Anyone who has had a blog hacked or files/database corrupted, knows the horrible feeling in your gut and the awful mess trying to recover.
To solve this I have found a great way to make sure you don’t end up in a bad situation.
The 2 WordPress Plugins
1. WP-DB-Backup – Allows you easily to backup your core WordPress database tables. You may also backup other tables in the same database.
2. WordPress Backup – Backup the upload directory (images), current theme directory, and plugins directory to a zip file. Zip files optionally sent to email.
The first plugin backs up your database. The second, backs up the files that are added to your particular WordPress installation.
Use a Gmail account for storage
Get a Gmail account. I created a special backup account to use for all my client’s sites. You could use an existing one. If using an existing one, create a filter to archive emails that have 
“WordPress Backup” in the subject line and an attachment.
Set both plugins to automatically email a backup at a certain interval. I set mine for a week but you may want more often. With Gmail’s 7gb+ storage capacity, space isn’t an issue. Every few months delete the old backups. (Know a way to do this automatically?)
Update: Nathan suggests in the comments: “you could create a filter that moves these backups directly to the trash. They’ll be auto-deleted after 30 days. It’s not a huge window, but it would suffice for a basic backup strategy.”
Update 2: Lifehacker says: “I send my backups to my spam folder. Since items in the spam folder automatically delete after 30 days, I always have 30 days worth of backups quietly tucked away in my Gmail account.”
This is useless if you don’t know how to restore your site if it fails. Use PHPMyAdmin to restore the database. (or use the wp-phpmyadmin plugin) The WordPress files reside in the wp-content folder, it is simple FTP work to restore them. It is a good idea to know how to do this before you have to figure it out in an emergency. You may want to create a dummy WordPress install in a subdirectory and try restoring after deleting some of the database and wp-content folder.
Have a WordPress backup story to share? Got a different way? Sound off in the comments!
Nathan Peretic says
July 9, 2009 at 1:25 pmBlake,
I’m not aware of any way to filter messages in Gmail based on age (whether by date or by messages received since), but you could create a filter that moves these backups directly to the trash. They’ll be auto-deleted after 30 days. It’s not a huge window, but it would suffice for a basic backup strategy.
Rich says
December 16, 2009 at 1:22 pmUmm question. Wouldn’t there be problems for sending file attachments to gmail over 25 mb?? I’d figure within a month of writing blogs with images, (or a couple of months) it would fill up the file size limit! Any advice to that?
Blake Imeson says
December 25, 2009 at 12:15 pm@Rich good question – I have found that 25mb limit to be plenty for most sites. Especially when it is gz compressed. Most of mine aren’t much more than a few megabytes. Those plugins will also save a copy of the db on the server where you can access it via FTP.
I actually just came across another way of doing this with a Cron job and a script. You still have the email size limit though.
Lee says
October 26, 2011 at 3:50 pmHi Blake,
I just found your site after Googling for a way to get my site back after it has been hijacked by terrorists! Yoiu wouldn’t believe it, would you??
Seems the same idiots got you too. How did you rectify it, if you don’t mind?
The main WP files all seem to be ok, just the index docs that have been affected. Same experience your end?
Kind regards.
Blake Imeson says
October 26, 2011 at 3:58 pmI usually just download a fresh install of WordPress, upload and overwrite everything but wp-config.php and the wp-content folder. Then if the theme has been compromised I hopefully have a backup of it and can just upload and overwrite.
Does that answer the question?