Be Protected From Automated Updates Gone Bad
Backup WordPress frequently, especially if you have any automatic plugin updates enabled.
Automatic updates can break your site without you knowing, at any time of the day or night:
- They can ruin its look-and-feel.
- They can corrupt your site’s database.
- WordPress will notify you if your site goes down hard but not necessarily if it’s only partially broken. E.g. If your layout is messed up or your checkout stopped working.
Never enable automatic updates, by the way. Doing so means relying on plugin authors to always stay ahead of WordPress core updates and to never let a mistake get out. Many plugin authors are solo operations and this just isn’t realistic. Heck, plugins can conflict even if the authors are doing everything right. Don’t automate your way into a mess.
Get in the habit of doing monthly manual updates to your WordPress site instead. If something breaks you’ll know it right away and you can get it fixed before it impacts your business.
You’ll also be thankful for your backup if you need to roll-back design changes or edits and get your site back to a known-good state.
Pro Tip: If you do have automatic updates enabled then set up daily automatic backups.
Keep Your Options Open
Offsite backups are key when you backup WordPress. If your hosting provider goes out of business, becomes unresponsive, or if you need to change to a new one for some reason you be prepared and able to act quickly.
- If they have been doing your backups and keeping them on their servers then you’re out of luck if they go silent.
- This can also be a lifesaver if your hosting provider goes out of business or is trying to hold your site hostage for any reason. (There are definitely some dodgy hosting providers out there.)
Be Protected From Hackers
If your site gets hacked it’s usually because of a weak password an insecure plugin, which is out of your control.
Hackers will use your site to serve up malware and spam or attack other websites. Their hacks quite often result in core WordPress files being compromised.
Google scans your site regularly to look for new pages and posts. If Google finds malware, your site will be blacklisted; it’ll be removed from Google’s index and visitors will receive dire warnings in their browser when trying to visit your page. Website owners often find out they’ve been hacked only after Google tells them.
Pro Tip: Having backups that go back several weeks greatly improves your chances of recovering quickly.
Important Backup Features
In addition to automatic backups, you need the ability to do a manual backup before you update WordPress. This is WordPress best practice.
Make sure you can keep a few weeks of backups on-hand, or longer if you don’t look at your own site very often.
- You need to restore from a point in time before the trouble began.
- It can take a while before you figure out or get notified by a customer, or Google, that you have an issue. (Google notifies you when they blacklist your site for being hacked.)
- There is no log of when automatic updates happened so this could be a trial and error process.
Pro Tip: Make sure you backup your site’s database as well as its files. Either one isn’t useful without the other.
Best WordPress Backup Plugin
The best WordPress backup plugin is UpdraftPlus. I use it on my sites and my client’s sites. Once set up it just works which is important for obvious reasons.
- Automatic backups
- It backs up both your site’s files and database
- Offsite backups to Amazon, Google Drive, Backblaze, Onedrive, Dropbox, etc., or even a few of these simultaneously. The various guides for setting up each destination can be found here: https://updraftplus.com/frequently-asked-questions/.
Other WordPress Backup Options
Another great option is a service like VaultPress. This is a premium service that’ll also make regular off-site backups for you.
Your hosting provider may also be making regular backups for you. These can be useful if you need to do a quick restore. Double-check to make sure and make sure you know how to restore from a backup or where to get help if needed. Remember: You need to be backing up offsite as well.
You can also use FTP to download all of your files and phpMyAdmin (or equivalent) to get a copy of your database. This is a little advanced for this article, so search Google if you’d like to learn more. Also, this is good for a one-off occurrence, but it’s way too much hassle for a regular backup plan.
Restore Your Site
To restore WordPress you have a few options:
- If a plugin update caused the problem, then you can restore it from within your existing website. Same if you need to roll back some changes that you made. Just find a backup that you want to restore and click the restore button. (Screenshot of backups list.)
- If your site was hacked, you should set up a fresh new install of WordPress, with a new database with a new password. Create a new admin account that has a new password during this process. Install UpdraftPlus, connect it to your off-site storage & then restore your website. Here are some instructions. You already have backups, so you can start at step three: https://www.wpbeginner.com/wp-tutorials/how-to-uninstall-and-reinstall-wordpress/.
- It was a WordPress core update that broke your site, then you can do a fresh install of an older version. Download a previous release from here: https://wordpress.org/download/releases/
UpdraftPlus has directions to restore here: https://updraftplus.com/faqs/restore-site-updraftplus/
Tips After Restoring WordPress
Once your site is restored, turn off any automatic updates if they were the cause of your problem.
If you were hacked:
- Change all of the passwords for all key users (Authors, Editors, Administrators) on your site to be safe.
- Remove any user accounts you don’t absolutely need.
- Make sure that all of your plugins are up to date. If you have one that seems abandoned, remove it; find a replacement or find a way to live without it.
- You should also install a security plugin like WordFence. https://www.wordfence.com/
P.S. I have maintenance and managed hosting services which include automatic offsite backups. They also included managed updates, a firewall, uptime monitoring, reporting, and more.