Why You Don’t Need to Back Up WordPress

Unless you update your WordPress site multiple times an hour and share it with multiple users, I suggest that you not bother with automated backup tools or plugins.

WordPress is powerfully redundant. Everything you do is written to its database in almost real time. Every few minutes, whether you save or not.


Your hosting company, by the way, runs a backup every night. If not, find another hosting company. If so, they have your database as it existed last night when you went to bed. Not, of course, that you need their backup, because everything you’ve done up till, say, 12 minutes ago, is already in the database. So unless you go in and wipe things out intentionally, more on that later, you’re not going to lose anything.

Direct nuclear strike to the hosting company? Guess what: last night’s backups are probably offsite, a thousand miles away.

I’m helping one poor soul right now whose web person configured a backup tool to run 4 times a day.


The hosting company shut the site down recently because it was eating up space (gigabytes and gigabytes for a tiny website) and eating up server resources, running backups all day long.

And now we’re cleaning up years’ of backups that didn’t need to be kept (and, frankly, didn’t need to be created.)

The Big Exception

I’m talking here about a WordPress plugin that runs automated backups.

What I’m not talking about is keeping a copy of the most recent version of your theme and any images you use on the site. Your originals.

Those, you should have.

And now, I’ll tell you about the one and only time I lost data on a WordPress site, despite managing something like 100 of them over the years.

My Sad Disaster Story

We were converting from a bunch of disparate hosting accounts, one for each client, to a shared hosting situation here at Charlottezweb. One by one we moved the client sites from whichever host machine they’d landed on to our single machine.

A year later, one of the sites was still there on the old hosting. I checked. There was a new version on our new setup. I checked again. Confirmed my confirmation.

And I went to town with the deleting.

WordPress files and folders: deleted. With prejudice.

Database: tables nuked from the command line. There is no coming back from that.

Minutes later the client emailed about their site being down . . .

Yes, that’s right: after multiple confirmations I was in the right place doing the right thing, I deleted the only existing copy of the site she’d spent a year modifying and configuring, because she’d never been given access to the new site and was still working on the old.

The client was a friend. The friend hadn’t been happy with their work and was considering wiping it out and starting over again. Disaster averted. Though we gave them free hosting for a year, and I groveled until they asked me to stop. I still get a knot in my stomach thinking about it.

Here’s my lesson learned: when I’m doing something you don’t come back from, I quadruple-check — and then I ask Sue to give it a look anyway.

Here’s your lesson to learn: a hundred or more WordPress sites, and the only data loss I ever remember is when I went in with demigod access and used a digital flamethrower on it. So, like, don’t do that.

Over to You

Down in the comments, tell me your situation where you really truly absolutely know you just have to have a backup plugin running on WordPress. Or if you’re a web developer or server admin and see a hole in my reasoning, I’d love to hear about it.

This entry was posted in Security, Wordpress and tagged , , . Bookmark the permalink.

What do you think?