How To Backup Your WordPress Site?

How To Backup Your WordPress Site?

How To Backup Your WordPress Site

It is unusual for most site owners, not to keep a backup of their website(s) until something seriously goes wrong. If you research and put the effort in creating a sharp strategic plan from the beginning, you will know the very importance of backing up your site.

In this post, let us look into Why and How you should backup your WordPress site in details.

Why Do You Need Backup?

WordPress manages your site’s security to a significant level.  But little mistakes and ignorances can result in a loss of vital data that can hamper your business. Hence, let’s be careful and avoid the risk of losing important information.

Here are a few uncalled for issues that people face regularly.

» WordPress Sites Get Vulnerable At Times

Hackers & CMS

Hacking is the biggest activity what site owners fear. Hackers are always trying to find ways to hack into different websites and can cause serious damage to many.

When it comes to WordPress, it alone powers up to 30% of all websites globally and 60.2% of the total CMS market share (Source: Web Technology Survey Firm W3Techs, 2018). Hence WordPress sites are the prime targets of hackers and spammers.

WordPress gets regular reports on issues from its users regarding any faulty plugins or themes, bugs or security risks.

Once verified, WordPress creates an awareness among its users and the WordPress community with the intention of avoiding others from facing such issues as well.

Like every ordinary user, hackers also get the news. This gives them an opportunity to find targets to attempt activities such as SQL injection, brute force, etc. They randomly release bots over the internet to detect vulnerable sites that use faulty plugins or themes.

When they come across such sites, they insert malicious codes and pass it to the back-end database which they can use to run notorious activities on the sites (such as Leaking InformationSpamming Emails, etc from your site without your knowledge).

Yes, backing up your site, won’t prevent hacking (Follow Security measures like Silver Rule for preventing security risks such as SQL Injections) but, in case you get the hint that your data was altered by a hacker or a hacker ruins your current site, backup will help you to recover your site to the last saved version of your website that worked properly.

» Mismanagement Of Plugins Is Troublesome

Plugin ecosystem is the reason why most people choose WordPress. However, despite it being the main attraction of WordPress, these plugins can also cause enough trouble if proper measures are not taken.

As you have read earlier, faulty plugins are a way for hackers to hack your site, you may take the following measures.

Install plugins as less as you can. Reach out the functionalities of each plugin and find out their use for your site. If you don’t need them, simply remove them. By doing so, It will help reduce the number of potential threats for your website.

Besides that, you should always consider updating your plugins whenever available. Outdated plugins may not be compatible with the latest WordPress version(s) resulting in Slow Speed, Compatibility Error or even Broken Sites. These backdated applications are an invitation to compromise.

Consider keeping regular backups of your site should you face any bad luck due to faulty plugins or due to use of backdated plugins.

» Your Hosting Server May Crash

Picture of Server Crush (Animated)

Hosting companies often offer daily, weekly or monthly backups of your site. If something goes wrong, they are determined to give you a fully functional copy of your website from the last check-point where it was working properly.

Now, though hosting servers are a great option for keeping backups, it is always wise to keep multiple backup modes besides hosting servers. This is because, for any unwanted reasons, if a server outage happens from the hosting provider, it can cause a loss of vital data and information.

Even the best hosting companies can face downtimes with their data-centers. For example, in 2011, Go Daddy experienced a prolonged outage because one of their software updates went wrong. However, they did manage to rescue customer information without any compromise, but it had to be redirected to a mobile version.

In such situations, even if your hosting provider finds a way to recover the loss, they might only be able to recover up to a few days old data where many new changes might be lost. This definitely won’t be good news for you. Hence extra backup methods are strongly advised.

» Using Unsafe Theme And Not Staying Updated

WordPress releases updates (for bug fixes, security enhancement etc.) regularly to ensure healthy security measures. Many CMS users may find it very tiring to get small updates every week. But it’s for your own good to update the themes on a daily basis to make your theme compatible with the current version of plugins and the software itself.

Again, there are Nulled Themes that may result in a security breach. These themes are well known for carrying malware hidden inside them. There may be more drawbacks when using nulled themes such as unwanted spams set by the distributor, scripts to hamper your SEO rankings, spyware planted to get personal information by hackers, and many more. As a result, we strongly advise you not to use nulled products even if you are an expert.

Besides that, if you are concerned about overwriting the core functionalities of your WordPress site while synchronizing with all the updates, make proper use of the Child Theme feature. This will allow you to extend/modify parent theme without compromising with the WordPress core.

» Broken Site, Broken Business

Broken Site

WordPress is a powerful tool. It gives users the potential to manipulate websites to great extents, from the admin panel to content section.

In spite of the good intention of a few less experienced users, they might make changes unaware of the fact that it may hamper functionality of other parts of the site. This may result in broken sites in extreme cases. One way of reducing such possibilities is by limiting the administrative roles between few people.

Then there may be another big issue that many faced in the past, called the “White Screen Of Death“. This is basically a situation where computer freezes and shows a white screen. You are unable to do anything on your device, forcing you to reboot the computer.

» Risk Of Username Detection

User Name Pass Animated

Many WordPress general admin sections have ‘admin’ as user-name which is accessible at either ‘/wp-admin’ or ‘/wp-login.php’. This is a treasure for hackers to get easy access to your website. Make sure to change your default admin username to something more secure. Follow the instructions here.

There is another drawback of WordPress on the admin login page. When trying to log in with a random ID, if the ID does not exist, the site says “Invalid username“. But if the ID exists and the password is incorrect, the site says “The password you entered for the email address is incorrect. Lost your password?”

This is a serious issue. If any random person, by any chance enters a correct email, the system confirms the ID exists.

For an expert hacker, knowing the correct username is a major step forward towards finding access to the site admin panel. They may use bots or other hacking methods to try and break the password lock (One of the popular methods is Brute Force Attack, learn about it here).

Take A Note; Avoid Danger:
The security level of your site can be endangered by you as well. No matter how many years of experience you have, a single defective MYSQL command can cause lots of data to be wrongly updated. Running too many scripts or broken codes can be problematic as well.

This is why, as an admin, you need to regularly inspect a lot of things such as your page loading speed, the efficiency of codes – whether queries are optimized and so that database tables are properly indexed. For your own good, try to backup your WordPress site on a regular basis.

How To Backup Your WordPress Site?

As you have learned, so many problems may be faced, and hence backing up the websites is important. Let us look into how you can backup your WordPress site effectively.

1. Backup Your WordPress Site Via Web Hosting Companies

Back Up Your WordPress Site via Web Hosting Service

When you are ready to create a website, anyone you ask advice from, their first suggestion is always to choose a good hosting server.

A lot of things depend on hosting servers and one of the biggest advantages you can take out of them is server backup.

Web host servers are powerfully configured for the safest backup service of your site.

Almost all the mishaps on your site can be restored by getting backups on your web host server (unless there is a server outage which is a rare case).

Web hosting companies provide different Backup Plans based on your requirement. Different web host providers offer different solutions on backup and it is up to you to chose which ones are more credible and affordable for you.

For example, WPEngine offers you backup for both Development Site & Live/Production Site whereas others may not, but this may cost a bit more. Some other popular web hosting companies are Bluehost, Kinsta, HostGator, Go Daddy.

F.Y.I.: We suggest you try and avoid Shared Hosting Service. They have thousands of sites hosted under one server. Which means you will get unnecessary traffic and get reduced website speed. Though they are cheap and may also provide great backup services at times, we only suggest what is best for a website in terms of both security and performance.

Hosting companies allow you to back up in many ways and it is best to configure it properly. To make things easier for you, let us consider Bluehost as an example while using cPanel as the control center.

» Backup Files On Bluehost

Log in to your cPanel.

Click on ‘Site Backup Pro’ and then click on ‘Backup and Restore’ button underneath ‘Backup and Restore Basic’ (or backup and restore pro in case you purchased the pro version).

You will get a list of options of what you wish to download or restore a backup for (which includes Website Files, Home Directory, Email Messages, MySQL or Full cPanel Backup).

Click on ‘Download’. Here you can select to download last daily, weekly or monthly update of backups to be downloaded and you can select the file type (tar or zip).

Once downloaded, you can now use the file or store in any other server where ever you find fit to keep safe.

If you wish to restore, just click on ‘Restore‘ under the files you want and it will prompt for the restoration of last day, week or month’s backup to be restored upon your site.

**Note that Bluehost automatically makes daily, weekly or monthly backups. But some providers may not offer such options.

Backup policies from hosting servers are safe and credible. But then again, you should consider keeping multiple backups, i.e. you should also backup your WordPress site through plugins or keep manual backups. Having multiple backups available will ensure less chance of any mishaps.

2. Backup Your WordPress Site via Plugins

Backup By Plugins
Backup your WordPress site via plugin

Using plugins to backup your WordPress site is easier than you think. Let us look at how you can backup your WordPress site properly using Plugins.

» Choose a Plugin

There are many plugins in WordPress repository to help you with backup. Among many, the most well-known ones are BackupBuddy, BackWPUp, UpdraftPlus, Duplicator etc.

» Configure Your Plugin

Once installed, after filling up some credentials, such as providing your email id and setting up a password for security, you need to configure your plugin as needed.

Choose the regular backup schedule you want from your plugin. You may identify the components of your site such as themes, plugins, uploads etc you want a backup of in this process. You also need to choose the channel (Drive/Cloud/Email etc) in which you want to save your backup files.

» Backup And Restore

Once you are ready with your plugin, you can go ahead and backup your WordPress site. There will be options like ‘Complete Backup’, ‘Backup of Database’ only, ‘Start Backup’ etc.

When you choose any of the options, it will take some time to complete the process. This execution time depends on the size of your website.

The plugin will notify you once the process is completed and then you will be able to view your backup files and download them whenever needed.

» Setup Offsite Backups

You may also consider keeping copies of your backup files Offsite. In case of emergencies like server outage or inaccessibility, you need to revive your server data. Hence we recommend you to save backup files offsite. For example, BackupBuddy provides BackupBuddy Stash, UpdraftPlus has UpdraftPlus Vault for remote data storage.

Moreover, every plugin provides an option called a remote destination to save your backups.

Hence, you can store your data in remote destinations like Amazon S3, DropBox, Google Drive, Cloud Storage, etc.

Plugins for backing up sites are being widely used today. They are trustworthy and reliable. We suggest you start using plugins to set backups ASAP.

» Backup your WordPress Site On Cloud Storage

You may also choose to backup your WordPress site entirely on cloud storage such as Google Cloud Storage, Amazon AWS S3, Microsoft Azure or DigotalOcean.

There is a plugin called WordPress Media Storage to Cloud with which you can do it with a single click. So I suggest you should try it out.

3. Backup Your WordPress Site Manually

Every WordPress directory contains core files (wp-content, wp-includes, wp-config.php, wp-admin etc) essential for your site. You can manually backup these important components via your cPanel or via FTP (File Transfer Protocol)

Backing up your WordPress site manually requires login access to your server and exportation of the two core components — Website Files (located in File Manager Console) and Database (accessed through phpMyAdmin).

(a) Backing Up Your “Website Files” Manually

You can manually backup your WordPress Files in two ways.

(i) via cPanel
(ii) via FTP

(i) Manual Backup via cPanel

Most hosting providers provide cPanel as a platform to navigate through the core files of your website.

Let us check out the steps you can follow to backup manually using cPanel.

Login to your web host and navigate the cPanel. In most cases, cPanel is the first page you encounter just after logging in.

Select the ‘File Manager’ option and access the Home Directory.

Look for the folder name public_html.

Once you’ve located it, right click on the folder and choose ‘Compress’ from the menu bar.

cPanel to Backup your WordPress site

Choose the compression type (zip, tar, gzip) you want your directory in and click the ‘Compress File(s)’ button. Your compressed WordPress folder will be saved.

Right-Click on the zip file and choose ‘Download’. Choose a proper location for the zip file you just downloaded and you may store it anywhere in your hard drive or any external drives you like.

cPanel is the most widely used control center, but there may be hosting providers that provide different control centers such as vDesk, Plesk etc. In most cases, you simply need to look for File Manager and phpMyAdmin in your dashboard, and the rest of the process is similar.

(ii) Manual Backup via FTP

To connect FTP to your server, you will need help from FTP clients. Some of the popular FTP clients are FileZilla and Cyberduck. You can simply download any of them and install it on your device.

Taking FileZilla as a reference, let us see how it works.

Log into your cPanel, navigate to ‘Files’ and click on ‘FTP Accounts’.

Open up FileZilla and you will see two panels.

FileZilla Tutorial

Navigate to File and then Click on ‘Site Manager’.

When the box appears, Click on ‘New Site‘.

On top, provide the hostname, login type, and your individual username and password. Click ‘Connect’.

Now, under Remote Site (server), scroll down and look for public_html.

This is the root file of your website. You can drag and drop it to a folder on the Local Site (your computer) where you wish to save it.

Now you have a backup of your Website Files in your computer, which you can then save wherever you find suitable.

(b) Backing Up Your ‘Database’ Manually

You can also back up the database of your site without the help of any particular server. You can simply save components of your database at the current stage on your device.

Developers interact with your site’s database through phpMyAdmin console. This section contains systems and processes related to the functionalities of your website.

To export your data, follow the steps below.

Navigate to your hosting panel and locate ‘phpMyAdmin’.

Once you have logged into ‘phpMyAdmin’, you will see the main administration panel.

Select ‘Database’ tab to choose from your database.

Select all the tables you would like to backup.

After selection, click on the Export tab and set the save option to SQL.

Database Backup Process to Backup your WordPress site

Finally, hit ‘Go’ and choose the location you wish to save the backup files for your saved database.

Manual backups allow you to store your website data to more servers or other cloud storage systems. When restoring, you can simply copy your backup file and paste it on top of the main file, and done, your website is restored.


Backing up a website is very important and hopefully, now you know of the several ways you can backup your WordPress site. Let us all avoid the risk of losing the progress of our website. We hope this article was useful to you.

2 Comments, See all Comments

Leave a ReplyCancel reply

Your email address will not be published. Required fields are marked*

cta img

Let us help you deliver your next project!

Contact Us