how to backup your wordpress website

How to Backup Your WordPress Website So You Can Sleep Easy at Night

What should you know about backing up your WordPress install?

  • Big News: You need to be backing up your WordPress site. Groundbreaking stuff, I know.
  • Bigger news: Just installing a plugin to do it might not be enough.

If you’ve spent even a little time thinking about backing up your site, you probably know that there are a plethora of free plugins on that offer to do it for you.

These plugins, however, are often written by amateurs, in their spare time, for free.

Don’t misunderstand me, many of them do exactly what they say they’ll do, just as well as any premium service will.

What I want to impress upon you is that your site’s backup is far too precious to be left to chance – you need to be able to say, without a doubt, the plugin or service you’re using is keeping you covered.

In order for you to find that out, you’ve got to understand a little bit about WordPress, how it works, and which parts are important in case of catastrophe.

Here are the questions I want to answer today:

  • 1
    What do I need to back up to be safe?
  • 2
    What is the safest way to run and store my backups?
  • 3
    How can I sleep easy at night, with the knowledge that my backups are doing what they need to do?

What Do I Need to Backup to Be Safe?

1. Your Files

backup wordpress to computer

Your WordPress install is a pretty massive thing – on average, a WordPress install with a few themes and a plugin or two contains right around one thousand files.

That’s a lot of files.

Most of these files, however, are just the core of WordPress – the stuff you get when you download a fresh install from, or install via Softaculous.

Those files aren’t all that important to back up.

WordPress is designed so that those files won’t change when you install a new theme, or a few new plugins – the core, base set of files that run WordPress are unaffected, and could be replaced with a fresh copy at any time, with no issues. 

So, you can think of it like this: you don’t have to back those files up, because is keeping a backup safe for you.

There are files, however, that are specific to your particular site – like your theme, the plugins you have installed, and any images or other media you’ve uploaded. These files are important to back up, as they contains so much of what makes your site unique.

1. Wp-Content

Fortunately, WordPress keeps all these files tucked away in a single directory – the wp-content directory.

This folder is important to back up, as it contains so much of what makes your site unique. This folder is in the root directory of your site.

A couple of other files that you should back up for the sake of completeness:

2. Wp-Config

backup wordpress without a plugin

Your wp-config file holds the database connection settings for your site.

These are important, but you can probably get them from your host if absolutely necessary – so all is not lost if you don’t have this file.

One important thing to note: If you have set any of the values in the “Authentication Unique Keys” section of your wp-config file, it is quite a bit more important to make sure you back up this file.

If those values change (because you didn’t back up this file, and you don’t remember what they were), your login to the back-end of your blog may stop working...

This isn’t a permanent problem, you can force your way back in if you have access to the database – but that’s a mess, and if you can avoid it, you should.

3. HtAccess

This little gem is a hidden file in the root of your site, which is easily forgotten when downloading or backing up your site.

It’s not a crucial piece, as it can be reconstructed fairly easily – but again, if you can save yourself the time and hassle by just backing this up, do it.

If you’re trying to restore your site, and you’re getting a lot of 404 errors, you probably missed this file.

So that’s that – get all those files backed up, and you’ll be ready to restore your site to it’s former glory in a disaster.

Your Database

The database is a tough idea for some people to wrap their minds around when first getting into working with websites.

Here’s the deal: Your database stores ALL of the data for your wordpress install: Posts, comments, settings, the whole shebang.

Files can be replaced if need be – if you lose your database, you’re likely out of business.

The reason people get tripped up by this idea is this: Your database does not exist in files (complete lie alert: Your database does exist in files, you just don’t have access to them on a shared host).

You can’t FTP in to your site and download your database.

You have to access the database directly in order to back it up, which means either working through your host’s control panel (most hosts have a program called phpMyAdmin which will allow you to export your database), or using a plugin that will do this for you.

To reiterate: Almost everything that makes your site what it is is stored in the database. If you only back up one thing, make it the database. Those files you backed up are useless without it.

If you only back up one thing, make it the database. Those files you backed up are useless without it.

Click to Tweet

What's the Safest Way to Run and Store Your Backups?

When it comes to actually running the backups, you have some choices:

1. Do them  by hand

Based on what you just read, with a little research, you can do this all yourself, by hand.

Just FTP into your site, download the wp-content folder, wp-config.php and .htaccess files, then use phpMyAdmin to download your database, and you’re all set.

Pros: It’s free, and you don’t need to install any software. If you’re comfortable with your own skills, you’ll know it’s done right.

Cons: Are you really going to remember to do this with any regularity?

Let me answer that for you: You aren’t. Here’s a motto to live your life by: Never try to remember things a computer can remember for you.

Added bonus: Never do things a computer can do for you.

2. Use a Plugin

There are a number of free plugins from that will do the whole process for you – just enter set them up, and let them handle the rest.

Pros: Free! Automates and schedules (hopefully) backups. Very little hassle. Did I mention free?

Cons: Decisions still need to be made about where to store backups.

If the plugin is misconfigured, no one is going to be watching to let you know.

Very easy to slip into comfortable complacency, without realizing your plugin isn’t doing what you think it is.

These plugins almost always rely on scheduling functionality built into WordPress, which can be very unreliable depending on your host.

Support for free plugins is slow, if it exists – if there’s a problem, you may be on your own.

3. Use a Service

Generally, this works the same as using a free plugin – but the location and security of the backups is set, and you’ll likely be able to rest easier knowing someone else is worrying about making sure your backups are running properly.

Most notably, VaultPress a service from Automattic has jumped into the ring.


  • Now, someone else has the job of making sure your backups stay safe – and they’ve got some explaining to do if there’s a problem.
  • They’re likely to have a better understanding of what is going on than you are.
  • On average, this is the safest way you can back up if you’re at all concerned about the process.

  • Generally, you’re paying monthly for this type of service.
  • Also, you may be limiting your access to your own backups, depending on the service provider – make sure you know how to get to your backups for a restore if things go wrong.

Verdict: Each method has it’s strong points, but if you’re working on a backup plan to make you sleep easy at night: Don’t do them manually. Whatever your solution, it needs to be automatic.

Where Should I Store my Backups?

Backing up is important, but if you don’t have access to your backups, it’s useless. Choosing where to store your backups is just as important as choosing to back up. Here are some options:

1. On your server:

Often, backup plugins will opt to store the backups on your server, along with the rest of your files.

Given that one of the biggest reasons you’re backing up is to save your site in case something goes wrong with your host, this is arguably the worst place to store them.

If your site disappears, your backups will too.

Furthermore – depending on the backup plugin you’re using, it might be possible for a hacker to guess the filename, and download your backup from wherever you have it saved.

The problem?

If the backup contains your wp-config file (as I suggested it should), he now has a database username and password. Depending on your host setup, this might be harmless, or it could be catastrophic – don’t risk it.

2. On Your Desktop Computer

Downloading your backups to your desktop computer is significantly better than just leaving them on the server – at least now you know if your server goes down, you’ll still have your backups.

However, downloading backups usually means you have to download them manually – There’s no practical way for a plugin running on your site to push a download directly to your computer on a schedule.

3. Sent to Your Email

backing up wordpress

Now your backups are off site, and they can be scheduled again, because an email can be sent on a schedule without issue.

However – do you really want backups clogging up your inbox?

Even with the generous email providers we see today, you DO have a limit on your storage – and if you’re spending an mb or 2 per site per day, you’re running on borrowed time.

4. Sent to A Secure Storage Service

backup wordpress to computer

Services like Amazon S3, Dropbox, and others are designed to be secure, reliable storage that lives online – so you get your backups offsite, preventing backup loss if your host burns down.

You can schedule the backups, as files can be sent to these services at any time from your site (via a plugin or custom code), and you don’t have to worry about your email provider kicking you out.

The only problem here is price – these services usually aren’t free (although some are free to a certain point).

5. Use a Specialized Service

backup wordpress

Generally, a backup service provider will either have their own storage service, or they’ll use a big name one like Amazon S3.

Again, the only downside here is that it’s generally not free.

This one is a no brainer.

If you’re going to be responsible and back up, save those backups to a place that are designed to handle them – either a service provider, or a storage service like Amazon S3 or Dropbox. 

Many free plugins will back up to a service like this for you.

How Do I Sleep Easy At Night?

Now you know how to back up, and you know where to save your backups – you’re all set, right?

Here’s how to take the extra step so you can sleep smugly, laughing in hte face of any disaster you can dream up: Test your backups.

Test my what now?

Unfortunately, this isn’t always an easy proposition. Testing your backups requires you to have easy access to a WordPress install that you can play with, and break, if necessary – so that rules out your normal site.

The best way to do this is to set up a local server using a program like Mamp (for Mac) or Xampp (for Windows), install wordpress, and then restore your backups onto that install to make sure they’re working.

There’s a little more to this than I have the space to explain in this post, but it is possible (and shouldn’t be too tricky) – so keep at it, you should be able to figure it out.

And now I’m safe?

And now you’re safe. Happy backing up!

Leave a Comment