|Jason Blacker has graciously agreed to share his knowledge about backing up a WordPress blog, for free!, here on hospitalera.com, he also writes on 3 of his own blogs, check them out! If you’re interested in living lightly yet abundantly as well as other random curios you can visit One Plate One Bowl. He also writes an extensive blog on veganism and the vegan lifestyle at Vegan Valor. Lastly, if you enjoy poetry, come on over to his Haiku blog for a daily dose of delicious haiku. Now read on about backing up your WordPress blog Oh, and yes, the inserts in italics are by yours truly, for fun and clarification ….
How to Back Up and Secure Your WordPress Blog For Free
Most of us who have blogs online and are trying to make our living through online activities and publishing use WordPress. How do I know this, because it is the biggest and most widely used self hosted CMS out there. Tumblr just inched ahead, but I don’t consider them to be self hosted. (Nor do I Jason, nor do I, biggest source of spam I am receiving in my inbox ;-( Tumblr really needs to get its act together …)
But I am also pretty sure that most of us don’t back up our data as much as we should. And we especially don’t back up our blogs as often or as comprehensively as we should.
This tutorial should be considered a complete guide to backing up your WP blog and securing your WP blog as best you can for less chance of a hack attack. Not to be confused with hacky sack. (Eh, what is a ‘hacky sack’?, something I shouldn’t mention on a family-friendly blog? Care to elaborate?)
Firstly we’ll look at how you can back up your blog without any plugins and for free. This will work with just about any host I’m pretty sure, but I know for certain it will work with a host that gives you access to cPanel.
Secondly we’ll look at how to back up your blog using free plugins and other free services for a truly hands free back up solution.
How to backup your blog using cPanel
Log in to cPanel:
cPanel is usually found at http://yourdomain.com/cpanel. Your host would have sent you the login credentials when you signed up with them. If you use a reseller hosting account you would have set this up yourself.
Once you’re in your cPanel dashboard you’ll notice a screen like this:
There is more to it than the bit I’ve shown above, but basically what you want to do is click on the icon “Backups” which will take you to this screen:
This screen looks more complicated than it actually is. But first let’s take a moment to think about WordPress blog back ups. When we save a Word document for example we just hit the save button. This is kind of like backing up our Word document we’ve saved a version that we can access later if something happens to our current document.
The 2 important and separate parts of your blog backup
However, when it comes to most blogs and specifically WordPress blogs there are really 2 parts that we need to save when we are making backups of our blog.
The first part is the Home Directory which you can see is the first oval on the image above.
I like to think of the home directory as the skeleton of our blog. The Home Directory is everything you see under File Manager -> public_html.
You can see what is being saved when you save a backup of your Home Directory by accessing File Manager:
Clicking on File Manager takes you to:
Usually the above is the default setting so you just click on Go to get:
Basically, this is all the info you’ll be saving when you click on Home Directory. Still confused? As mentioned earlier, the Home Directory is like the skeleton of your blog, it gives your blog its shape but your blog is technically naked of content.
You can think of the Home Directory as what your blog looks like. It contains your themes, plugins and other things that make your blog – sans content – look like it does instead of that generic “Hello World” blog you first see when you installed WordPress without making it your own.
Okay. So go ahead and click on Home Directory:
This will download a copy of your directory files to you downloads folder or wherever else your downloads get saved. I’d make a folder now called “My Blog Backups” or something like that and move this download which is likely zipped – leave it zipped to save space – to that new folder.
Now do the same with the Databases. Here you will click on the link that will have something like xxxxx_wrdp1. Most of us will only have the one database though some of us might have more than one. If in doubt and you have more than one just click on all of the links available under Databases which will download all of your databases to wherever your downloads are saved.
You’ll notice that these files end in .sql or .sql.gz if they have been zipped. This just means that it is some sort of MySql database. Move these to your new folder that you created.
Now you want to know what a database is. I’m glad you asked.
Why your database is the most important part of your blog
The database in my opinion is the most important part of my blog.
The database contains your content. This is your blog posts, the meat that fits on top of our skeleton. It also contains some plugin data and user names and other details like that. But most importantly it contains our content, our hard work, our written blog posts etc.
Most times, the database backup that you downloaded will be much smaller than the directory. This is to be expected. Words are very light when it comes to byte size.
Why do I feel that the database is the most important part of this backup? Here’s why.
This is what would happen if you only backed up your directory and got hacked. You’d likely have to do a fresh WordPress install which means your databases and directory would be erased.
Then you would upload your backed up directory files. Then you could go in and create a new user admin account and your WordPress blog would look exactly like it did before the hack. Except there would be no content. You would have none of your blog posts.
If you only had 10 blog posts on your blog and each blog post took you about an hour to write, you’ve just lost 10 hours of your life. You’ll have to start from scratch.
Here’s what happens if you just backed up your database and not your directory.
You get hacked so you need to do a fresh install of WordPress after your original database and directory gets erased. You can now go back into cPanel and upload your database.
You’ll also have to set up a new username most likely but when you get into your WordPress dashboard, all of your content i.e. your blog posts are there.
Except, your blog is now using the default WordPress theme and your plugins etc are all gone.
I know for a fact that I can get a new WordPress blog to look how I want with a custom header and theme to how I like it well within 2 hours. So I’ve lost 2 hours, but not the 10 hours I would have lost not having my database which contains my precious content.
I can rebuild a WordPress theme to how it was before fairly easily with a little bit of frustration. But I can never re-write my content exactly how it was before. That is the key.
Alright, so that is how you backup your WordPress blog. You need to download copies of both your Home Directory and your Database.
Put them in a new folder that’s called “My Blog Backups” or something like that.
But we’re not quite done. What if the hard drive on our laptop or computer crashes. If so we’ll be hooped… unless we have backups of our crucial data in the cloud.
Backing up your backups to the cloud
For this purpose I use iDrive. You install the iDrive software on your computer after creating a free account and you make sure that it is backing up on an hourly or daily basis your sensitive data which would obviously include your folder where you keep your WordPress backups.
iDrive will give you a free account with 5GB of storage. You can pay for more if you want and it’s not a bad idea, but 5GB is plenty for a hundred or more blogs to be backed up… unless you are storing videos and tons of photos on your host’s server.
For example, one of my biggest blogs with a custom theme, header etc, and about 1,500 blog posts has a directory of about 5MB and a database of about 4MB. It has no images though.
How often should I backup my blog(s)?
Well, that depends on how often you update it. For example, if you add new content to your blog everyday, then everyday you should make a database backup.
If you only add content on a weekly or monthly basis then that is how often you should back up your database.
Your Home Directory only needs to be backed up when you make changes to your theme and/or plugins. Otherwise, one clean unhacked copy of that is all that you need.
How many backups of my blog should I keep?
You should keep several backup copies of your database. The rule of thumb that I use is to consider how often I visit my blog.
Why is this important? Well, you want to make sure you have at least one clean backup of your blog. If you have been hacked and you made a back up of your hacked blog, then reinstalling that is not going to help.
So if you only check your blog once a week or so, then I’d want to have at least a couple of backups that are always more than a week old.
And when I say checking your blog, I mean checking your blog as a visitor not as an admin. Many hackers will let you think that your blog is fine if you keep visiting it at http://myblog.com/wp-admin. So you want to check out your blog as http://myblog.com every so often.
That’s how to make a complete WordPress backup manually. But there is a simpler and hands-free way to backup your website that is also free.
It makes use of a plugin called EZPZ plugin.
How to backup your blog for free with a plugin
Here is the easiest way to add and backup your WordPress site using this great EZPZ backup plugin.
Under Plugins -> Add New put in “ezpz” in the search box and as you can see EZPZ One Click Backup shows up. Click Install Now and then on the next page click Activate Plugin.
Next you want to click on EZPZ OCB on the left hand side menu as shown below:
It is a good idea to set up this plugin now as shown:
I have found that the only things I need to change are the “Schedule backups:”, “Time” and “Email a notification of a completed scheduled backup to:” under the Options box. You’ll want to then click on the Update Options button.
Occasionally you might have an issue with a bug which has only happened to me if the time under my Settings -> General is not set up like March 22, 2012. Setting the time to that format and then uninstalling and then reinstalling the EZPZ plugin will usually do the trick.
The great thing about this EZPZ One Click Backup plugin is that it makes a back up of both your directory files and the database each time it does a backup. However, this can add up to a bit of space if you are keeping a ton of backups on your server.
But the key to managing this disk space you’re using is to set how many backups you want to keep locally on your host’s server. You can set this under Options where you can choose the number of backups to keep on the server as seen below:
I have found that 5 doesn’t put too much extra data on my server. And if you are using a reseller account you can allocate more disk space if you need to. But remember most blogs even with database and directory backups will likely use way less than 10MB for each backup.
It is a good idea when you’ve installed EZPZ plugin the first time and set it up as shown above that you create a manual backup. This is super easy. Just click on Manual Backup as shown below:
The plugin will create a backup while you wait. As you can see below, it doesn’t take long. This particular backup only took 13 seconds. Also, don’t refresh or click away from the page as it will interrupt your backup. Once it is done you will be met with this screen:
All you need to do is click on Download This Backup and it will be saved wherever your downloads are. As mentioned before, move it to your “My Blog Backups” folder that you’ve created and make sure this folder amongst other things is being backed up with iDrive or some other online backup management tool.
Alternatively, you can make this plugin even more hand’s off by setting up a free Dropbox account. A free Dropbox account only gives you 2GB of storage but if all you are using it for is WP backups that should go a long way.
Once you add your Dropbox credentials to EZPZ as shown below, it will upload a saved backup copy of your website to Dropbox as long as you make sure to tick the box for “Automatically save backups to Dropbox”. Then you don’t even have to worry about iDrive.
As you can see from the image, the only item I’ve changed from the default setting is to click the box that says “Automatically save backups to Dropbox”. Of course you also have to add your Dropbox email address and password, but the “Dropbox directory: EZPZ OCB Backups/” box can be left empty.
What I love about EZPZ is that it creates one zipped file of your complete database and directory and names it yourblogname_2012-03-22.zip so you always know which blog that backup is for and how recent it is.
That’s pretty much it. You have now backed up your complete WordPress website in case of any catastrophe. It is easy and simple regardless of whether you do it through cPanel or with EZPZ plugin.
The benefit of using a plugin is that you just set it and forget it. If you’re doing it via cPanel you have to remember to go in manually. So I prefer the plugin approach.
I want to share with you one other option of backing up your blog that is also easy just in case any of you have problems with EZPZ plugin.
How to backup your database with WP-DB-Backup plugin
I’ve used this plugin for years now. It is reliable and easy to use. However, it only backs up your database.
Remember, in my opinion, the database is the most important part but you still want to backup your Home Directory at least once and then every so often. If using this plugin you’ll need to go into cPanel to back up your Home Directory.
Just like with EZPZ, just go to Plugins -> Add New and search for “wp db backup” and it should be the first one on the list of options. Install it and then activate it.
This plugin has not been updated in a long time, but it seems to be working like a charm for me still.
Once this plugin has been activated you can find it under Tools -> Backup. Let’s go there now and see how to set ourselves up for success:
In the first section called Tables I just leave it at the default settings. The next one called Backup Options I just ignore other than click on Backup now! to create my first backup. It will then download your first backup to your downloads folder. Move this to your “My Blog Backups” folder while you remember.
The last part called Scheduled Backup is where we need to click on the button for how often we want the database to be backed up. As for the “Tables to include in the scheduled backup” list, I just leave that as default. Then we need to add in an email address for where we want the backups to be mailed and then we need to click on Schedule backup.
What I have done which has been quite helpful is create a Gmail account just for my backups. I used a username along the lines of firstname.lastname@example.org I have found this to be very convenient and helpful. With the amount of storage you get in Gmail it will take a long time to use it all up.
Remember though, that WP-DB-Backup does NOT backup your Home Directory so if you choose this plugin you will have to go into cPanel and do a manual Home Directory backup every so often.
Tips to secure your WordPress blog from hacks
The last bit of advice I want to share with you is related to security.
It is great to have a backup or several of your site in case it goes down or you get hacked. But it is better still not to get hacked at all. Now nobody can promise that you won’t be hacked, but since I have done the following things which I will share with you I have not been hacked in over 2 years and counting.
Usernames must NOT be admin
The default username as you know and as does every hacker worth her salt know, is that whenever you use Fantastico to set up a WordPress installation it creates the administrator with the username “admin” or “Admin”.
Change this once you log into your WordPress Dashboard.
Go to Users -> Add New and where it asks for a username put in something garbled like “m7jLwo82”. I have not had success using characters, but you should use at least 1 number, 1 lower case letter and 1 upper case letter. Also, make it at least 8 characters long.
Fill out the rest of the info in the fields and choose at least a First Name and/or Last Name. Choose a strong password and then under Role make sure you choose Administrator and then click on Add New User. See below:
The trick here is to choose a username that is like a strong password, and to choose a strong password too.
Strong passwords are mandatory
My tips for choosing a strong password is to make it at least 8 characters long as we did with the username and this time to use at least 1 character (you can use characters for WP passwords), 1 number, 1 lower case letter and at least 1 upper case letter.
I use LastPass to help me generate and manage robust and different passwords for all my different online sites and accounts. I suggest you do the same. LastPass is free.
Here is an example of a strong password that I generated with Lastpass:
Making use of using just strong passwords, unique passwords and unique usernames you are 80% of the way to securing your WordPress site.
Next you want to sign out of your WP dashboard and then you want to sign back in with the NEW admin user account you just created.
Now go back to Users -> All Users and then just under the new admin user you created click on the edit link as seen here:
That edit link won’t show unless you bring your cursor under the newly created user’s username.
Now what we want to do is to make sure that when we write posts with this new admin user it won’t show up as “posted by m7jLwo82” in my case. So in Display Name Publicly as: you should choose something else. Your choices will be from whatever you put in the First Name and/or Last Name field earlier like I suggested.
Don’t forget to click on Update Profile. Next we have to get rid of our default user who was known as Admin.
Go to Users -> All Users and this time click on the Delete link under your admin user you want to delete. Like before when we were going to edit our new user, you have to hover your cursor under the username to see the Delete link:
Once you click on this Delete link you’ll be presented with a screen where it will ask you to confirm this. You’ll want to first make sure that you “Attribute all posts and links to: “ your new user and then click on Confirm Deletion as seen below:
Now you’re all set and you’ve created a much harder user administrator account to hack.
But that’s not all we can do or should do to secure our WordPress blog from attack.
Using Secure WordPress plugin to secure our website further
There is an additional plugin called Secure WordPress plugin that I recommend. It does a few extra nifty things to your WordPress installation so that your chances of being hacked are greatly lessened.
You’ll add Secure WordPress the same way as you’ve added your other plugins.
IMPORTANT: Before you do this next step, make sure you have a current backup of your website in case something goes wrong. Just go create a Manual Backup through EZPZ and then download it before continuing.
Go to Plugins -> Add New and search for “secure wordpress”. It should be the first one on the list. Install it and then Activate it.
Once it is activated that is all you really need to do. The default settings are fine for most of us. If you are curious about tweaking it though you will find the settings for the plugin under Settings -> Secure WP.
There is also an option to sign up for a free account through Website Defender, but this is not necessary for our purposes. Though if you are ubereager you might want to do that. Though you can only associate one website with each free account. Having an account with Website Defender allows for the hack monitoring service they offer.
You have now done more to secure your WordPress website than 90% of the bloggers out there and you are unlikely to be hacked though this is by no means guaranteed.
Regardless, you have a backup right? Right?
You can now stop paying tens if not hundreds of dollars per month for backup and hack scanning monitoring that you no longer need.
What I do to backup my blog
I personally use the EZPZ backup plugins with Dropbox for my sites. I find this the easiest and most hands off solution.
I also do a manual backup of both my Home Directory and Database through cPanel on a monthly basis. To help me remember to do this I have created a recurring calendar alert at the start of each month.
I have also changed all my default “admin” username accounts and I use the Secure WordPress plugin. There is not much else you can do unless you’re pretty tech savvy.
What I do recommend if you get hacked is to take a deep breath and relax. Then call your host and tell them you’ve been hacked. Ask them to clean any malicious code they’ve found.
Once your host says you’re all clean you can go ahead and reinstall your last clean backup.
Or you can get your hosting provider to do the reinstall for you. I know Hostgator will do this for free if you give them a backup. They also have weekly backups that they will reinstall from for you if you pay them $15. That’s the worst case.
- Back Up in the Cloud
|Thanks again to Jason Blacker who has graciously agreed to share his knowledge about backing up a WordPress blog, for free!, here on hospitalera.com, he also writes on 3 of his own blogs, check them out! If you’re interested in living lightly yet abundantly as well as other random curios you can visit One Plate One Bowl. He also writes an extensive blog on veganism and the vegan lifestyle at Vegan Valor. Lastly, if you enjoy poetry, come on over to his Haikublog for a daily dose of delicious haiku.I hope you enjoyed, and benefited, as much as I did, this blog post about backing up your WordPress blog. If you have any further questions and suggestions, feel free to leave them in a comment, either Jason and / or I will answer it. And if you truly found it useful, feel free to share it via the buttons below|
If you like this blog post and found it helpful, why not share it with your preferred social network? Handy links and bookmarklets above ^^^ ;-)