|
The ZenCart Backup MySQL Plugin (or module) can be downloaded and installed into your ZenCart site from the link. The plugin may not work for all web hosts, but when it does, it makes backup a snap directly from your ZenCart admin control panel. After installation, it is recommended that you apply the .htaccess file to prevent public access to the backup file as described below. Since the database is the heart and soul of your store, it is recommended that you backup your ZenCart database every so often (depending on how heavy your customer load are). Because if that database gets corrupted due to software bugs, hardware failures, or hackers, you would loose all your product information, customer information, and transaction data. Typically, you would have to use your webhost's backup utility or phpMyAdmin to backup your ZenCart database. Because this can be a pain to do (or if store owners don't know how to do this), backups never get performed. This backup plugin makes backup easy so that it gets done. Here is how you would use this plugin... 1. Once the plugin is installed, you can backup the database by logging into the ZenCart admin control panel -> Tools -> Database Backup MySQL.
|
Chapter 9 of this book shows you how to backup ZenCart using phpMyAdmin, the ZenCart Backup plugin, and cpanel. |
2. Click the "Backup" button
3. Select a compression option and click Backup. Note, if your webhost does not have GZIP available, you will not see that option. In that case, just select No Compression.
4. Look for a successful backup...
See that in the above picture, we have a backup file db_zencart-20070927210856.sql.gz created on 9/27/2007 at 21:08:57 located at /home/yourdomain/public_html/catalog/admin/backups/ directory on your webhost.
5. If you ever need to restore that particular backup, just select the backup file and click the restore button. Alternatively, developers can uncompress that backup file and reimport to database via phpMyAdmin.
It is recommended that you use the .htaccess file to prevent public access to the backup file as described below. Use of the Database Backup Module to do your backup is considered safe when the .htaccess file is used correctly. Below are some technical information about the security of their backup files.
Note that the backup file for example db_zencart-20070927210856.sql.gz will be written to the file server in the
backup directory indicated in the above screen shots. Typically, it is deposited in
public_html/admin/backups. This is a publicly accessible folder. Hence if you navigate to the correct path and filename in your web browser, the backup file can be retrieved and saved to your hard disk. The drawback is that anybody with the knowledge of the full file name (db_zencart-20070927210856.sql.gz for example) and the path of your admin folder (admin for example) can retrieve the backup file and hence access to everything in your database. They would have to guess correctly the 14 digit number that is in the filename. Even though this number is based on the timestamp of when the backup took place, it is not an easy task to get this number. As suggested by ZenCart's best practices, you should always rename your "admin" folder to another name that only you know. If you had done that, then hackers will not know your admin path to access the backup file.
If there is concern of this, you can remove the backup file off of the webserver as soon as you generate it. Or checkmark the option "download without storing on server".
The recommended technical solution to prevent public access to the database file is to put the following in the .htaccess file in the backup directory...
<Files *>
Order Deny,Allow
Deny from all
</Files>
Then the files in the backup directory can not be accessed via the browser.
Another point as noted by the backup utility in red letters that says "Any downloads you do from this page will not be encrypted. Doing backup and restore will be fine, but download/upload of files from/to the server presents a security risk." (see above screen shot). This security risk is true in general whenever you transfer any file from the web server to your local disk. So it is not particular to this backup module. See "Internet Transmissions are often unencrypted".
If you retreive the database file via the browser or if you retrieve the file via regular FTP or if you retreive the file using your webhost's utilities where their URL is "http" instead of "https", then that data is transmitted in unencrypted form. Difference between http and https ยป
In order to retrieve the file in encrypted form, you can purchase and apply a SSL certificate on your webhost or use secured FTP.
