Your WordPress Disaster Recovery Plan

WordPress Disaster Recovery PlanI didn’t sleep very well last night. No, it wasn’t because of a barking dog, a crying child, or my WordPress website had been hacked. We had a very rough storm roll through – complete with lightning, thunder, a tornado warning, and more rain that we’ve had in a single night in quite a while.

While laying awake watching the storm, what I usually do so my family can sleep uninterrupted, I got to thinking about where all of our important papers were and how easily we could locate them in the event of a natural disaster. Fortunately, we have a pretty good disaster recovery plan in place. We have two fire safes located in our house – one in our Master Bedroom and one in the basement. Great, I knew where our important papers were.

Then, my mind wandered over to my WordPress websites. I’m currently moving all of my websites to a new, more powerful server, so it’s the perfect time to update my disaster recovery plan for my WordPress websites. I keep a record of all the important information I need to access or move both in an electronic document AND a printed document.

Since I am changing servers, I will need to update certain items on this document, so it’s the perfect time to confirm all the information on the document. I thought I’d share this with you as well.

What Information Do I Need To Record

WordPress Control Panel

Your Server Control Panel Login Information

Whether you use cPanel, Plesk, ServerCP, or some other control panel, you have to login to access the control panel. Be sure to record not only the login ID and password, but the URL for your login access. Sometimes, this may include a port, so don’t forget to include that information as well.

Your Domain Registrar Login Information

If you are moving from one server to another, you will probably need to change your nameservers. To do that, you will need to login to your Domain Registrar’s control panel to make those changes, so be sure to record your login ID, your password, and the URL you use to login.

Your DNS Login Information

If you host your own nameservers, you will not need this information. Also, if you use your registrar’s nameservers, you will not need this information. However, after the recent GoDaddy debacle, I would recommend against this. If you use an external DNS service, then you should record your login ID, password, and the URL you use to login.

Your Server IP Address

If you host your own nameservers, this will not be important for any of your configuration, but you should still have it recorded. If you use your registrar’s nameservers or another nameserver, then you will need the server IP address to record in your “A” record.

Your NameServer Information

You should have at least two nameservers – sometimes more. Typically, the protocol would be,,, etc. Some nameservers do not use ns1. but instead use simply ns. Regardless, of the format or how many you have, be sure to record all of them as they are important.

Your MySQL Database Information

WordPress MySQLYou will need this for two different purposes.
#1 In case you ever need to reenter it into your WordPress setup. You will need the database name, the database username, and the database password. Remember when you initially set up your website? If not, set up a test website to see what information is needed to confirm this.
#2 If you use a program to directly access your MySQL database tables. Personally, I use Navicat because I find that it is so much easier to use than PhpMyAdmin. Regardless, of which one you use, you will need to record your database name, database username, and your database password. With Navicat, I need to know the IP address of my server. You did record that earlier didn’t you? If not, now is the time to do it.

WordPress Login Information

Be sure to record your main WordPress admin login information – both username and password. You didn’t use “Admin” as your admin login ID did you? If you did, now is your chance to change that. Install UserName Changer from the WordPress repository and make that change NOW, before you take another step.

FTP Information

Next, record your FTP login information. This will include your hostname (, your username, and password. Also, be sure to note whether you use standard FTP or if you operate through SSH (SFTP) access. Finally, if you use any type of encryption instead of the plain FTP, be sure to make note of that as well.

WordPress Authentication Unique Keys and Salts

Remember that long string of numbers that you generated at WordPress’s Secret Key Service? Be sure to revisit your wp-config.php file and record that string as well.

WordPress Table Prefix

You did give your WordPress table a prefix other than “wp_” didn’t you? If so, be sure to record the table prefix here. If you didn’t, now is the time to make that change. Install the plugin – Change Table Prefix – from the WordPress Repository and make that change now. Record the new WordPress table prefix so you don’t forget it.

MX Records

WordPress EmailIf you are not hosting your own nameservers or if you are using another mail service, you should record your MX Record settings. This would be important to continue to send and receive email should your move your website or you suffer a catastrophe.

Mail Server Information

If you host your own mail server – such as Squirrel Mail or some other service – then record your online mail server access information. This should include your login ID and password, as well as the URL that you visit to access your email. If you have to designate a specific port to access your mailbox, be sure to record it as well.

Email Provider

If you forward your email to a Google or GMail account like I do, then you should also record your access information for that account.

Will I Ever Use This Information

Even if you are not planning to move your hosting to another server and you never have a catastrophic failure, you should maintain all this information so you can sleep better at night.

I work with a local radio station that covers high school football on Friday nights and streams their station online 24/7. One Friday afternoon, I got a call about 2:30PM saying that their website was inaccessible. After about 30 minutes of research, we discovered their their nameserver was down for their actual domain name (; however, their published domain was a simple redirect.

Since the domain registrar was unsure how long it would take to solve their nameserver issue, our quick solution was to remove the redirect, point the name servers to our server, and mirror their content on our server. Another potential solution was to just change the redirect to a sandbox domain on our server. Regardless, this quickly became a non-issue because they didn’t know their login information at their domain registrar and could not retrieve it by game time.

If this information had been readily available, we could have had them back up in under an hour with the redirect change and possibly even a couple of hours with a DNS change. Instead, the live stream was down for that game. For them, they lost listenership for that evening and potentially many weeks to come – all because they didn’t maintain some simple records.

I created a simple document with blanks for all this information. I fill in the information, save the document, print a hard copy and file it, and sleep well secure in the knowledge that my WordPress Disaster Recovery Plan is in place and kept up to date. We should all prepare our own plan and file it away in a safe place. The storm could come tonight.

I’d love to hear about your own WordPress Disaster Recovery Plan. Leave your comments below.

Photo Credits:
Alex //Berlin _ Alexander Stübner via photopin cc
gruntzooki via photopin cc
RambergMediaImages via photopin cc
Kevin Severud via photopin cc

14 Responses

    Shawn K. Hall

    If you haven’t looked at it yet, check out Roboform. I use this to manage several hundred wordpress sites’ login and other details, and it’s very cheap for what it’s able to do for you. That and regular off-server backups can get you back up and running in just a few minutes from anywhere.

      James Dunn

      Thanks for posting and reminding me of RoboForm Shawn. I haven’t used it in several years, but when I did, it was extremely useful. I’m sure they’ve added a ton of uses and functionality that I’m unaware of.

      Also, you are 100% correct. NEVER depend upon your hosting company’s backup – it could be a monthly back and due tomorrow. That doesn’t help you if your failure is today. Do your own backups, automated or manually, store them offsite, and make sure you can retrieve them. Also, if you use a backup tool, a good idea is to periodically do a “restore” on a sandbox domain just to make sure the backup and restore function is working properly. I just had an issue while moving a website where the file ownership got jacked. I’m still working through all of that issue.

      James Dunn

      Hey, thanks for sharing that Shawn. I’m a HUGE Amazon fan (S3, EC2, etc) but I’ve never heard of Glacier. I’ll definitely be checking it out and probably adding it to my collection.

      James Dunn

      Thanks for commenting and sharing this Ivica. I use LastPass myself and it has pulled me out a few times. Even if you find the free version not enough, their pricing (albeit a little high) is well worth it. O.K. so the paid version is $1 a month ($12 a year). Like I said, WELL WORTH IT. My only complaint with LastPass is that sometimes it can be a huge memory and resources hog. But, I just upgraded my laptop to 4GB and I’m seeing less issues with it now.

    Ejaz Siddiqui

    Very good advise James, apart from using LastPass
    1- I create a domainanme.tld.txt file for each domain I menage.
    2- My domain folder is placed in Dropbox.
    3- I use Dropbox on more than one computer.
    So, In plain words it is backed-up in cloud (with versions) as well as on different computers.

    Having said that I am looking more easier ways to quickly retrieve the required information.

      James Dunn

      Thanks for commenting Ejaz. Sounds like you have a plan all worked out here. I have not been putting my information on DropBox yet, but I am considering it. I have Gemma’s concerns about my sensitive data being compromised on DropBox (and AmazonS3 now – read my reply to Gemma). I am ALWAYS looking for easier ways to retrieve the data that I need. ;) So far, the manual method of recording it all, manually storing it, and manually retrieving it is the best I’ve found.

        Ejaz Siddiqui

        You are right James, Many time I think about this issue and trying to conclude that either encryption would be a good solution or having a physical paper file would be a better solutions as getting the required information anytime, anywhere is also one of the requirement which inclines me towards cloud based solution.

        Btw Evernote can also be used for this task.

    Gemma Weirs

    I typically save the information in a text file and then I keep it on Dropbox. But I don’t feel 100% safe with it being on Dropbox. How do I know a rogue employee won’t snoop? Or if a hacker somehow gets into the Dropbox servers and gains access to sensitive information?

      James Dunn

      I appreciate you commenting here Gemma. I had always kept my files in a bucket (that was not set to public) on AmazonS3 and felt very secure with it. UNTIL!!! I woke up about a month ago to an email in my inbox stating that Amazon had changed my email address associated with my account. Some cracker had managed to get my loginID and password from somewhere and changed my email address (and then my password). This cracker was just interested in my Amazon purchasing account (as evidenced by all the purchases he immediately started making – probably with stolen credit cards) and didn’t even realize that there was also an AmazonS3 account involved. Amazon’s response was initially lackluster (just create a new account) until I hit a supervisor. Their their response was stellar. But, it woke me up to the fact that my AmazonS3 accounts – while probably very well protected – could easily be compromised by a cracker just seeking to compromise my purchaseing account.

      Because of that, I am also looking for a way to encrypt the sensitive data that I store on AmazonS3 as well as Dropbox. PLUS, I still plan to keep a local backup copy of whatever is on AmazonS3. I’ve been researching, but I’ve not decided on anything or actually testing anything. However, Get Secret Sync looks very promising to me. Of course a Google search yields lots of other possibilities as well. Good luck in your search and I hope we both find something to protect our files and provide the comfort and security we seek.

Comments are closed.