Disaster Recovery Plan for Wordpress Site (ISSI)

I just practiced recovering the ISSI wordpress site, so I wrote down all the steps. Hopefully, we'll never need to use these.

Backup strategy

• daily backups to an AWS S3 bucket (RPO of 24 hours)
• all site data (database, themes, plugins, misc) are backed up
• the backups cannot be deleted or overwritten in S3
• old data deleted after 35 days

Initial Setup:

1. Create an S3 bucket (e.g. s3://issi-backup)
2. In the bucket properties, enable bucket versioning. If the site is compromised, the existing backup data cannot be overwritten.
3. In AWS IAM, create a user (e.g. issi)
4. For the IAM user, add an inline permission policy that allows PutObject, ListBucket, and GetObject (NOT DeleteObject)

{
        "Version": "2012-10-17",
        "Statement": [
                {
                        "Sid": "VisualEditor0",
                        "Effect": "Allow",
                        "Action": [
                                "s3:PutObject",
                                "s3:ListBucket",
                                "s3:GetObject"
                        ],
                        "Resource": [
                                "arn:aws:s3:::issi-backup",
                                "arn:aws:s3:::issi-backup/*"
                        ]
                }
        ]
}

5. In the IAM user security credentials, create and save an access key.
6. In the Wordpress admin panel, install the UpdraftPlus plugin.
7. In UpdraftPlus settings, configure daily backups.
8. Important Include these options at a minimum.
9. Configure offsite backup to the S3 bucket created earlier. Add a prefix (e.g. s3://issi-backup/updraft)
10. Back in the AWS S3 bucket console, under the Management tab, add a lifecycle rule to delete objects with the updraft prefix after 35 days.

Recovery strategy

1. Create a new Wordpress site

• Another Dreamhost is probably best.
• I used AWS Lightsail when I practiced recovering the site, and it worked really well.

2. In the new Wordpress admin panel, install the UpdraftPlus plugin.
3. Download the backup files from S3.
4. In Updraft, under Backup\Restore, upload the backup files.
5. Restore the files
6. Re-login to the site and verify that everything is working.
7. Fix the DNS A record in the Dreamhost DNS panel to point to the new site IP address.

On my practice run, I completed all the recovery steps (except for changing the DNS record) in about 30min.