How to Back Up WordPress Files and Databases

Doing frequent backups of your WordPress website files and database is critical to your job as the owner of your website. This ensures the security and life of your blog. If you want to maintain high rankings and traffic consistently in Google and other search engines, doing frequent backups is an SEO secret implemented by the most successful bloggers using WordPress.

The Importance of Doing Frequent Backups

Suppose your website is hacked. The hacker might deface your site and delete some of your precious online files. If you did not perform regular backups, you’ll find it very hard to start all over again; in some cases, it may even be impossible to replicate the site exactly as it was before.

Another possible scenario is that you accidentally delete some of your files, or even a database. This can damage the normal operation of your website. If you do not have a backup for the deleted file, it is  impossible to restore it.

You might know there are a lot of backup solutions for WordPress. Some take a plugin-based approach, while some are commercially-based solutions that require a monthly fee. It is also common to back up WordPress “manually,” without the use of automated and commercially-based solutions.

A good example of a commercial approach to doing backups and protecting your site is The basic plan is around $15 per month; if you can afford it, it is nice to use. But most bloggers using WordPress find it a little expensive, especially when they’re just starting out. 

A plugin-based solution also looks nice. However, the risk is that WordPress keeps updating, while some plug-ins are no longer upgraded and tested to keep up with the blogging platform’s latest version. As a result, the plug-in might not work; it might have some incompatibility issues with WordPress, or even introduce some security-related issues.

On the other hand, the most common backup method adopted by most bloggers (including beginners) is to simply download the entire WordPress website to their local computer using FTP, and download the WordPress MySQL database using FTP and PhpMyAdmin.

The down side is that your entire website can get pretty big, and it takes a long time to download and complete the backup. A glitch in your FTP connection/server can cause you to miss a lot of important files in the downloading process.

Downloading the WordPress database and important files such as wp-config.php using FTP is not a secure solution. Your traffic is not encrypted, and your sensitive information (such as passwords) might get compromised somewhere between your server and your computer.

The use of phpMyAdmin using the HTTP protocol is also not entirely secure, since the traffic is not encrypted. If security is of importance, you should use the HTTPS protocol for your phpMyAdmin, or download your database using secure shell (SSH).

This tutorial was written for beginning bloggers looking for free, secure and non-plugin-based solutions for doing WordPress backups.

Back up your WordPress files

A common mistake in doing backups is to download the entire WordPress website, including the WordPress core files. This is an inefficient approach, and is not recommended.

There are two types of files in your WordPress website. The first type is WordPress core files, while the second type is your personal and customized WordPress files.

The WordPress core files are the files provided by WordPress. If you are confused as to which ones are the core files, simply go to this page: , download the WordPress package, unzip and see the files.

Bear in mind, though, that wp-content is not considered one of the WordPress core directories because most of the owner’s personal files are saved to this directory (plugins, themes, uploads, etc).

Your personal and customized WordPress files are the files maintained and created by you. These files are the following:

  • .htaccess

  • wp-content directory

  • robots.txt

  • Your other website files and directories created by you, except for the core WordPress files.

To have an efficient backup system, you must regularly back up only your personal and customized WordPress-related files. You can schedule either weekly or monthly backups. The actual steps are as follows:

1. Use SSH in uploading/downloading files. Most paid hosting accounts include this feature for free. So you need to enable this first in your hosting account. You can enable this using SSH Manager:

Your SSH username, password and hostname is most likely the same as your FTP login credentials, although for some hosting companies, they may not be the same.

2. Use an SSH client such as Filezilla: Depending on your  hosting provider, most SSH connections require Port 22 and SFTP-SSH File Transfer protocol under “Servertype.”

Below is the site manager configuration of Filezilla recommended for using SSH:

It is advised that you use “Ask for password” so that Filezilla will not store your passwords in your unencrypted hard drive.

If you find it inefficient to enter your SSH password every time you log in, there is another secure approach, for Windows users.

First, create a TrueCrypt container. A 4 GB NTFS container is fine. It is very easy to create a TrueCrypt container in Windows; just follow the steps in this tutorial

Second, use the portable Filezilla version: This is a standalone version of Filezilla, and does not need to be installed.

Copy the portable Filezilla version to be inside the encrypted TrueCrypt container.

Finally, launch the portable Filezilla to automatically connect to your SSH server without asking you to re-type the password; under “Logontype,” choose Normal.

In this way, Filezilla will store your passwords in an encrypted section of your disk.

3. Download the following files to your local computer (you can also download these files to your TrueCrypt container):

  • .htaccess

  • wp-content directory

  • robots.txt

  • The other website files and directories created by you, except the core WordPress files.

Do NOT include the WordPress core files in your backup.

{mospagebreak title=Back up your WordPress database}

A number of database backup solutions exist for WordPress. One of the free, secure and efficient ways you can periodically backup your WordPress MySQL database involves using PHP. The PHP script is executed periodically — either weekly or monthly, depending on your setting — using your hosting cron.

Once the PHP script executes, it dumps your WordPress MySQL database into a secure location on your server. This is usually situated above the webroot, since this cannot be accessed by a browser or the public. More details about this will be discussed later.

Here are the detailed steps you must take to efficiently back up your WordPress database.

1. Download this WordPress database backup script:

2. Unzip the package. What you should see is a folder named wordpressmysqlbackup, with two files inside it: wordpressbackup.php and .htaccess.

3. Open the wordpressbackup.php using your favorite PHP editor.

4. Scroll down until you see these lines:

$usernamewordpress = "Your WordPress MySQL database username";
$passwordwordpress = "Your WordPress MySQL database password";
$hostnamewordpress = "Your WordPress MySQL hostname";
$databasewordpress = "Your WordPress MySQL database name";

Replace the above values of the PHP variable with your WordPress MySQL database  credentials.

If you would like to back up another MySQL database in your server, aside from your WordPress database, then uncomment these lines (by removing the “//” before the variable):

//$username1 = "MySQL database username1";
//$password1 = "MySQL database password1";
//$hostname1 = "MySQL database hostname1";
//$database1 = "MySQL database name1";

5. Next, find this line:

$full_serverpath_to_backup= ‘/this/is/the/full_server_path_to/your/wordpressmysqlbackup/’;

You need to define the correct path to your wordpressmysqlbackup folder in your server. This path SHOULD be ABOVE your normal WordPress files and the webroot files.

A correct example path for the wordpressmysqlbackup folder is shown below:

You will notice that the wordpressmysqlbackup folder is located in this path:


This is because it is under the main “home” directory in your Linux server. So the correct $full_serverpath_to_backup will be:

$full_serverpath_to_backup= ‘/home/wordpressmysqlbackup/’;

Also, based on the website file structure screen shot, the wordpressmysqlbackup folder is placed ABOVE the main webroot files, where your normal WordPress files are located.

In the above example, the main WordPress files are inside the www web root folder.

6. Find this line in the wordpressmysqlbackup.php:


This defines after how many days you wish to delete the old database backup in your server. The most recommended rule is that this number is one less than the cron interval settings.

Example: If you set your cron to run weekly (7 days), then you should set:

$deleteolddatabase_in_days =6

So if you set the cron to make database backups every two weeks (14 days), then set the variable to 13 days:

$deleteolddatabase_in_days =13

This method can prevent your server from being clogged with old database backups.

7. Upload the wordpressmysqlbackup folder (containing wordpressmysqlbackup.php and .htaccess) to the path defined by $full_serverpath_to_backup variable. Use your SSH client to upload files.

Set the following file permissions:

  • wordpressmysqlbackup folder =755
  • wordpressmysqlbackup.php =755
  • .htaccess = 644

You can use an SSH client such as Filezilla to set file permissions (done by right clicking on the file/folder, and then clicking “File permissions”).

In the second part of this tutorial, you will learn how to configure your hosting cron to execute this PHP script, and how to test your WordPress backups. You will need the following to run this PHP WordPress database backup script:

  1. Apache server

  2. Linux/Unix compatible server

  3. At least PHP 5

  4. At least MySQL database 5

  5. Any WordPress version (latest version recommended for best security)
[gp-comments width="770" linklove="off" ]

chat sex hikayeleri Ensest hikaye