{"id":2338,"date":"2016-06-27T00:00:54","date_gmt":"2016-06-27T07:00:54","guid":{"rendered":"http:\/\/192.168.3.4\/?p=2338"},"modified":"2018-01-09T06:50:24","modified_gmt":"2018-01-09T14:50:24","slug":"wordpress-disaster-recovery","status":"publish","type":"post","link":"https:\/\/www.cloudacm.com\/?p=2338","title":{"rendered":"WordPress Disaster Recovery"},"content":{"rendered":"

Introduction<\/strong><\/p>\n

WordPress sites have been hacked and hijacked. Having the ability to recover from such an event can be critical. The recreation of content by other means may not be possible. This is why establishing a disaster recovery policy is important. More importantly, the policy must be put into practice.
\nIn this document, I\u2019ll cover the creation of a disaster recover policy and the steps involved in following through with the policy.<\/p>\n

Creating a backup<\/strong><\/p>\n

This should be done as soon as possible. We\u2019ll use this backup to restore to a sandbox system to validate that our policy is sound.<\/p>\n

First is to make a backup of the file\/folder structure. I copied mine with FTP. This file\/folder data will be overwritten onto a sandbox instance of WordPress. Only one of the files in this backup will need to be modified in order for it to work in on our sandbox environment. That file is \u201cwp-config.php\u201d which contains pointers to the WordPress database. These are the specific lines in that file that must match the sandbox environment.<\/p>\n

define(‘DB_NAME’, ‘NameOfDateBase’);
\ndefine(‘DB_USER’, ‘DatabaseUser’);
\ndefine(‘DB_PASSWORD’, ‘DatabasePassword’);<\/p>\n

Next, make a backup of the database. I used an integrated backup utility my provider makes available through its control panel. The database is then ready to download with FTP. Once copied, delete it from the host.<\/p>\n

Now that the database is copied locally, make another copy for modifications. These changes should not be made directly to the newly created backup database. Rather, you should create a copy of the database file for manipulation. This allows for additional recovery, in the event those changes cause the database to become corrupt.<\/p>\n

Setup the Sandbox<\/strong><\/p>\n

Testing the process of recovery should never be done on a live system. For this purpose, a sandbox environment is used to validate the steps of data restoration.<\/p>\n

I\u2019m going with a VM that has the standard LAMP (Linux, Apache, MySQL, and PHP) setup. I won\u2019t go through how to create VMs or install LAMP. That is beyond the scope of this paper. There is plenty of documentation and demonstrations on how to do that online.<\/p>\n

Once the system is up and running, I\u2019ll install MyPHPAdmin. I\u2019ve found that this tool is much easier to use than fumbling through command line entry. Again, install steps are not covered here. Once it is up and running, you\u2019ll need to create a database and the user \/ password that WordPress will use.<\/p>\n

Login on the phpMyAdmin portal and click the \u201cDatabases\u201d link in the ribbon above the main page. Type in the name of the database we\u2019ll use for WordPress, in this example it will be \u201cwordpress\u201d, then click Create. You should see it listed in the left and below now.<\/p>\n

Now we\u2019ll create the user account that WordPress will use to connect with the database. Click the \u201cUsers\u201d link in the ribbon above. Midway down the page you should see a link named \u201cAdd user\u201d, click it. The Add user page should load. Fill in the fields for these items and set these options as follows:<\/p>\n

Login Informatoin
\nUser name: dbtest
\nHost: Local (localhost)
\nPassword: dbpass (use something stronger if online, but this is a sandbox)
\nRe-type: dbpass<\/p>\n

Database for user
\nGrant all priviledges on wildcard name \u2013 Check this box<\/p>\n

Global priviledges \u2013 Check all<\/p>\n

Resource limits \u2013 leave default<\/p>\n

Now the user account and database are ready for WordPress to utilize. We are ready to start the WordPress install and configure it on our sandbox. The steps to install will not be covered. I\u2019ll only cover the steps once it is installed.<\/p>\n

Now that WordPress is installed, you\u2019ll be prompted with a language preference when you first load the site. Choose your language and click Continue. Here you will see a notice about WordPress needing to connect to a database. This will be the database we create just a bit ago. Let\u2019s go!<\/p>\n

Enter in the information to connect to our WordPress database and click Submit. Then Run the install.<\/p>\n

\"PostImage1\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Since this site will be overwritten later on, it isn\u2019t all that important what is entered in the Welcome page. Do make a note of it anyway, you may need it later. Use better login info if your sandbox is online, which is something highly discouraged.<\/p>\n

\"PostImage2\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Now our sandbox WordPress site should be ready to use.<\/p>\n

\"PostImage3\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

One thing to look at before we move on is the \u201cwp-config.php\u201d file in the root of the WordPress site. Go ahead and open it up in a text editor. You should see these entries:<\/p>\n

define(‘DB_NAME’, ‘wordpress’);
\ndefine(‘DB_USER’, ‘dbtest’);
\ndefine(‘DB_PASSWORD’, ‘dbpass’);<\/p>\n

This is the config page we\u2019ll edit next when we restore our live database and file structure onto our sandbox system.<\/p>\n

Modifying and Restoring the live WordPress site in the Sandbox<\/strong><\/p>\n

Now comes the moment of truth. Before we restore the data, it must be modified to work in our sandbox environment. Make a copy of the live database backup. This way, we can revert back if something doesn\u2019t go quite right.<\/p>\n

Massage the data<\/strong><\/p>\n

Now, open the database copy in a text editor, I\u2019m using Notepad++. Since my live system is hosted with SSL and my sandbox is not, I\u2019ll need to do a search and replace for \u201chttps:\/\u201d and change it to \u201chttp:\/\u201d<\/p>\n

Next, I do search and replace for the URL that my live site uses and replace it with my sandbox URL. That\u2019s it, the database can be saved. Now we are ready to import it into our sandbox database on MySQL.<\/p>\n

Import the data<\/strong><\/p>\n

From phpMyAdmin, go to the sandbox database then select Import from the ribbon bar. Select the database to import and uncheck the option to interrupt. Otherwise, the process could timeout.<\/p>\n

\"PostImage4\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

It may take several minutes to complete. Keep the phpMyAdmin page open, it will tell you when it\u2019s done.<\/p>\n

\"PostImage5\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

Now the file and folder structure can be copied over the sandbox instance of WordPress. Before we begin, lets backup the sandbox \u201cwp-config.php\u201d file. We\u2019ll use this later.<\/p>\n

Once the sandbox WordPress directory has been overwritten with our live backup files and folder, we can modify the \u201cwp-config.php\u201d file to point to the sandbox database.<\/p>\n

define(‘DB_NAME’, ‘wordpress’);
\ndefine(‘DB_USER’, ‘dbtest’);
\ndefine(‘DB_PASSWORD’, ‘dbpass’);
\ndefine(‘DB_HOST’, ‘localhost’);<\/p>\n

That should do it, save the \u201cwp-config.php\u201d file and reload the sandbox WordPress site. You should see something similar to your live WordPress site.<\/p>\n

The theme, plugins, comments, posts, etc. should all be there. You may notice some formatting or main page content not quite in line with what\u2019s live. Look around, 99% of it should be available.<\/p>\n

Now, login on the wp-admin portal of the sandbox. You will need to use the login that is setup on your live system. This is because the database that was imported contains that information. This is why it\u2019s important to safeguard the database backup files. Even though the password is hashed, it can be broken to reveal it in plaintext.<\/p>\n

You have no excuses now! Do your backups and test your restore process before you need to!<\/p>\n","protected":false},"excerpt":{"rendered":"

Introduction WordPress sites have been hacked and hijacked. Having the ability to recover from such an event can be critical. The recreation of content by other means may not be possible. This is why establishing a disaster recovery policy is important. More importantly, the policy must be put into practice. In this document, I\u2019ll cover the creation of a disaster recover policy and the steps involved in following through with the policy. Creating a backup This should be done as…<\/p>\n

Read More Read More<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2338","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts\/2338","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2338"}],"version-history":[{"count":12,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts\/2338\/revisions"}],"predecessor-version":[{"id":2353,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=\/wp\/v2\/posts\/2338\/revisions\/2353"}],"wp:attachment":[{"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2338"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2338"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cloudacm.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2338"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}