Category Archives: Backing Up WordPress

Don't Get Caught Without a Backup

5 Keys to a Good Website Backup Plan

Don’t Get Caught Without a Backup!

5 Things to Consider

When Making Your WordPress Backup Plan


• Database – The database contains your pages, posts, comments, users, categories, tags and links.
• Files  – The files contain your themes, media files and plugins.


• Your web hosting company
• A free WordPress plugin (such as UpDraftPlus).
• A premium WordPress plugin. I recommend VaultPress as it is easy, their support is excellent. It is made by Automattic – the same company that created WordPress, so there are no compatibility or update issues. They also store your backups as part of their service. Read more about VaultPress.
• A company or someone you hire to take care of your website (including backing it up), such as Ripple Web Design.
• Yourself


• Manual Backups
• Automated Backups
• Scheduled Backups


• Daily, weekly, monthly, etc.
• How long are the backups kept? (Ask me why this is important.)
(Does each backup replace a previous backup so that you only have one copy?)
• Before a WordPress Core and/or Plugin updates
• After you have made significant changes to the site


• on your computer
• on an external hard drive
• on the web host’s server
• on the server of the backup company (i.e. VaultPress server)
• in your email account
• online (or “cloud”) storage services (such as Google Drive, OneDrive, Dropbox, etc.) free or paid.

Download the Backup Planning sheet.

WordPress Security

WordPress Security

WordPress Security – Closing Those “Back Doors”

Some people consider the WordPress platform itself to be one big back door that provides access to hackers.  After all, it is Open Source with many people all over the world adding to it, improving it – and hacking it. The good news is that your WordPress website does not have to be added to the list of hacked sites, just because it’s a WordPress site.

While some hackers target WordPress, they do so for reasons that are important for all WordPress users to consider.

The very popularity of WordPress makes it attractive to hackers. Karol K, gathered the following information in his post, The Ultimate List of WordPress Statistics:

  • 50-60% is WordPress’ share of the global CMS market – making it the most popular CMS of them all. [8][2][15]
  • New York Observer, New York Post, TED, Thought Catalog, Williams, USA Today, CNN,,, National Post, Spotify, TechCrunch, CBS Local, NBC all use WordPress. [32]
  • Around 15,886,000 websites on the entire web use WordPress. [15]

If it is so popular and hackers like it, then why are people – and major companies, still using it?  Well, it is a secure platform (as secure as anything can be on the internet) when it is setup with security in mind and when it is maintained.

Many people, small companies included, decide to build a WordPress website because it is”free”.  And so it is – if you know what you are doing or if you have someone who can help you. When “free” is the motivator, these websites are not often set up properly; the infamous “admin” username is an example (see below).  Once they are set up, the “backend” of the website is often not maintained and so out-of-date WordPress versions and plugins invite hackers.

Another consequence of trying to set up an almost free website is choosing a Web Host that has the cheapest hosting plan.  There are several things to consider when choosing a web host and although price is important, it should not be the determining factor.

So let’s talk about the many strategies used to slam that “back door” shut.

  1. Start with your Web Host
  2. Consider your Hosting Plan and your business needs
  3. Install WordPress manually (or if you have already installed it, update the security of your WordPress installation.  For example, use secure usernames and passwords – not easy to guess like:  “admin” or “administrator”.)
  4. Use Security Plugins
  5. Update Plugins and WordPress version vigilantly
  6. Maintain your site – including deleting themes and plugins that you no longer need
  7. Backup your site (files & database) regularly to restore it if it does get hacked.
  8. Keep an “ear to the ground” in the world of WordPress and WordPress Security

If these things are out of your level of expertise, maybe someone could help you apply these strategies to your website. If not, you may need to roll up your sleeves and learn about it yourself.  WordPress is an Open Source software and the international online community is very supportive.  There are very likely local meetups and organizations in your area dedicated to supporting WordPress users including those just starting.

If that just seems too daunting either on a technological level or time commitment, you may need to pay someone to maintain your site and keep it safe.  Although WordPress is free for some, it will not be free for all to maintain.  You might get lucky, and never be hacked.  However, you can decrease your chances of being hacked by using sound security strategies.

For more details on the strategies listed above, search the internet, join a WordPress group, or follow this topic thread in our  newsletter as we go through those strategies in more detail.





Backing Up Your WordPress Site – Before You Start

Why Backup?

Ultimately, backing up your site will provide you with peace of mind and likely save you hours of time spent recreating part of a site or a whole site that has been hacked, crashed or compromised in some way.

WordPress is an online Content Management System which means that you access it online – it is not stored on your computer.  It is stored with your Web Hosting Provider, on their server.

A WordPress site is made up of files and a database.  Themes, media files and plugins are stored in the files whereas posts, pages, comments, users, categories, tags and links are stored in the database.  If you back up the files, you have only done part of the job and you will not be able to fully restore your site – especially your blog.

Any changes to the content are saved when you Publish or Update posts and pages.  You can also add or delete media files in the media library.  When you create or edit a page, you may have noticed the Revisions link (beside the clock icon) under the Publish section on the right side of the page. This does allow you to revert to previous versions of your page content but it is limited.  If your site is hacked or compromised, or you accidentally delete a page or a post, this function will not help.  Or maybe you are the adventurous type and want to modify some of the .php files or the .css and you crash your own site.

In January 2017, WordPress sites made up 27.4% [1] of the web sites on the internet.  Unfortunately, this has attracted the attention of hackers.  There are many preventative measures WordPress users can take, but having a good backup goes a long way in providing peace of mind.

Before You Start

With anything related the internet, there always seems to be a few necessary steps to complete BEFORE the thing I set out to do. I find myself sidetracked on little adventures that run parallel to my original purpose.  If I want to set up a Social Media account, for example, I find myself suddenly racking my brain to remember people in high school that I might want to “connect with”, or sifting through Hollywood to decide who are indeed my 5 favourite famous people.

Fortunately, backing up your WordPress site does not take you that far off course, but there are some things you should consider before you start:

  • storage space
  • backup method and tools
  • what to backup
  • how frequently

By establishing these parameters, you will be better prepared for the backup process.


You can build a small, light site or a heavier site with a lot of images, video and/or photo galleries.  WordPress recommends that your Web Host provides a minimum of 512 MB (0.5 GB).  There are several places WordPress sites can be stored, each having varying degrees of security and storage space.

Cloud Storage

WordPress can be stored: on your computer, on the server, in your email account, with free or paid online (or “cloud”) storage services (such as Google Drive, OneDrive or Dropbox). Some of the paid services have free trial or starter accounts. Usually the “free” storage services have paid upgrades for increasing your storage. Dropbox however, has a few fairly painless ways to “earn” increased storage.  Often if you purchase a backup plugin, it will come with a small amount of free storage with a paid storage service.  If you are interested in free storage, read Jason Cipriani’s article:  How to Get the Most Free Online Storage.

At the very minimum, you should have your website backed-up in two places.  For example on your server (your Web Host) and on your computer’s hard drive.  If something happens to your web site on the server (and if they only keep daily backups), you may need to retrieve a copy of your site from somewhere else in order to restore it.

Email Account Storage

Storing your site in your email account is one of the easiest places, but not the most secure, depending on your email account and provider.  Also, if you are going to schedule regular backups, you may run out of space, depending again on your email account.

Back Up Methods and Tools

These are some of the most common methods for backing up WordPress sites:

  • Manual Backups via c-Panel and FTP
  • Plugins (VaultPressBackup Buddy, or UpDraftPlus, etc.)
  • Web Host Supported Back Ups that your web host provides (i.e. Host Gator Manual Full Backup & Restore)

If you have your web site hosted by Host Gator, you can manually save the backup in your home directory, then access it through your c-Panel and download it to your computer.  Follow these steps as posted on the Host Gator site.  It is important to note that this is a manual backup and cannot be scheduled.

If you have your web site hosted by WebNames, you can manually save the backup in your home directory, then access it through your c-Panel and download it to your computer.  Follow these steps .  It is important to note that this is a manual backup and cannot be scheduled.

What Should I Back Up?

A full backup includes your database and all of your files.  If you are backing up manually, first back up the database using your Web Host’s c-Panel. Then backup your files.  If you are using an ftp (a file transfer protocol program such as Filezilla) to back up your files, you should back up the following:

  • wpconfig.php file
  • ht.access file (if your site has one)
  • wp-content folder

The files for plugins are usually in the wp-content folder, but if there are any outside this folder, I add them – especially if I have something like an events calendar and I have spent a lot of time entering information.

How Often Should I Back Up?

Of course, this is up to you.  However, consider how you would feel if, at this very minute, your site crashed or was hacked.

The general consensus is that the database should be backed up in at least 3 places daily and that the files should be backed up in at least 3 places weekly. However it is a good idea to back up immediately if you have just spent a lot of time updating or making big changes to your site or if your site starts acting strangely (hopefully its not too late).

Check out the site for further information about backing up WordPress.