQL work together to run your WordPress site. The operating system coordinates the compute, memory management, networking, and disk I/O subsystem. If you try to just take a LightSail snapshot of the operating system, you may have a transaction in flight that is sitting in RAM but has not yet been committed to the mySQL database. Or Linux may have filesystem I/O that has not yet been flushed to disk. You can’t be sure you are getting a good backup unless you stop your WordPress services and back up the database and config files while the services are stopped.
Would a Lightsail snapshot work as a backup? Sure, you can take an existing Lightsail snapshot and create a new instance from that snapshot. And most likely your PHP, Apache, and mySQL would start up just fine and your website would work just like it did when you took the snapshot. But there is a slim chance that you could experience some type of problem where your PHP, Apache, or mySQL doesn’t start correctly. The industry lingo for this concept is a crash consistent versus application consistent snapshot. Lightsail snapshots are crash consistent since the operating system will boot up but not application consistent (the app may not start correctly). We want application consistency for WordPress and crash consistency for our Linux image.
Application consistency with WordPress
Luckily you can easily get a backup of your WordPress site and use a Lightsail snapshot of the instance to keep everything in an AWS snapshot. This involves a quick site outage but will guarantee your mySQL database and WordPress files are all quiesced with no pending writes.
The WordPress app bundled in (Linux) Lightsail is nicely contained in the directory /opt/bitnami. Everything related to WordPress resides in that directory. So all you have to do to backup WordPress is to stop all the services, create a backup tar image of the directory, and then start the services back up.
Once you have a tar image of /opt/bitnami you can then take a snapshot of your Lightsail instance. This will create an AWS snapshot (stored in S3) of your instance that contains a tar file of your entire WordPress site. If your instance got hacked or corrupted, all you’d have to do would be to create a new instance from the AWS Lightsail snapshot, stop the WordPress services, clear our the contents of the /opt/bitnami directory, untar the backup file to /opt/bitnami, then restart the WordPress services.
How to backup WordPress on Lightsail
We are going to do this with the CLI so first you’ll need to download your SSH key and SSH into your instance. Unlike EC2 instances, your SSH user is ‘bitnami’ instead of ‘ec2-user’. Make sure you turn on SSH access on your instance firewall in the Lightsail console.
ssh -i YourLightsailKey-region.pem bitnami@<yourPublicIPaddress>
Install the AWS CLI tools so you can take snapshots of your instance from the command line. That way you can script the backup process in ‘cron’ later if you want to automate this process. Don’t install the AWS CLI with ‘apt-get’ since you’ll get an old version that doesn’t include Lightsail tools. Install install with the Python tool ‘pip’. You’ll know if you have the right AWS CLI version if you see the option to run something like ‘aws lightsail help’.
$ aws --version aws-cli/1.15.80 Python/2.7.12 Linux/4.4.0-1060-aws botocore/1.10.79
Now run ‘aws configure’ to connect the AWS CLI to your account. Use your access key and secret key to connect and then pick the region where you have your Lightsail instance hosted. You should now be able to list your instance names (save the name for later).
$ aws lightsail get-instances | grep name "username": "bitnami", "name": "pebblesandweeds-512MB-myregion", "name": "running"
Create a directory where you’ll store your WordPress backup tar file, I’m using /home/bitnami/backup. Now stop all WordPress services (php, Apache, and mySQL).
sudo /opt/bitnami/ctlscript.sh stop
Now that everything is stopped, tar up everything in /opt/bitnami into a tar file in /home/bitnami/backup (or whatever backup directory you created).
$ pwd /home/bitnami/backup sudo tar -pczvf application-backup.tar.gz /opt/bitnami
Now start start WordPress again to get your website back online.
sudo /opt/bitnami/ctlscript.sh start
Now create an instance snapshot for a crash consistent AWS snapshot of your running instance that contains a full WordPress site backup file embedded in the snapshot. You’ll need your instance name as an argument (and the region if you are working with a region different than the one you gave in ‘aws configure’).
aws lightsail create-instance-snapshot --instance-snapshot-name my.latest.snapshot --instance-name pebblesandweeds-512MB-myregion
As an extra measure of safety, I’m going to also move my backup file to another S3 bucket in my account so I have a second copy.
$ aws s3 cp /home/bitnami/backup/application-backup.tar.gz s3://mybucketname
You probably want to only store the latest Lightsail instance snapshot to avoid getting charged for storing many snapshots, you can easily remove old snapshots with the CLI or the LightSail console. The entire process can be scripted and scheduled as an automated process as well.
Thanks for reading!