Hello,
I consult for a company that manages multiple WordPress sites and uses Updraft Plus for backups.
Recently, one of their sites was hacked, so they're taking further measures to lock down their sites. One of the recommendations someone has made to them is to backup the sites to a removal drive monthly and to disconnect that storage after each backup to prevent a backup of a hacked site from spreading to other sites.
I can't imagine how a hack designed to run via an HTTP request could do so when stored in a .ZIP archive on storage that isn't running a webserver. But I see new things every day so I'm open to being wrong. 🙂
Has anyone heard of this practice? The challenge for us is that they're fully remote, so there is no convenient common location to store a NAS that gets connected/disconnected periodically.
Thanks! D
Usually backups are best if they’re on a different server entirely. You could download the whole site and store monthly backups on an AWS S3 bucket which is going to be much cheaper and more convenient than one person with an external HDD that can be lost, broken, etc.