What a Full WordPress Backup Includes (Files vs. Database)

In the world of website management, the most frequent, urgent, and non-negotiable piece of advice is: Always have a recent, complete backup.

A backup is more than just a safety net against accidental deletion or a catastrophic plugin update; it’s your definitive insurance policy against hackers, server failures, human errors, and the relentless march of digital decay. Without a reliable backup, a single technical glitch can instantly erase years of work, thousands of pages of content, and the entire history of your business.

Yet, many website owners, particularly those managing WordPress sites, misunderstand what a “full backup” truly entails. A WordPress website is not a single entity; it is a complex organism composed of two fundamentally distinct, yet interdependent, halves: the Files and the Database. Backing up one without the other is like saving half a photo—it’s useless for restoration.

This comprehensive guide will demystify the structure of a complete WordPress website, explain the critical difference between the Files and the Database, detail exactly what is contained within each component, and provide a clear framework for ensuring your backup strategy is truly complete, secure, and ready for any emergency.

The Anatomy of a WordPress Site: Two Essential Halves

To understand a full backup, you must first understand the two core components that make up a functional WordPress installation.

A. The Files (The Structure and Appearance)

The “Files” are everything you can physically see and access via your hosting’s File Manager or an FTP (File Transfer Protocol) client. They are the fixed software, the design structure, the media assets, and the unique configuration settings that tell your site how to look and function.

B. The Database (The Content and Intelligence)

The “Database,” specifically a MySQL database, is the dynamic engine of the site. It is an organized, structured collection of tables where all the changeable, user-generated, and core settings are stored. It dictates what the Files should display.

Analogy: If your WordPress site were a modern house:

• The Files would be the blueprints, the walls, the windows, the plumbing, and the furniture (the permanent structure).
• The Database would be the changing contents: the clothes in the closet, the food in the fridge, the notes on the counter, and the address book (the dynamic information).

To rebuild the house, you need both the blueprints and the contents.

What the “Files” Component Includes (The wp-content Folder)

The WordPress files typically reside in your hosting account’s root directory (often public_html). While a full backup technically includes the entire directory, three sub-directories and three core files are absolutely vital.

1. The Core WordPress Installation Files (The Engine)

These are the foundational scripts that make WordPress work.

• Included Folders: wp-admin and wp-includes.
• What it is: These folders contain the hundreds of PHP files, libraries, and scripts written and maintained by the WordPress core development team. They handle everything from the admin dashboard functionality to the ability to load a webpage. You rarely need to interact with these, but they are essential.

2. The wp-content Folder (The Unique Fingerprint)

This is the most critical folder to back up, as it contains all the unique elements that make your site your site.

• Themes Folder: The code, templates, and style sheets for your active and inactive themes. This is what controls your site’s design.
• Plugins Folder: All installed plugin files. This controls your site’s functionality (SEO, contact forms, e-commerce features, caching, security).
• Uploads Folder: This is where all your media lives. Every image, video, PDF, and audio file you have ever uploaded via the WordPress Media Library is stored here. This folder is often the largest part of the backup.
• Other Folders: May include custom directories created by certain plugins (e.g., cache folders, security logs, specialized data).

3. Key Root Files (The Configuration and Security)

These files, located in the root of your WordPress installation, contain vital configuration data that links the Files to the Database.

• wp-config.php: This file is the bridge. It contains the most sensitive information: your database name, database username, database password, and unique security keys (salts). Without this file, the Files cannot connect to the Database.
• .htaccess: The configuration file for Apache servers (most common). It handles permalink structure, redirects, caching rules, and basic access control (security).
• index.php: The master file that tells the web server where to start processing the WordPress site.

What the “Database” Component Includes (The wp_ Tables)

The database is an organized collection of tables that stores all the dynamic and content-related information. A full backup of the database ensures all your hard work is preserved.

1. The Core Content Tables

These tables store all the public-facing content that you write.

• wp_posts: The single most important table. It stores all content types, including pages, blog posts, images (as entries in the media library), revisions, navigation menu items, and custom post types (like “Products” in WooCommerce or “Testimonials”).
• wp_postmeta: Stores extra, specific data related to the items in the wp_posts table (e.g., custom fields, SEO titles/descriptions, and product prices/SKUs).

2. The User and Settings Tables

These tables store critical administrative and relationship data.

• wp_users: Contains all registered user accounts (admin, editor, customer, etc.) and their basic information (name, email).
• wp_usermeta: Stores detailed information about each user (e.g., user capabilities, user preferences, billing address data, and email subscription status).
• wp_options: Stores the primary configuration settings for the entire site, including:
  • Site URL and title.
  • Active theme and plugin settings.
  • Reading, writing, and discussion settings.

3. WooCommerce and E-commerce Tables

For an e-commerce site, these tables are mission-critical. They are usually added by the WooCommerce plugin.

• wp_woocommerce_sessions: Handles user sessions and shopping cart data.
• wp_orders / wp_order_items: Crucially, these tables store all your transaction history, customer names, shipping details, and order statuses. Losing this data means losing your entire sales history.
• wp_termmeta / wp_terms: Stores product categories, tags, and custom taxonomies.

The Incompleteness of Partial Backups

Understanding the duality of the Files and Database reveals the flaw in common, partial backup strategies.

Mistake 1: Backing Up Only the Files

• What you have: The website structure, design, plugins, and images.
• What you lack: All blog posts, page text, product descriptions, user accounts, and sales history.
• Result: You can install WordPress and upload the files, but your site will load as an empty shell with no content. The design will be there, but the body will be missing.

Mistake 2: Backing Up Only the Database

• What you have: All your content, user lists, and order history.
• What you lack: The core WordPress software, the theme files, the plugin files, and all uploaded images/media.
• Result: You have all the text data, but you have no software to run it, no design to display it, and none of the image files (only the database entries referencing the images).

A truly complete, restorable backup must contain a timestamped snapshot of the Files (including wp-content) and the Database, taken at the exact same time.

Strategic Considerations for a Bulletproof Backup Plan

A comprehensive backup strategy goes beyond simply creating the files; it involves storage, testing, and automation.

1. Automation is Key: The “Set and Forget” Principle

Manual backups are unreliable. You will inevitably forget to run one before a critical update.

• Solution: Use a dedicated, reliable backup plugin (like UpdraftPlus, Duplicator, or BackupBuddy) or rely on your managed host’s automated daily backups. Ensure backups are scheduled daily or at least every 24 hours, especially for active e-commerce or publishing sites.

2. The 3-2-1 Backup Rule

This rule, adapted from IT industry standards, ensures redundancy:

• 3 Copies: Maintain three copies of your data (the live site, the local/server copy, and the remote copy).
• 2 Different Media: Store backups on at least two different types of storage (e.g., your local computer and a cloud service).
• 1 Offsite Copy: At least one copy must be stored offsite (the most crucial step). This protects you if your main server hosting company suffers a catastrophic failure.

3. Verify Offsite Storage (The Final Safety Layer)

Storing backups on the same server as your live site offers zero protection against a total server failure or a full-site hack that deletes everything.

• Solution: Automatically sync your backups to a secure, remote location like Google Drive, Dropbox, Amazon S3, or an external SFTP server.

4. Test the Restoration Process

The final, often-skipped step. A backup is useless if it cannot be restored.

• Action: At least once every six months, practice restoring your backup to a staging site or a local development environment. This confirms that the two components—the files and the database—synchronize correctly, giving you confidence that your insurance policy is valid when disaster strikes.

By treating your WordPress site as the dual entity it is—a structural set of Files bound to a content-rich Database—you can move from hoping your backups work to knowing they do, securing the future of your online business.