Backing up and restoring WordPress websites is easy, if you know what tools to use. Using the right plugins, you can skip a lot of restoral steps like having to create a database in myPHP or other. If you’ve worked on websites before WordPress, you’re likely familiar with the old school method of using FTP to backup and restore your website. With WordPress, it’s now been made a lot easier; many WordPress users might never have to use FTP for anything.
It’s important to backup your website. I like to back mine up at least once a month. This of course becomes more a challenge when you have more then one website. There are many options out there. If you don’t want to manage backups yourself, many webhost providers now can help you out with Managed WordPress plans. They do the backups for you, as well as the updates, so you don’t have to worry about much. If you don’t have Managed WordPress hosting, you can automate the backups yourself in some cases as well, depending upon who you’re hosted with and what kind of options are provided.
With all of that being said, personally the easiest option I have found to backup and restore WordPress websites is via using Updraft. Updraft backs up your website in 5 files: plugins, uploads, others, database and themes. It’s rather straightforward to understand what each file does. You can generally even be missing one or more of these files, but the file that you never want to lose is the database file. Without this file, you’re sunk in terms of a restore.
Why should I backup my WordPress website?
There are many reasons why you should backup your WordPress website often, and protect it from being hacked or defaced using another plugin like Limit Login Attempts. The Limit Login Attempts plugin does what it sounds like, it stops people from trying to repeatedly login to your wp-admin area and use brute force attacks to get in. This plugin will block IPs that attempt to login too many times, for a temporary period.
Why would anyone want to hack my website?
Whether your website is active, inactive, has traffic or is a recently new startup, people are always trying to hack. Because WordPress is a well known CMS (and this can happen to any CMS really, not specifically WordPress), hackers will try to exploit known vulnerabilities. They do this with all platforms, whether it’s WordPress or someone running a mail server at home, etc. Hackers have a number of objectives they try to hit, and it depends on the hacker or the hacking group involved, in terms of why they’re hacking you. Often you may just happen to have a certain vulnerability that they’re looking for. It does not matter who you are, or what your website does; you just happen to have that specific vulnerability and they get in.
Hackers will often just try to break any website, it often does not matter what they get into, as long as they’re making some progress. They might run the same attack on 2 million websites over the course of a month or two, and just try to break into as many as they can. They might be doing this to try and find other vulnerabilities. For example, they might try to hack a website that uses E-commerce tools, in an attempt to obtain credit card details or intercept transactions. A hacker may not care about financial objectives at all; they may simply be trying to deface websites and put their logo or brand on it, to raise awareness of their group. They might have a message they’re trying to spread.
Long story short, we don’t care about the objectives of hackers. What’s important is to protect your website. There are two ways to protect yourself and ensure you’re safe if this does happen to you:
- Being ready in case you’re hacked and/or defaced. To be ready, you want to ensure you backup your website often. Make sure you know how to restore your website, too. I recommend using Updraft. You can use other plugins or other methods, but again: make sure you know how to restore your website.
- Attempting to prevent your WordPress site from being hacked or defaced. As I’ve mentioned, plugins like Limit Login Attempts will temporarily block users who are trying to access wp-admin over and over. There are other security plugins too, like Word Fence.
Once your website is defaced or other, if you don’t have a backup of your website, you may be sunk. The first thing to do is try to get into the wp-admin website login area. In most cases, if your website has been hacked or defaced, you likely won’t be able to get into this area. In order to restore your website, you’ll likely have to completely delete the wordpress instance, and then create a new one with a new database. Once you do that, you can then re-install Updraft and run a restore. As long as you have a backup, restore that backup and you’re off to the races. Try to figure out how your website was hacked and protect against it in the future. Using a plugin like Limit Login Attempts, as I mentioned earlier in the article, is an excellent way to keep an eye on any brute force attackers or script kiddies trying to knock on your door.
Setting up automatic backups using Updraft
Updraft is a really nice and easy to use WordPress plugin. I use it for all of my WordPress websites. Even better, is to set up automated backups using Updraft. You don’t need a premium version of Updraft to use this feature either. You can do all of it with the Updraft free plugin.
To get started, install Updraft if you haven’t already. It’s one of the first plugins I install with any new website.
- Login to your WordPress wp-admin area (yoursite.com/wp-admin), then go to the plugins area.
- Click on Add New
3. Search for Updraft
4. Click on Install. In this picture you see update because I’ve already got it installed.
5. Once installed, click Activate.
6. Log back into WordPress and click on Plugins.
7. Under Updraft, click on Settings