If you are serious about your website, you need to follow WordPress security best practices. As a website owner, there is a lot you can do to improve the security of your WordPress website (even if you are not technically savvy). If your website is a business, you need to pay special attention to WordPress security. Just as it is a business owner’s responsibility to protect their physical business building, it is your responsibility as an online business owner to protect your website. A hacked WordPress website can cause serious damage to your business income and reputation. Hackers can steal user data and passwords, install malware, and even distribute malware to your users.
The worst part, however, is that you may have to pay ransom to the hackers just to regain access to your website… if you do not have a reliable and working full backup of your website stored safely in various locations.
What is a website backup?
Why are backups so important in general?
A full backup copy is a copy of data made for security purposes in case the original data is damaged or lost. The data can be (your) files and / or applications. There are a number of unforeseen situations in which the presence of a backup can enable or facilitate the return of the system to its original (correct) state. Some of these situations are:
- User error: deleting something that should not be deleted at all.
- Software error: data update error, e.g. website crash after updating plugins/theme/WordPress
- Malicious activity: hackers, viruses, malware, etc.
- Server crash or failure: backups ensure that all your current data remains unaffected by server failures
- Hosting backups: they are not enough (for example, if you forgot to pay a hosting bill).
Backups are your first defense against any WordPress attack. Remember that nothing is 100% secure. If government websites can be hacked, so can yours. With backups, you can quickly restore your WordPress website if something bad happens. There are many free and paid WordPress security plugins you can use. The most important thing to remember about backups is that you need to regularly back up your entire website to a remote location (not on your hosting account) such as a cloud server, a local machine or a removable disk or drive. We recommend that you store it on a cloud service like Amazon, Dropbox, Gdrive, OneDrive, pCloud, etc. Depending on how often you update your website, one backup per day would be the ideal setting.
Features that WordPress backup plugins should have:
- User-friendly experience
- Independent and offsite storage
- Scheduled and on-demand backups
- Multiple backups
- Easy restore or recovery
- Incremental backups
- Testing backups
- Website staging
- Website migration
- Real-time backups for WooCommerce
Types of WordPress backups
- Manual backups
- Automated backups (from your hosting provider)
- Automated and manual backups using plugins
Ad 1) Manual backups
You need to backup the files and the database. Let us start with the files first. First, you need to log into the cPanel of your web hosting account. Then navigate to the File manager and you will see a panel similar to Windows Explorer. On the left side, find the folder named “public_html” and expand it with a “+” at the beginning of its name. Next, find the folder with the name of your website, which you can also expand with “+”. On the right side panel you will see a bunch of files and folders. You can select them all and download them, but we do not recommend doing so as it can be very time-consuming and puts a strain on the server.
Instead, we recommend that you right-click on the “public_html” folder or the folder with the name of your website and select Compress. You will be asked for a compression format, and our recommendation is Zip format. Then download the file and move it to a location of your choice.
That takes care of the files. Now let us move on to the database. Again, we need to go to the cPanel. There you need to find “Databases” and select “phpMyAdmin”. When you enter the new panel, select “Databases” from the top menu bar and you should see a list of databases on the left. If you are not sure which one is your database, you can open the “wp_config.php” file and read it there. It is located in the “File Manager→public_html folder→Folder with the name of your website”. Once you find out the name of your database (or if you already know it), click on it and all the tables it contains should appear on the right. Select all of those tables and choose “Export” from the top menu bar. You will be asked for the format, leave it at the default “SQL” option. Once the download is complete, you will have your database as a .sql file that you can move around as you wish. We recommend that you keep it in the same folder where the backup copy of the file is located, so that it does not get accidentally mixed up with other files.
That’s it - you are done.
Manual backup is a dangerous process. New website owners are best advised to avoid it unless they are tech-savvy and use an automated backup service. This process requires you to gain access to your files and database, and there’s always the risk that you’ll make a mistake that will destroy your WordPress website. This additional stress can have a negative effect on performance, causing the website to fail or the server to slow down. Manual and automatic backups are always the best combination, but nowadays, when backup plugins are very simple and easy to use, we would recommend you not to bother with manual backups, as there is a high chance that you will do something wrong if you are not technically savvy.
Ad 2) Automatic backups (from your hosting provider)
Almost every better and even some cheap hosting’s offer automatic backup or backup service. When you try to update your WordPress site, it can be easy to put your site backup on hold. However, if you automate the process, you leave those tasks to others so you can focus on other things. There are two ways to automate the process of backing up your website. Either you leave it to your hosting provider to do it automatically, or you use a third-party service to take care of it, or both. If you rely on your web hosting provider to perform automatic backups, you should know that the backups are stored on the same server as your website. This means that in case of a server failure on your web hosting provider’s server, everything can be lost. The better option is to use a WordPress plugin to create automatic backups of your website. This will allow you to store your backups on other servers (not at your web host).
Ad 3) Automated and manual backups with plugins
There are many good plugins you can use for backups, but we recommend All-in-One WP Migration. You can use it to perform manual and automatic backups and migrate your websites. It is very simple and easy to use. You can download the community version from here.
How to use it manually
After installation, which is quite simple as with all other plugins, the plugin appears in the menu on the right side of your dashboard. There you have the option to export or import your website. You go to “Export” and select “File.” After your website has been archived to a file, a small window will pop-up and give an option to download your website in a single file. Click “Download” and when the process is complete, you are done! Move the file to a location of your choice for safekeeping.
Automatic backups
If you want to schedule automatic backups, you need to get a cloud storage, such as pCloud service, which is paid but makes your life very easy and automates the whole backup process for you, so even if you forget to make a regular backup, you are safe because the plugin will do it for you. If you use the pCloud service, you will get the pCloud extension for your website and install it just like any other plugin. Now when you go to export, you have an additional option called “pCloud”. When you click on it, a full backup of your website will be created and automatically uploaded to your pCloud storage. After that you will get a message that the backup has been uploaded and that’s it, you are done! Your backup will be uploaded to your pCloud storage account and you can download it anytime.
pCloud settings
After installation, you will get a new menu within All-in-One WP Migration called “pCloud Settings”. What’s so great about this, you can ask - well, you can set your plugin to perform automatic backups at a time and place of your choosing. There are four options: “every hour”, “every day”, “weekly” and “monthly”. Choose the option that best suits your needs.
After that you need to choose the destination for your backups: pCloud Server. There you can create separate folders for all your websites so that they do not get mixed up. All you have to do is point to the right folder and your destination is set. Also, there is an option to receive an email if the backup fails for some reason. This way, you’ll always know when something is not working properly and can react to it. We also recommend that you set the number of backups that will be stored on the servers (we recommend 10), because if you leave the option unlimited (that’s the default setting), your backup folder will get clogged up in no time and you will have a lot of surplus files. An additional tip: when setting the time for automatic backup, choose the late-night hours (e.g. 2am) when your website has little to no traffic, because doing a backup can significantly slow down the speed of your website
The importance of full backups
The only way to ensure that your website can be fully and quickly restored in the event of a crash is to use a full backup system. If you do not have a full backup, you will not be able to restore all of your web files in the event of a crash. To avoid this problem, you should use a full backup system that captures everything on your website.
A website backup is incomplete if it does not store both the website database and the files. Files are what make up your website, including the core WordPress installation, themes, plugins, media files, and all the important configuration files like .htaccess and wp-config.php. Do not rely on just one backup source. You should always have multiple copies of your backups on hand. At the same time, do not expect your hosting provider or an externally hosted backup solution to do everything for you.
While keeping multiple copies of your backups in different locations is a good practice, it also poses security risks. Once cyber criminals get to the server or cloud storage where your backups are located, they will steal all your important web data. WordPress backups are essential for any website. However, some websites should be backed up more frequently than others. For example, if you run a blog with comments enabled, daily backups are important. However, if you do not receive comments or publish posts often, a weekly schedule will suffice.
A few tips about WordPress backups
- Answer the question: how often should you back up your website?
- Automate your website backups
- Schedule website backups (depending on your needs)
- Make sure your backups are complete
- Store multiple copies of backups
- Redundancy: backups in multiple locations
- Backups should be independent of each other
- Test your backups before restoring
Final thoughts So many people fail to back up their WordPress websites because they do not know how to properly implement a backup system: Step 1: Install the plugin (All in one WP Migration Plugin). Step 2: Set up the plugin Step 3: Run your backup Step 4: Set up automatic backups
It’s no secret that website security is a major concern for businesses. It’s also clear that backups are key to recovering your website after a cyberattack. For this reason, we are here for you. Using our products will not only make your life easier, but you will also be able to sleep soundly at night knowing that we are there for you in case of an emergency!