How-To: Setup Regular Backups & Secure WordPress

  (by )

Over the past few years, WordPress has evolved from much more than just a blogging platform.  While WordPress remains a popular out-of-the-box solution for bloggers, it is widely used as a customisable CMS for business websites, because it allows individuals to regularly update content and manage their site’s functionality.

However, as WordPress is a database-driven application, there are risks associated with the sensitive information stored in the website’s backend.  Should the data within this administration panel get into the wrong hands, there are multiple implications, which is why it’s important to take the proper steps to ensure maximum security.

Aside from the security precautions that can be retrofitted to a default WordPress install to enhance security (some of which will be covered below), data needs to be backed up regularly in the event of a security breach.   While many web hosts offer data protection with their business hosting, it is still important to regularly backup your WordPress databases to a safe location.

Out of the many WordPress database plugins available, WP-DB-Backup is one of the most reliable and secure in terms of setting up regular database backups. WP-DB-Backup works to solve two backup issues: firstly, the ability to backup as and when required (either via a zipped file download, or straight to email); secondly, the ability to schedule backups at regular intervals,  including hourly, daily, and weekly.


In order to use WP-DB-Backup, you need to download the plugin and install it via your WordPress admin area.

Once you have downloaded and installed the plugin, you will find a “Backup” option under “Tools” in the WordPress Dashboard. The scheduled backup section can be found in the bottom half of the page. To configure this plugin, you need to do the following:

  1. First, choose how often you would like your automatic backup to occur. Ideally, you should backup your database daily, especially with large or busy websites.
  2. Secondly, select the tables from the right-hand side that you wish to backup. By default, the core WordPress tables will be backed up; if you want any of your additional plugins to be included in the backups, then you need to select them individually.
  3. Finally, enter the email address you want your backup to be sent to. If you want to backup your databases on a daily basis, then you may want to consider sending your backups to a Gmail account, as Gmail offers large store capacities.

Once you have completed the steps outlined above, simply click the “Schedule Backup” button.   The plugin will automatically begin to create a backup of your WordPress database based on your chosen settings.

These regular backups will provide you with external copies of your data in the event of data loss or corruption. Combined with the data protection and backups provided by your web host, WP-DB-Backup helps ensure you will have always have a recent copy of your WordPress site.

While regular backups are an imperative aspect of securing your website, you can further protect your WordPress site by doing the following:

  1. Install and activate the Login Lockdown WordPress plugin
  2. Install and activate the WP Security Scan plugin
  3. Where possible, ensure your database tables don’t begin with the prefix ‘wp_’
  4. Change the main administrative user account so the default username isn’t ‘admin’
  5. Ensure you are running the latest version of WordPress, and keep your plugins updated

The above was a guest post by small business IT support specialist axon IT. Along with keeping your online data secured, all of your offline business data (including files, emails and invoices) can be automatically secured with a managed offsite data back-up solution.

Subscribe to our mailing list

* indicates required


  1. On August 30, 2011 at 10:17 pm

    New Business Agency London said:

    Thanks again for this Cat!

    I’ve become quite an avid reader of your blog here and realise there are a lot of things that I am not doing – so now I have installed WP-DB-Backup and ran it

    Now it’s time to go back and do the other two plug-ins you recommend and make sure that I am fully secure. Thanks Cat, and I’ll be moving straight back to your previous posts too.

    This is why I really love using Evohosting; you guys make everything so simple for me and I just keep on coming back for more. Your customer services guys were also excellent when I had to transfer my url’s from another hosting agent.

    • On August 31, 2011 at 9:27 am

      Cat M. said:

      Thank you for all of your great comments–I’m glad to hear you’re happy with the blog and our hosting!

      All the best,

  2. On June 11, 2011 at 6:46 am

    Sean said:

    Thanks for the list. I’ve also been trying out EZPZ OCB– seems to work well.

  3. On March 24, 2011 at 1:41 pm

    PauliusR said:

    Login Lockdown is great and very simple solution to prevent attemps to hack into your backend. However, it’s not suitable for community-based WordPress sites, where authors and readers can register and contribute to the site. In the meanwhile, WP-DB-Backup is just perfect, I love it 🙂

  4. On March 21, 2011 at 3:36 am

    Aquanomi said:

    Nice looking plug in, very important for new WP users.

    Downloading the backups to a secure location is absolutely vital but so is testing out your backups every now and then. If you have the space / free database instances in your hosting, try restoring the back up into a test environment. There is nothing worse than finding the back up is unusable when you need it most. (I speak from experience unfortunately…)

  5. On March 13, 2011 at 12:33 am

    Amit Sharma said:

    WP-DB-Backup is the plugin that I use for wordpress site backup every week. Its a very good plugin, crucial for blog safety and every blogger should install it.

  6. On March 5, 2011 at 9:15 am

    Air Zimbabwe Flights said:

    We have quite a few word press blogs. This is all very helpful info. I like your approach of educating users. Thanks.

  7. On March 2, 2011 at 9:55 am

    Ewan Kennedy said:

    Hi, I transferred my site across to WordPress over Christmas and have been meaning to address the issue of database backups (particularly since I’ve had a client fall prey to the notorious pharma hack. This plug in is probably just what I need, thanks.

  8. On March 1, 2011 at 3:32 pm

    Marc said:

    Thanks for the links to the plugins. I was getting a bit paranoid about backing up wordpress as my old host used to be terrible for losing stuff. Hopefully I won’t need it at my new host but you can never be sure.

  9. On February 28, 2011 at 2:18 pm

    Gary said:

    One other thing that I often do is to remove the “powered by wordpress” info and “theme info” from the footer of the theme, just so you are not telling potential hackers that you are running wordpress and the theme you use, as then it can be used to search for known weaknesses and exploits.

    This isn’t foolproof as both of these bits of info aren’t too difficult to discover with a bit of code digging, but it can make things a little more difficult for would be hackers.

  10. On February 24, 2011 at 2:21 pm

    Leo said:

    One way to add another level of security to your WordPress blog is to set up an IP based restriction on WP Admin folder.

    Off course this is only feasible if you don’t need to give access to guest authors to this folder. It is also easier if you have a static IP, but it not too much of a hassle if it’s dynamic.

  11. On February 23, 2011 at 8:45 am

    network storage said:

    A couple more security plugins for wordpress. – checks for malicious codes within the blog. – useful when you’re trying out a new theme. It looks for malicious code within themes.

  12. On February 22, 2011 at 10:21 pm

    Chris said:

    It’d be heartbreaking to lose all the work and effort that went into setting up a WordPress site. Thanks for these tips. Using Gmail as a back up is a smart tip, but it’s probably also useful to make sure things are backed up to hard drives and other places, as well. You can’t be too careful.

  13. On February 22, 2011 at 4:44 pm

    Tom Durkin said:

    I use both Login lock down and WP security scan, both i can recommend as useful tools.

    Thanks for the info, I must learn to back up more often


  14. On February 21, 2011 at 10:52 am

    Jim said:

    Great information. especially the Login Lockdown WordPress plugin and the WP Security Scan plugin. I just converted my entire site to WP and am getting ready to take the installation live so this is very timely for me.