Many of you have heard of VaultPress, the WordPress blog back up solution offered by Automattic (the folks who run WordPress.com) for self-installed WordPress sites (TNW coverage). If you haven’t heard of VaultPress, does more that just backup your WP database (which you should be doing regardless!), it actually backs up all your key WordPress files.—uploads, themes, etc. These are things that are irreplaceable parts of your site. You might be able to just download and re-install WP, and if you have regular backups of your database on the server (or better emailed to a gmail account or something) you can bring back most of your site, but if you lose that custom theme or years worth of uploads—you’re hooped.
This is all well and good. Offsite, complete backups of your site are awesome, but what if you’re hacked? Or worse, what if you’re hacked and don’t know it. Getting hacked and not knowing about it, isn’t as uncommon as you might think. I have see lots of friends who aren’t just tech savvy, but WordPress tech savvy be hacked and not realize it right away. VaultPress announced today a new feature to their premium backup plan that will let you know if you might have been hacked and then, help you fix it:
How it works
VaultPress knows which version of WordPress your site is running. For each particular version of WordPress, we know what the MD5 checksum for each of the core files should be (an MD5 checksum is a kind of digital fingerprint for a file, that can be used to validate the integrity of that file).
Our new core file scanner scans your site and does the following:
Checks that each of the expected core files exists
Checks the MD5 checksum of each file
Stores information about each file from PHP’s stat() function
On our initial scan of your site, we perform all three of these steps for each of the 750+ WordPress core files. This scan creates a baseline that we can compare against in future scans. If the MD5 checksum of a core file doesn’t match, we notify you through an alert in the security tab of your VaultPress dashboard. A variation in the checksum means that the file has been modified from the original version that came with your WordPress install.
Right, VaultPress might not be able to prevent hacking, but they can certainly help to let you know as soon as possible that something might be amiss and where the problem might lie. As awesome as this might be, I think it also helps Automattic know what files hackers are going after and what server vulnerabilities hackers are using to get into sites. Not important data? Yeah, think again. This is crucial data in the fight against hackers. Like Akismet helping us all understand blog spam better, these data can help us understand hackers better. Not only that, say several blogs that share the same host are hacked, Automattic would then be in a position to inform the host that they might have an issue.
The one thing that I see as a drawback to VaultPress is the cost. The basic plan is $15/month/blog and the premium plan $40/month/blog (these will go up to $20 and $50 respectively after the beta period) and sure they aren’t exorbitant, but more than a few sites (I do have several) and that gets expensive. On the other hand, the first time it saves your tushie it would all be worth it.
So, VaultPress, a good idea that has gotten better with security checking. I did get a beta invite and didn’t use it because I didn’t feel I could justify the price. Though now that I think of it, I do have a lot of stuff on the server that should be backed up better…
What’s your feeling? $40/month/blog too much for backup with security checking? Or would you opt for the $15/month plan and live a (little) dangerously?
Hat tip to BlogHerald where I read it first.