How to facilitate automated backups

There are a number of plugins to automatically back up your WordPress files and database.

If you wish to do this via CLI, here's how:

First, create an S3 bucket to store your backups. (It's important that this bucket is not the one you're using to serve your web content.) For example, create a bucket named rob-test-surestack-backup (make sure to change this value) throughout the rest of the article.

Second, grant your EC2 instance access to this bucket.

In the AWS console, select your EC2 instance
In the EC2 details, click on IAM role
On the right, click Add inline policy
Select the JSON tab
Paste in the following (remember to change the S3 bucket name):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": [
                "arn:aws:s3:::rob-test-surestack-backup/*"
            ]
        }
    ]
}

This gives your EC2 instance the permission to write to the backup S3 bucket. The key here is that you are restricting the permission to s3:PutObject, so server does not have the ability to delete nor snoop around your backup S3 bucket.

Third, create the following script:

/home/ec2-user/backup.sh

Make it executable:

chmod +x /home/ec2-user/backup.sh

And paste in the following contents:

<span class="ch">#!/bin/bash</span>

<span class="k">if</span> <span class="o">[[</span> <span class="s2">"</span><span class="nv">$1</span><span class="s2">"</span> <span class="o">==</span> <span class="s2">""</span> <span class="o">]]</span> <span class="o">||</span> <span class="o">[[</span> <span class="sb">`</span>whoami<span class="sb">`</span> !<span class="o">=</span> <span class="s2">"root"</span> <span class="o">]]</span><span class="p">;</span> <span class="k">then</span>
    <span class="nb">echo</span> <span class="s2">"Usage: sudo </span><span class="nv">$0</span><span class="s2"> rob-test-surestack-backup"</span>
    <span class="nb">exit</span> <span class="m">1</span>
<span class="k">fi</span>

<span class="c1"># usage: ./backup.sh rob-test-surestack-backup</span>
<span class="nv">BUCKET</span><span class="o">=</span><span class="nv">$1</span>
<span class="c1"># takes the docroot as the second parameter, or defaults to /var/www/html/wordpress</span>
<span class="nv">DOCROOT</span><span class="o">=</span><span class="si">${</span><span class="nv">2</span><span class="k">:-</span><span class="p">/var/www/html/wordpress</span><span class="si">}</span>

<span class="c1">#</span>
<span class="c1"># back up WordPress files</span>
<span class="c1">#</span>

<span class="c1"># back up the entire html folder, because some folks move the wp-config file to the parent folder</span>
<span class="nb">cd</span> /var/www
<span class="c1"># create a zipped tar archive named html-yyyy-mm-dd.tar.gz</span>
tar czvpf html-<span class="k">$(</span>date +%Y-%m-%d<span class="k">)</span>.tar.gz html
<span class="c1"># use the AWS CLI to copy this file to the S3 bucket</span>
aws s3 cp html-????-??-??.tar.gz s3://<span class="nv">$BUCKET</span>/
<span class="c1"># clean up the file</span>
rm -f html-????-??-??.tar.gz

<span class="c1">#</span>
<span class="c1"># back up database</span>
<span class="c1">#</span>

<span class="c1"># do this in a directory that is outside of the docroot</span>
<span class="nb">cd</span> /var/www
<span class="c1"># use the WP CLI to export the database</span>
<span class="c1"># point the path to the docroot, since we're doing this from outside the docroot</span>
<span class="c1"># allow-root lets you run this command as root</span>
<span class="c1"># the hyphen (-) sends the database backup contents to standard-out</span>
<span class="c1"># the standard-out gets piped into gzip</span>
<span class="c1"># and the gzip contents are dumped into a file db-yyyy-mm-dd.gz</span>
wp db <span class="nb">export</span> --path<span class="o">=</span><span class="nv">$DOCROOT</span> - --allow-root <span class="p">|</span> gzip &gt; db-<span class="k">$(</span>date +%Y-%m-%d<span class="k">)</span>.gz
<span class="c1"># copy the file to S3</span>
aws s3 cp db-????-??-??.gz s3://<span class="nv">$BUCKET</span>/
<span class="c1"># clean up the file</span>
rm -f db-????-??-??.tar.gz

Run the script with this command:

cd /home/ec2-user/
sudo ./backup.sh rob-test-surestack-backup

To run this weekly, edit the root user's crontab:

sudo su
crontab -e

And add in the following entry:

* * */7 * * /home/ec2-user/backup.sh rob-test-surestack-backup &gt;/dev/null 2&gt;&amp;1

(Again, remember to change the S3 bucket destination.)

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:PutObject", "Resource": [ "arn:aws:s3:::rob-test-surestack-backup/*" ] } ] }

#!/bin/bash if [[ "$1" == "" ]] || [[ `whoami` != "root" ]]; then echo "Usage: sudo $0 rob-test-surestack-backup" exit 1 fi # usage: ./backup.sh rob-test-surestack-backup BUCKET=$1 # takes the docroot as the second parameter, or defaults to /var/www/html/wordpress DOCROOT=${2:-/var/www/html/wordpress} # # back up WordPress files # # back up the entire html folder, because some folks move the wp-config file to the parent folder cd /var/www # create a zipped tar archive named html-yyyy-mm-dd.tar.gz tar czvpf html-$(date +%Y-%m-%d).tar.gz html # use the AWS CLI to copy this file to the S3 bucket aws s3 cp html-????-??-??.tar.gz s3://$BUCKET/ # clean up the file rm -f html-????-??-??.tar.gz # # back up database # # do this in a directory that is outside of the docroot cd /var/www # use the WP CLI to export the database # point the path to the docroot, since we're doing this from outside the docroot # allow-root lets you run this command as root # the hyphen (-) sends the database backup contents to standard-out # the standard-out gets piped into gzip # and the gzip contents are dumped into a file db-yyyy-mm-dd.gz wp db export --path=$DOCROOT - --allow-root | gzip > db-$(date +%Y-%m-%d).gz # copy the file to S3 aws s3 cp db-????-??-??.gz s3://$BUCKET/ # clean up the file rm -f db-????-??-??.tar.gz