OpenCart Security When Working with a New Contractor: All About Backups

Important: Always create a FULL BACKUP of the database and files before performing any work with a contractor, especially a new one.

When a new contractor connects to your OpenCart store, one of the most critical security measures is a reliable backup system. Backups act as your "insurance," allowing you to restore the store quickly in case of failures, hacks, or developer mistakes.

1. Why are backups necessary?

• Protection from human errors:
  Any changes to the code or database can lead to site instability or complete inaccessibility. A backup will allow you to roll back to a stable version quickly.
• Security in case of a hack:
  If the system is hacked and malicious modifications are made (e.g., scripts to steal data or file deletion), a backup will be the only reliable recovery point.
• Insurance for testing new functionality:
  Before installing new modules or making experimental changes to the database, creating a backup will allow you to revert quickly in case of issues.

2. Types of Backups

• Full Backup:
  – Includes all website files (OpenCart engine, themes, images, media files) and the database.
  – Typically created less frequently (e.g., weekly or monthly) due to the large storage space required.
• Differential Backup:
  – Saves only the files and data changed since the last full backup.
  – Helps save storage space and simplifies the restoration process.
• Incremental Backup:
  – Stores only changes made since the last backup (full or incremental).
  – Further reduces storage needs but can make the restoration process more complex since multiple backups need to be applied sequentially.

For most OpenCart projects, a combination of weekly full backups and daily incremental backups is ideal.

3. How to Organize Backups

• Using Plugins and Scripts:
  – Most hosting services offer automatic backups (may be paid on VPS/VDS plans). It's strongly recommended to use these tools.
  – There are OpenCart modules and PHP scripts for scheduled automated backups.
  – You can also create your own script using cron jobs to automate file and database backups.
• Manual Backups:
  – Sometimes, you may need to create an immediate backup before installing a module or making significant changes.
  – OpenCart provides a database export/import feature, but specialized tools like phpMyAdmin are recommended for reliability. Read more here.
• Backup Storage:
  – Do not store backups only on the same server where your site is hosted – a server failure or hack could result in the loss of both the site and the backup.
  – Use remote storage solutions like Google Drive, Dropbox, Yandex Disk, or separate servers in different data centers.
• Backup Encryption:
  – If your database contains sensitive user data, consider encrypting backups to prevent data leaks.

4. Recommended Frequency

• Backup Frequency:
  – Daily incremental backups: To protect against recent changes.
  – Weekly full backups: For a complete snapshot of the site and database.
• Retention Period:
  – Keep multiple backup versions from different periods (e.g., 7 daily backups for the current week, 4 weekly backups for the last month).
  – It is also recommended to keep at least one full yearly backup for historical and legal purposes.
• Old Backup Removal:
  – Automate the deletion of older backups once a certain threshold is reached.
  – This helps optimize storage without overloading your storage capacity.

5. Backups When Working with a New Contractor

• Backup Before Granting Access:
  Create a full backup (files + database) before providing access to a contractor. If anything goes wrong, you can restore the website quickly.
• Separate Testing Environment:
  Deploy a copy of your store in a test environment where the contractor can work without affecting the live website. Backup the test environment as well, so you can restore it if testing fails.
• Integrity Check:
  After the contractor completes the work, test the new functionality and compare it to the pre-change state. Restore from the backup if necessary and ensure backups restore without errors by performing periodic test restores.

6. Conclusion

• Automation:
  Ideally, backups should be automated to reduce human error risks.
• Notification System:
  Enable notifications (via email or messaging apps) to confirm backup success or report errors.
• Backup Testing:
  Simply creating backups is not enough; ensure they can be restored correctly with test restorations at least once a month.
• Version Control:
  If you use Git for code management, ensure other essential files like media and configuration files are also backed up, as Git does not cover databases.

Implementing a reliable backup system is a key security measure for your OpenCart store, especially when working with new contractors. Regular backups, integrity checks, and off-server storage ensure maximum protection for your business and data.

With a proper backup strategy, you can safeguard your online store, save resources, and reduce downtime, ensuring that your business operations continue smoothly, even in case of unexpected issues.