Secure Off-Site Backups?
Posted 01 November 2013 - 07:51 PM
With backupbuddy, am I able to delete archived backups sent to backupbuddy stash, Amazon S3, dropbox etc?
I'm looking for a solution where that's not possible and my backups remain secure even if a hacker has full access to my wordpress dashboard.
Posted 02 November 2013 - 04:58 PM
Thanks for your enquiry concerning BackupBuddy.
For your requirements you could have your backups transfer to Dropbox and then have your Dropbox synced to another computer (let's say for example you might have an "always on" machine on your home or business network) and you will of course have that being backed up to some external disk (e.g., perhaps you have a Mac that fulfils that role and use Time Machine for backups). Then you will always have a copy of your backups somewhere. You might call this a "no cost" option if you already have the setup for this.
But otherwise Amazon S3 is a very good way to go - make use of IAM to create a specific user and create a user policy (for example) that determines what that user can do in relation to specific buckets and resources. This at a minimum allows you to tightly control what that specific user has access to and then you can also do things like deny the ability to delete. Even if you allow the user to delete there are other options you could look at such as using S3 rules to move your backups to longer-term storage (Glacier) which would prevent deletion (but it does also take longer to retrieve them and you cannot get at them through BackupBuddy) or perhaps versioning which means that a file is never truly deleted (although you might want to consider any cost implications of that - S3 is relatively cheap but if you permanently keep a lot of large backups then you'll need to factor that into your consideration). You can read about IAM, User/Group Policies, Glacier, Versioning, etc. in the online Amazon documentation.
And for database only backups always consider sending to an email destination unless the resultant compressed database backup is very large (email systems can start to object to attachments from maybe 10MB upwards but you may get away with anything up to 25MB which as a compressed size can actually represent quite a large actual database).
"Everything will be all right in the end. If it isn't all right yet then it isn't the end."