Script-based backup of WordPress
Last week Jesper Åström had his WordPress website infected by the adsttnmq1 hosting provider exploit. It’s similar to the gumblar exploit and takes advantage of holes in the hosting provider’s management platform – such as cPanel or H-Sphere. I’d say that if this affects you at your hosting provider, change host as soon as you can.
Anyway, Jesper having this problem reminded me that I needed to set up some kind of automated backup routine for this beta blog. So I took this backup script from Hackrunner and tweaked it to work with Binero (who I use to host this blog). This script will also work for any MySQL-based site with SSH access.
Annoyingly even though Binero provide SSH access, they don’t offer SSH key authorisation, which means I’ve had to resort to using a dirty solution in order to get the backups down to my local server. I’ve used sshpass in order to get rsync and ssh to work from the crontab script. It’s not a huge security problem for me as I’m the only user of my server. But if you have a server with multiple users, then I wouldn’t recommend using sshpass in this way.