Foundation
Archiving and compression are the building blocks of reliable backups on a Linux VPS. For WordPress, you are usually trying to produce a portable bundle you can validate, store off-host, and restore quickly under pressure.
taris the default archiver for directories; it preserves paths and Unix metadata well.gzip/zstd/xzcompress single files (SQL dumps and logs are the common targets).- For most WordPress file backups,
tar.zst(ortar.gz) is the balanced default. - Always verify archives and do restore drills to a staging directory.
What you need to back up for WordPress
Most WordPress restores require two independent artifacts:
- Files
- Your WordPress docroot (or at minimum
wp-content/). - Configuration you cannot regenerate (for example,
wp-config.php).
- Database
- A SQL dump from MySQL/MariaDB.
WordPress backup = files + database dump
files: wp-content/ (uploads/plugins/themes) + config
db: mysqldump (SQL)
Archive vs compression
- Archiving = combining many files/directories into a single file.
- Compression = reducing size (trade-offs: CPU, time, decompression speed).
many files -> tar -> archive.tar -> zstd -> archive.tar.zst
single file -> gzip/zstd/xz -> db.sql.gz / db.sql.zst / db.sql.xz
Choosing formats (practical defaults)
Use these as a starting point:
| Scenario | Good default | Why |
|---|---|---|
| Daily file backups | tar.zst or tar.gz | Good size/speed, easy restore |
| Database dumps | db.sql.zst or db.sql.gz | Simple, streamable, fast |
| Maximum compression (cold storage) | tar.xz or .7z | Smallest size, slowest |
| Cross-platform sharing | .zip | Works smoothly on Windows/macOS |
| Encrypted archives at rest | .7z (or gpg on tarballs) | Built-in encryption and optional splitting |
If you care about Unix ownership/permissions, prefer tar-based backups. Formats like .zip are excellent for portability, but they are not the most faithful representation of Linux file metadata.
Naming, placement, and retention
Keep backups predictable:
- Directory:
/backups/or/var/backups/(or a mounted volume). - Naming: include date and what it contains.
wp-files-2026-03-01.tar.zst
wp-db-2026-03-01.sql.zst
wp-full-2026-03-01.tar.gz
Retention is policy, not tooling. A common starting point:
- 7 daily
- 4 weekly
- 3 monthly
Verification and restore drills
Verification is what turns "I have backups" into "I can restore":
- List the contents (does it include what you think it includes?).
- Test the compressed layer (does it decompress?).
- Extract to a clean directory and spot-check key files.
Extraction can overwrite files. Always restore into an empty directory first (for example /tmp/restore-test/). Only copy into place after validation.
Quick lab
This lab demonstrates the shape of a backup/verify cycle using tar.gz and gzip.
Create a backup directory:
sudo mkdir -p /backups
Archive WordPress files with sensible excludes:
sudo tar -C /var/www/html \
--exclude='wp-content/cache' \
--exclude='wp-content/*/cache' \
-czvf "/backups/wp-files-$(date +%F).tar.gz" \
.
Dump and compress the database (adjust credentials and DB name):
mysqldump --single-transaction -u DB_USER -p DB_NAME \
| gzip > "/backups/wp-db-$(date +%F).sql.gz"
Verify both artifacts:
tar -tzf "/backups/wp-files-$(date +%F).tar.gz" >/dev/null
gzip -t "/backups/wp-db-$(date +%F).sql.gz"
Restore drill (extract to staging path):
sudo rm -rf /tmp/restore-test
sudo mkdir -p /tmp/restore-test
sudo tar -xzf "/backups/wp-files-$(date +%F).tar.gz" -C /tmp/restore-test
Cheat sheet
| Task | Command |
|---|---|
Create tar.gz (directory) | tar -C /path -czvf out.tar.gz . |
List tar.gz contents | tar -tzf out.tar.gz |
Extract tar.gz to target | tar -xzf out.tar.gz -C /tmp/restore-test |
| Compress a single file | gzip file.sql |
| Decompress to stdout | gunzip -c file.sql.gz > file.sql |
Mini quiz
-
Why is
tarused before compression for directory backups? -
What is the risk of extracting an archive directly into
/var/www/html? -
When is
.zipa better choice than.tar.gz? -
What is the minimum restore test you should do after creating a backup?