Confident woman standing in an office next to a laptop

How to Backup WordPress to Protect From Hackers, Crashes, and Lousy Hosting Providers, Even If You Aren’t a Developer

Invouq 'IQ' logo device
Backup WordPress and have full confidence that you can survive a crash, hacking attempt, a bad hosting provider, or other calamities and get your site back up and running quickly. The set up takes a few minutes but the backups themselves will run on autopilot going forward.

Be Protected From Automated Updates Gone Bad

Backup WordPress frequently, especially if you have any automatic plugin updates enabled.

Automatic updates can break your site without you knowing, at any time of the day or night:

  • They can ruin its look-and-feel. 
  • They can corrupt your site’s database.
  • WordPress will notify you if your site goes down hard but not necessarily if it’s only partially broken. E.g. If your layout is messed up or your checkout stopped working.
WordPress plugin automatic update setting from WordPress' plugins page.
This is where you’d enable automatic updates for a plugin on your WordPress plugins page. I recommend never doing this.

Never enable automatic updates, by the way. Doing so means relying on plugin authors to always stay ahead of WordPress core updates and to never let a mistake get out. Many plugin authors are solo operations and this just isn’t realistic. Heck, plugins can conflict even if the authors are doing everything right. Don’t automate your way into a mess.

Get in the habit of doing monthly manual updates to your WordPress site instead. If something breaks you’ll know it right away and you can get it fixed before it impacts your business.

You’ll also be thankful for your backup if you need to roll-back design changes or edits and get your site back to a known-good state.

Pro Tip: If you do have automatic updates enabled then set up daily automatic backups.

Keep Your Options Open

Offsite backups are key when you backup WordPress. If your hosting provider goes out of business, becomes unresponsive, or if you need to change to a new one for some reason you be prepared and able to act quickly.  

  • If they have been doing your backups and keeping them on their servers then you’re out of luck if they go silent.
  • This can also be a lifesaver if your hosting provider goes out of business or is trying to hold your site hostage for any reason. (There are definitely some dodgy hosting providers out there.)

Be Protected From Hackers

If your site gets hacked it’s usually because of a weak password an insecure plugin, which is out of your control.

Hackers will use your site to serve up malware and spam or attack other websites. Their hacks quite often result in core WordPress files being compromised.

Google scans your site regularly to look for new pages and posts.  If Google finds malware, your site will be blacklisted; it’ll be removed from Google’s index and visitors will receive dire warnings in their browser when trying to visit your page. Website owners often find out they’ve been hacked only after Google tells them.

Pro Tip: Having backups that go back several weeks greatly improves your chances of recovering quickly.

Important Backup Features

In addition to automatic backups, you need the ability to do a manual backup before you update WordPress.  This is WordPress best practice.

Make sure you can keep a few weeks of backups on-hand, or longer if you don’t look at your own site very often.

  • You need to restore from a point in time before the trouble began.
  • It can take a while before you figure out or get notified by a customer, or Google, that you have an issue.  (Google notifies you when they blacklist your site for being hacked.)
  • There is no log of when automatic updates happened so this could be a trial and error process.

Pro Tip: Make sure you backup your site’s database as well as its files.  Either one isn’t useful without the other.

Best WordPress Backup Plugin

The best WordPress backup plugin is UpdraftPlus. I use it on my sites and my client’s sites.  Once set up it just works which is important for obvious reasons.

UpdraftPlus image WordPress plugin page
  • Automatic backups
  • It backs up both your site’s files and database
  • Offsite backups to Amazon, Google Drive, Backblaze, Onedrive, Dropbox, etc., or even a few of these simultaneously. The various guides for setting up each destination can be found here:

Other WordPress Backup Options

Another great option is a service like VaultPress.  This is a premium service that’ll also make regular off-site backups for you.

Your hosting provider may also be making regular backups for you.  These can be useful if you need to do a quick restore.  Double-check to make sure and make sure you know how to restore from a backup or where to get help if needed. Remember: You need to be backing up offsite as well.

You can also use FTP to download all of your files and phpMyAdmin (or equivalent) to get a copy of your database. This is a little advanced for this article, so search Google if you’d like to learn more. Also, this is good for a one-off occurrence, but it’s way too much hassle for a regular backup plan.

Restore Your Site

To restore WordPress you have a few options:

  • If a plugin update caused the problem, then you can restore it from within your existing website.  Same if you need to roll back some changes that you made.  Just find a backup that you want to restore and click the restore button. (Screenshot of backups list.)
  • If your site was hacked, you should set up a fresh new install of WordPress, with a new database with a new password.  Create a new admin account that has a new password during this process. Install UpdraftPlus, connect it to your off-site storage & then restore your website.  Here are some instructions.  You already have backups, so you can start at step three:
  • It was a WordPress core update that broke your site, then you can do a fresh install of an older version. Download a previous release from here:

UpdraftPlus has directions to restore here:

Tips After Restoring WordPress

Once your site is restored, turn off any automatic updates if they were the cause of your problem.

If you were hacked:

  • Change all of the passwords for all key users (Authors, Editors, Administrators) on your site to be safe. 
  • Remove any user accounts you don’t absolutely need.
  • Make sure that all of your plugins are up to date. If you have one that seems abandoned, remove it; find a replacement or find a way to live without it.
  • You should also install a security plugin like WordFence.

P.S. I have maintenance and managed hosting services which include automatic offsite backups. They also included managed updates, a firewall, uptime monitoring, reporting, and more.

Please Share:


Related Articles

Privacy Policy

Welcome to our Privacy Policy, it was last updated on September 21, 2021.

We are Endolyne Technology Services LLC, d.b.a Invouq. Our website address is

You can reach us by email at and via postal mail at:
P.O. Box 47172
Seattle, WA 98146

It is our policy to respect your privacy regarding any information we may collect while operating our website. This Privacy Policy applies to (hereinafter, “us”, “we”, or “”). We respect your privacy and are committed to protecting personally identifiable information you may provide us through the Website. We have adopted this privacy policy (“Privacy Policy”) to explain what information may be collected on our Website, how we use this information, and under what circumstances we may disclose the information to third parties. This Privacy Policy applies only to information we collect through the Website and does not apply to our collection of information from other sources.

This Privacy Policy, together with the Terms of service posted on our Website, set forth the general rules and policies governing your use of our Website. Depending on your activities when visiting our Website, you may be required to agree to additional terms of service.

Website Visitors

Like most website operators, we collect non-personally-identifying information of the sort that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Our purpose in collecting non-personally identifying information is to better understand how our visitors use our website. From time to time, we may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of our Website.

We also collect potentially personally-identifying information like Internet Protocol (IP) addresses for visitors making a purchase, taking a course, opting-in to receive emails, leaving a message, creating an account, and for users leaving comments on blog posts. We only disclose IP addresses under the same circumstances that we use and disclose Personal Data as described below.

Gathering of Personally-Identifying Information (Personal Data)

Certain visitors to our websites choose to interact with us in ways that require us to gather Personal Data. The amount and type of information that we gather depend on the nature of the interaction. For example, we ask visitors to provide their name and email address or process a sale or in exchange for valuable information and resources. We may ask for address information if we need to deliver a physical product to you. You may also voluntarily provide information such as your address in your account area should you choose to do so. Personal Data may include, but is not limited to: Email address, Name, Address, State, Province, ZIP/Postal code, City, Cookies, and Usage Data.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All registered users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Children’s Privacy

Our Service does not address anyone under the age of 18 (“Children”). We do not knowingly collect Personal Data from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using the Personal Data described in this Privacy Policy depends on the data we collect and the specific context in which we collect it.

We may process your Personal Data because:

  • We need to perform a contract with you
  • You have given us permission to do so
  • The processing is in our legitimate interests and it’s not overridden by your rights
  • For payment processing purposes
  • To comply with the law

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your Personal Data. If you wish to be informed of what Personal Data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update or to delete the information we have on you.
  • The right of rectification. You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object. You have the right to object to our processing of your Personal Data.
  • The right of restriction. You have the right to request that we restrict the processing of your personal information.
  • The right to data portability. You have the right to be provided with a copy of your Personal Data in a structured, machine-readable and commonly used format.
  • The right to withdraw consent. You also have the right to withdraw your consent at any time where we relied on your consent to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your Personal Data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

“Do Not Sell My Personal Information” Notice for California consumers under California Consumer Privacy Act (CCPA)

Under the CCPA, California consumers have the right to:

  • Request that a business that collects a consumer’s personal data disclose the categories and specific pieces of personal data that a business has collected about consumers.
  • Request that a business deletes any personal data about the consumer that a business has collected.
  • Request that a business that sells a consumer’s personal data, not sell the consumer’s personal data.

If you make a request, we have 30 days to respond to you. If you would like to exercise any of these rights, please contact us.


We use Google Analytics to monitor and analyze the use of our Service. Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page:

We use the Universal Analytics version of Google Analytics and IP addresses are automatically anonymized under our configuration. Your IP address will be shortened by Google within the European Union or other parties to the Agreement on the European Economic Area prior to transmission to the United States. Only in exceptional cases is the full IP address sent to a Google server in the US and shortened there. Google will use this information on our behalf to evaluate your use of the website, to compile reports on website activity, and to provide other services regarding website activity and Internet usage for us. The IP address transmitted by your browser as part of Google Analytics will not be merged with any other data held by Google.

We use Google Analytics’ enhanced reporting feature. This feature measures page views, scrolls, outbound clicks, site search, video engagement, and file downloads. This collected data cannot be attributed to any specific individual person.

Google Analytics will collect visitation information and associate it with Google information from accounts of signed-in users who have consented to this association for the purpose of ads personalization. This Google information may include end user location, search history, YouTube history, and data from sites that partner with Google—and is used to provide aggregated and anonymized insights into our users’ cross device behaviors.  You can control and edit the data Google captures about your activity here.

We use Google Analytics’ demographic features. This allows reports to be generated containing statements about the age, gender, and interests of site visitors. This data comes from interest-based advertising from Google and third-party visitor data. This collected data cannot be attributed to any specific individual person. You can disable this feature at any time by adjusting the ads settings in your Google account or you can forbid the collection of your data by Google Analytics as described above.

Google reCAPTCHA

We use “Google reCAPTCHA” (hereinafter “reCAPTCHA”) on our website. This service is provided by Google Inc., 1600 Amphitheater Parkway, Mountain View, CA 94043, USA (“Google”). reCAPTCHA is used to check whether the data entered on our website (such as on a contact form) has been entered by a human or by an automated program. To do this, reCAPTCHA analyzes the behavior of the website visitor based on various characteristics. This analysis starts automatically as soon as the website visitor enters the website. For the analysis, reCAPTCHA evaluates various information (e.g. IP address, how long the visitor has been on the website, or mouse movements made by the user). The data collected during the analysis will be forwarded to Google. The reCAPTCHA analyses take place completely in the background. Website visitors are not advised that such an analysis is taking place. We have a legitimate interest in protecting our site from abusive automated crawling and spam. For more information about Google reCAPTCHA and Google’s privacy policy, please visit the following links: and

Google Web Fonts

For a uniform representation of fonts, this page uses web fonts provided by Google. When you open a page, your browser loads the required web fonts into your browser cache to display texts and fonts correctly. For this purpose, your browser has to establish a direct connection to Google servers. Google thus becomes aware that our web page was accessed via your IP address. The use of Google Web fonts is done in the interest of a uniform and attractive presentation of our website. If your browser does not support web fonts, a standard font is used by your computer. Further information about handling user data, can be found at and in Google’s privacy policy at


We provide paid products and/or services and we use third-party services for payment processing (e.g. payment processors). We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information. The payment processors we work with are:


The security of your personal information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.

Links To External Sites

Our Service may contain links to external sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy and Terms of Service of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third party sites, products or services.

Embedded Content From Other Websites

Pages on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

We Use Google AdWords, Facebook, Instagram and Pinterest for Remarketing

We use the remarketing services, and related technologies such as cookies, pixels and web beacons, to advertise on third party websites (including Google, Facebook, Instagram, and Pinterest) to advertise to previous visitors to our site. It could mean that we advertise to previous visitors who haven’t completed a task on our site, for example using the contact form to make an inquiry. This could be in the form of an advertisement on the Google search results page, on Facebook, Instagram, and Pinterest, or a site in the Google Display Network or Facebook Ad Network. Third-party vendors, including Google, Facebook, Instagram, and Pinterest use cookies to serve ads based on someone’s past visits. Of course, any data collected will be used in accordance with our own privacy policy and the privacy policies of Google, Facebook, Instagram, and Pinterest.

You have options to opt-out and set preferences for advertising cookies on this and all websites:

Protection of Certain Personal Data Information

We disclose potentially personally-identifying data and Personal Data only to those of our employees, contractors and affiliated organizations that (i) need to know that information in order to process it on our behalf or to provide services available at our website, and (ii) that have agreed not to disclose it to others. Some of those employees, contractors, and affiliated organizations may be located outside of your home country; by using our website, you consent to the transfer of such information to them. We will not rent or sell potentially personally-identifying data and Personal Data to anyone. Other than to our employees, contractors, and affiliated organizations, as described above, we disclose potentially personally-identifying data and Personal Data only in response to a subpoena, court order or other governmental (e.g. a court, a government agency or a law enforcement agency) request, or when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of us, third parties or the public at large.

Marketing Emails

If you have provided us your email address, we may occasionally send you an email to tell you about new features, solicit your feedback, or just keep you up to date with what’s going on with us and to tell you about our products and services (Marketing Emails). You can unsubscribe from Marketing Emails at any time by using the unsubscribe link included at the bottom of each email message or by contacting us. Data we have stored for other purposes (e.g. email addresses for your account and/or courses) remain unaffected. Your personally-identifying data and Personal Data is shared with MailerLite for this purpose. MailerLite’s privacy policy is located here.

Affiliate Disclosure

This site uses affiliate links and does earn a commission from certain links. This does not affect your purchases or the price you may pay.


To enrich and perfect your online experience, we use “Cookies”, similar technologies and services provided by others to display personalized content, appropriate advertising, to allow our courses, web store and shopping cart to work, and store your preferences on your computer.

A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. We use cookies to help us identify and track visitors, their usage of, and their website access preferences. Any visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using our websites, with the drawback that certain features of our websites may not function properly without the aid of cookies.

By continuing to navigate our website without changing your cookie settings, you hereby acknowledge and agree to our use of cookies.


Those who engage in transactions with us – by purchasing our services or products, are asked to provide additional information, including as necessary the personal and financial information required to process those transactions. In each case, we collect such information only insofar as is necessary or appropriate to fulfill the purpose of the visitor’s interaction with us. We do not disclose personally-identifying information other than as described below. And visitors can always refuse to supply personally-identifying information, with the caveat that it may prevent them from engaging in certain website-related activities.

Business Transfers

If we or substantially all of our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, user information would be one of the assets that are transferred to or acquired by a third party. You acknowledge that such transfers may occur and that any acquirer may continue to use your personal information as set forth in this policy.

Privacy Policy Changes

We may change this Privacy Policy from time to time, and in our sole discretion. We encourage visitors to frequently check this page for any changes to our Privacy Policy. Your continued use of this site after any change in this Privacy Policy will constitute your acceptance of such change.