How to back up a WordPress site?

Published Estimated reading time: 22 minutes

Performing regular backups is crucial to WordPress security and critical to your business. A WordPress website is a complex environment, and website backups and restores are complicated procedures for an inexperienced user. 

This article will teach you how to back up a WordPress site, what backup is, and manual and automatic backups.

Image to the article "Why are WordPress Backups Important?"

WordPress Backup key takeaways:

  • Performing regular backups is crucial to WordPress security and critical to your business.
  • WordPress website is a complex environment, and website backups and restores are complicated procedures for an inexperienced user. 
  • If you don’t have a recent WordPress backup, you risk losing all of your content, media, and settings if something goes wrong.
  • Backing up your WordPress site regularly ensures that you can always retrieve a working copy of your website if something goes wrong. It’s also a good idea to keep backups.


What is a backup?

In information technology, a backup or data backup is a copy of computer data taken and stored elsewhere. You can use this to restore the original after a data-loss event. WordPress backup is a data backup copy of all files and databases.

WordPress websites collect data daily, which you rely on when conducting business and engaging with customers. You must consistently make copies of your website in case things go wrong. Regular backups are vital insurance against a data-loss catastrophe.

The most common risks of website data loss are:

  • Broken authentication & broken access control
  • Website breakdown and downtime due to software failure
  • Infection or malware
  • Hosting server crash due to defect or natural disaster
  • Website hacks, injection flaws (PHP injections), Cross-Site Scripting (XSS), brute-force attacks, DDoS, and other external threats
  • Insider threat (malicious or by mistake)
  • Unsuccessful updates
  • Website migration (as a risk factor)

For example, protecting crucial assets is critical from a business perspective, such as e-commerce websites. Making regularly scheduled backups of your website is one of the tasks associated with website maintenance.

Why are WordPress backups important?

Backups allow you to resume business quickly whenever your website has a problem. 

  • If your WordPress website is hacked, you can use a backup to restore it to a previous, uninfected state.
  • If your WordPress website breaks down or has an error, you can use a backup to restore it to a working state.
  • If you make changes to your WordPress website that you later regret, you can use a backup to restore the previous state.

Prevent the loss of income

These days, a downed website can mean a significant loss of income, loss of customers and transaction data, or even a drop in search rankings. Some studies have shown the cost of a website’s downtime and vary from $4000 to $ 10,000 in lost revenue per minute. For small e-commerce websites, the cost can easily be $3000 – $5000 per day.

With these numbers, a 3-5 day website breakdown can lead to a loss of up to $25,000 in revenue. These calculations assume that the website will eventually be restored, and downtime only results in a short business interruption.

The worst-case scenario, however, is less pleasant. This is when all data is lost, which can be disastrous for a business. While rebuilding a website with products and other assets is possible, it is much harder to rebuild all customers, transactions and other instances.

Prevent the loss of SEO rankings

Another threat is the loss of search rankings. When your website is down, the process of de-indexing starts and users attempting to reach the website generate 404 errors. If somebody hacks your website, you lose control, and it can be used as a spam server to send infected or spammy messages.

After a hack/spam attack, bots add your website/domain name to blacklists. The recovery from this process is long, and the results are uncertain. When your website can be put on a blacklist, search engines will expel your site from its ranking, and it can lose almost 95% of its organic traffic. This will again impact revenue.

Restoring your website to a previous, uncorrupted version is easy with a proper backup. As a result, businesses won’t have to suffer if you suddenly lose your website. Even if your website is hacked, you can easily set up new hosting, restore your website (cleaned from malware or viruses and secured), and redirect the domain to a new server.

Saving time by spending time.

Developing a solid backup plan requires time and money, but the cost is far less than the long work of recreating data that hasn’t been backed up. 

According to a study by Symantec in 2016, the average cost of data loss was $7.01 million per company. In addition, the time needed to recover lost data averaged 23 days.

The takeaway is that you should never underestimate the importance of making backups, even if it requires time and money.

What is a WordPress backup?

WordPress website backup is an essential part of website maintenance and security. It is a backup of all files and databases associated with a WordPress site. This backup can restore the original site in case of data loss or damage.

Backing up your WordPress website allows you to protect your data, migrate your site to a new host or platform, and quickly restore lost or damaged data without losing any content. Creating regular backups is essential for website owners who want to ensure their data is secure.

What does a standard WordPress backup include?

  • Core files (PHP, JavaScript, CSS and other code files)
  • Plugins
  • Themes
  • Media files (images, videos, audio, etc.)
  • WordPress Database

What do website backups do?

A website backup creates a complete copy of your WordPress files and WordPress database.

You can restore your website to the point/date the last backup was made. You will lose any changes made from your last backup to the present time. Only Real-time Backups, CDP (Continuous Data Protection), or Near-CDP backups allow you to have a continuous backup of data flow.

Frequent backups are critical in a website risk management process. The frequency of your backups should be based on how often your website changes, from daily backups for the daily changing websites to monthly backups for the business page, which is only an electronic business card. A good practice is to make a website backup after every significant change to your site. You must also create a backup before a website or plugin update (or upgrade), except if it has been deployed and tested on a staging server. 

My hosting already does backups. Why do I need to do it? 

Many WordPress hosts provide site backup as part of their service and often an automatic backup schedule (e.g. cPanel backup, web host backup etc.). However, relying on an organisation with no vested interest in your company or business is not recommended. Even the biggest hosting providers can have catastrophic failures where they lose all their data, sometimes irrecoverably due to a natural disaster or fire.

Read the story about the OVH server room fire.

Fire in the server room
A fire in the data centre server room (OVH) caused downtime for many websites. Some of the companies lost data because of poor backups located in the one place. (photo:

Hosting companies have limited resources for storing backups. They may only keep one or two versions of your website for days, weeks, or months.

Reasons you shouldn’t use hosting for your backups include:

  • No guarantee that you will restore your website (check your hosting T&C)
  • Most hosting providers deny any responsibility for backups of your website
  • The process and quality of backups are out of your control
  • You can’t set up an individual frequency of backups
  • You don’t have a backup on demand (e.g. after a significant change on the website)
  • Hosting level backups (agreement) are costly 
  • Hosting backups usually have limited functionality
  • The host is doing backups using your storage space, which means you have a live website and backup files in the same place.
  • You are losing independence; you already depend enough on your hosting provider as it is.

It’s good to take a closer look at the terms and conditions of your hosting platform. Backups are usually a complimentary service on shared hosting.

How to make backups?

There are a few ways to ensure good quality and up-to-date WordPress backups. Evaluate the methods below to determine which is right for your business.

Hosting Provider

Most shared hosting providers create backups of your website as part of their service. As discussed, that strategy comes with risks. You can always download the zip files to your computer to reduce the risk of hazards. You can consider using web host backups only when it is an additional service and personalised to your needs.

Manual Backups

You can perform manual backups using different tools. It can be:

  • FTP client and phpMyAdmin
  • Hosting management panel (cPanel, DirectAdmin, Plesk, vDesk, Ensim, Ferozo)

You must understand how WordPress’s manual backup process works to perform manual backups successfully. 

How to back up WordPress manually?

Manually backing up your WordPress site is a simple process, and it can take a few minutes to a few hours, depending on the website’s size and internet connection. You need to prepare:

  • access to your hosting account
  • access to the website FTP (File Transfer Protocol)
  • free space on your computer or external drive

To back up your site manually, you will need to use an FTP client to connect to your web host and download the contents of the directory containing all your WordPress files.

First, you will need to locate the root directory of your website in the file manager of your web hosting service. Then, you must back up all folders and files manually from the root directory. Backuping all files is the best way to do it because you don’t know what files were changed.

The second very important part of this process is WordPress database backup. You can do it from the hosting management panel or FTP. You can use phpMyAdmin or another tool to do it.

Once you manually back your WordPress site files and site database, store a copy on an external drive or cloud service.

WordPress backup plugins, tools and automation.

WordPress backup plugin can help you handle your website backups. These usually work on the site level. If you are an advanced user, you can perform a backup at the server level using Cron tasks and scripts. This is a better solution that doesn’t burden your website performance, but you need to have sufficient server resources.

Examples of popular WordPress backup plugins:


BackWPup is a WordPress plugin that backs up your entire site and stores it on an external service. This way, you can easily restore any website version with just one click!

The backup plugin BackWPup can save your complete installation, including /wp-content/, and push them to an external Backup Service, like Dropbox, S3, FTP and many more. With a single file, you can easily restore an installation.  

With the help of a simple-to-use WordPress backup plugin, you can ensure that your site is always secure and available when needed. This backup plugin has more than 700,000 active installations.

BackWPup logo,

Some of the features of the BackWPup plugin include

  • backup of database and files
  • backup of your entire WordPress installation
  • backup to Dropbox, S3, Google Drive, and more
  • email notification of backup results
  • backup schedule
  • restore a backup from BackWPup Dashboard

UpdraftPlus WordPress backup plugin

UpdraftPlus is the world’s most popular backup plugin, with over 3 million currently-active installs. It simplifies backups and restoration of your WordPress site in just one click!

UpdraftPlus allows you to schedule backups easily and makes restoring your site easy. It has over one million active installs and simplifies the process of backing up WordPress posts, pages and assets, and entire websites with its intuitive user interface for beginners and experts alike!

UpdraftPlus logo

The best way to protect your data is by backing it up and getting access through an account with one or more cloud providers. UpdraftPlus WordPress backup plugin has many options, including Dropbox, Google Drive, Amazon S3 (or compatible), UpdraftVault Rackspace Cloud FTP DreamObjects OpenStack Swift, Microsoft OneDrive SFTP SCP WebDAV Azure BC2 etc. The paid version also allows you to back up to Microsoft OneDrive, Microsoft Azure, Google Cloud Storage, Backblaze B2, SFTP, SCP, and WebDAV.


BackupBuddy is a paid backup plugin from iThemes. It is designed to simplify backups and restoration of WordPress sites. BackupBuddy includes easy migration tools to move WordPress sites to new domains or hosts.

BackupBuddy logo –

Jetpack Backups

Jetpack is a plugin from that includes backup functionality. This feature is available to paid subscribers only.


BackUpWordPress will back up your entire WordPress site on a schedule that suits you, including your database and files. BackUpWordPress is a free and easy way to back up your website without hassle. It’s also under new ownership, so we will provide support for all of you Backup Word Press lovers!

Percona XtraBackup

Percona XtraBackup is an open-source backup utility for MySQL databases that performs non-blocking backups while the system runs.

Percona logo


BlogVault is a backup plugin that backs up your entire WordPress site, including your database and files. It offers both real-time and scheduled backups.

BlogVault logo

Other backup plugins

There’s a long list of plugins; you can check it on the website.

What to do after backup a WordPress site?

After creating a backup, you need to download files from your hosting server and save them in one of the off-site data repositories. Some WordPress backup plugins can integrate with cloud storage for off-site backups. Free plugins and paid pro versions are available.

For external tools, you need to follow the user’s manual. Some of the services have paid pro versions.

Use a WordPress-managed service.

Backups can often be a low priority when you’re busy running a company, and it’s easy to forget to do them regularly. Large backup repositories can also become hard to manage when you constantly rotate old backups to make space for new files. 

Managed WordPress services can automate the entire site backup process, so you can always access a working WordPress installation if disaster strikes. Another advantage of a WordPress maintenance service is that your files are stored off-site, which means they are safe if your host’s backups get destroyed or corrupted.  

What are the types of backups?

  • Incremental backup creates a copy of only the data and files that have changed since the previous backup. Incremental backups can save your disk space because they usually need less disc space.
  • Differential Backup captures the changes since the last full backup. 

Differential backups comprise data files that have changed since the most recently completed full backup. Incremental backups comprise data files that have changed since the most recently completed incremental backup.

  • The full backup is a complete copy of your WordPress site, including the database, core files, themes, plugins, posts, pages, and all media on your site.
  • Real-time Backups for WooCommerce (CDP or Near-CDP backups)
  • Encrypted backups are backup files that have been encrypted with a special code. This code ensures that only the intended recipient can access the backup and view its contents. The backup encryption process creates a unique public/private key pair for encrypting and decrypting backup files. The backup file is then encrypted with this key and stored securely on cloud services.

How often you should back up your website depends on how often you make changes to the site. A small business collecting user data through an e-commerce site with tens or hundreds of daily transactions would benefit from daily backups. For big websites, e.g. popular magazines, news and other frequently published portals, daily backups will be a must.

If you update the site once or twice a week, then the frequency of your backups will be as often as your website changes. Backups that keep your website’s daily, weekly, and monthly versions guarantee you can restore your website without any data loss. 

Can backups be automated?

You can set up automatic scheduled backups. Cron tasks and scripts can automate your backup procedure from the server side. They consume your server resources. You should check with your hosting provider to see how often you can schedule cron tasks.

Some of the WordPress plugins also have inbuilt automation capabilities. Automation is a great timesaver, but it is good practice to check it periodically to ensure everything is working correctly.

How good is your backup?

Backup is as good as you can restore it. If you can’t restore it, it’s not a good backup.

Your backup strategy is critical to your ability to recover from data loss. A good backup plan will ensure you can get your data back in case of system failure or corruption.

There are many ways to back up your data; your best method will depend on your needs. However, all effective backup plans have one thing in common: they allow you to recover your data in the event of a loss.

If you don’t have a backup plan, now is the time to create one. Protect yourself from data loss by ensuring that you can always recover your most important information.

When was the last time you tested your recovery? 

If you can’t remember, it’s been too long. Ensure your backup plan is effective by regularly testing your ability to recover data. This will help you avoid surprises and ensure you can always get your information back.

There are many ways to back up your data; your best method will depend on your needs. However, all effective backup plans have one thing in common: they allow you to recover your data in the event of a loss.

Where and how to store backups?

A backup file (or files) must be saved in independent and different locations than your hosting account to be unaffected by your site. Plugins that store backups on the client’s web server reduce the storage space and expose backups to external threats.

The best practice for securing backups is to keep them in at least three different and independent locations. You can consider the following locations:

  • Hard disks
  • Solid State Drives (SSDs)
  • Optical storage 
  • Remote backup service – cloud storage services

The more locations you have for storing your backups off-site, your website will be

Website backup management.

Plan your backup strategy. Develop a written backup plan that tells you:

  • What should you back up
  • Where will you store backups
  • What is the backup frequency (daily backups, weekly backups, monthly backups etc…)
  • Who’s in charge of performing backups
  • Who is in charge of monitoring and testing backups

Compliance security of backup data.

Data compliance ensures that sensitive data is organised and managed in a way that allows organisations to meet enterprise business rules and legal and governmental regulations. Check your local country or state rules in terms of data compliance.

Backup checks and testing.

Manual WordPress backup testing needs a staging environment. This is to create a fully functioning duplicate of your site that can be tested extensively to ensure everything works well. 

Companies that use a staging environment can also use it to test backups.

It’s also essential to perform malware checks on your backups to be 100% sure that files are free from infection. 

Key takeaways for website owners.

Performing regular WordPress backups is crucial to website security and critical to your business. A WordPress site is a complex environment, and website backups and restores are complicated procedures for an inexperienced user. 

If you don’t have the technical expertise to perform these tasks, we recommend seeking professional help.

Managed WordPress backup providers offer regular backups and can restore your website if it’s hacked or crashes. Selecting a quality WordPress hosting provider is essential to securing your website.

We mentioned before that “Saving time by spending time” and developing a solid backup plan require time and money. This cost is far less than the long work of recreating data after a website disaster. 

If you’re an inexperienced user and don’t have a team of dedicated specialists, we strongly advise engaging our WordPress website care plans to perform this crucial task for your business.

Frequently asked questions about WordPress backups.

What is the best way to back up WordPress?

The best way to back up WordPress is to use a backup plugin. Backup plugins are designed specifically for WordPress sites and are the most efficient and secure way to back up files. Popular backup plugins include UpdraftPlus and BackWPup, which offer backup scheduling, backup to Dropbox, S3, Google Drive, FTP and more, backup before updating WordPress or plugins, and easy migration of a WordPress site to a new host.
Regardless of your backup plugin, it is important to back up your site regularly and store backup copies on an external drive or cloud service. Doing so will ensure that you always have a backup in case something goes wrong, or your website is hacked.

How do I back up my WordPress site without plugins?

In the paragraph above, we described how to create manual backups. You need to remember that essential for the manual backup quality is to copy/download WordPress core files, media and any other files from the root directory and WordPress database.

How do I automate a WordPress backup?

Automating a WordPress site backup is easy but essential for keeping your data safe and secure. Most backup plugins available will allow you to schedule automated backups so that they are taken regularly without you needing to take a backup manually every time. With UpdraftPlus, for example, you can choose the backup frequency you want (daily, weekly or monthly), where to save the backup (such as Dropbox, Google Drive or FTP) and even set up email notifications when the backup is complete.
BackWPup also supports automated backup scheduling and includes options such as creating backup archives in different formats (zip, tar, tar.gz), saving files on external services like Amazon S3 and Rackspace Cloud, and setting up notifications via email when the backup finishes.
When it comes to automating backups of your WordPress site, setting up a plugin like UpdraftPlus or BackWPup is an easy and efficient way to ensure that all data is always backed up and stored safely. Additionally, both plugins include features such as database optimization and repair, which can help improve the performance of your website over time.

How often should you back up the WordPress site?

Scenario 1 for a Blog: A blog should be backed up regularly to ensure its content is secure. Depending on the frequency and size of posts, the backup frequency can range from daily to weekly. For example, a daily backup may be necessary if the blog is regularly updated with small posts or images. On the other hand, if blog posts are less frequent and contain large files such as videos or PDFs, then a weekly backup may suffice. It is important to note that an immediate backup should be taken if any changes are made to the website’s code, such as updating plugins or themes.
Scenario 2 for a Company Website: The backup frequency for a company website will depend largely on how often it is updated and how critical it is to keep any changes secure. If frequent updates are made with minor changes, then it would be best practice to have backups taken at least twice per week and more often during peak times of website activity. However, if bigger changes are being made, such as adding new features or functionality that need to stay secure, then daily backups should be taken and stored in an external drive or cloud service.
Scenario 3 for an e-Commerce Online Store: An e-commerce online store needs more frequent backup than regular websites because customers’ information is always protected. Therefore, backup frequency should happen every day and perhaps multiple times during peak activity periods, especially when sales transactions occur. Additionally, businesses should consider additional backup methods, such as keeping records offsite or using third-party backup services to restore their site quickly if something happens unexpectedly.

What is the best WordPress backup plugin?

There’s no one answer to this question. It always depends on the specific website and other resources. Testing a few plugins on a staging environment and checking the results is a good way. A quick and full backup restore is one of the most desired outcomes for the website owner.

Related Articles

how to disable comments in WordPress

How to disable comments in WordPress?

Published Estimated reading time: 3 minutes

Good and bad reasons to disable comments in WordPress WordPress comment systems can be beneficial as they let people leave reviews of your posts, which is a vital way to improve audience engagement. However, commenting is not a mandatory feature…

Image of a schedule of WordPress accessibility day 2023

WordPress Accessibility Day 2023 

Published Estimated reading time: 3 minutes

A Global Event for Inclusive Web Experiences WordPress Accessibility Day is a global event that brings together developers, designers, content creators and users worldwide to promote and learn about website accessibility best practices. This 24-hour event, initially started in 2020…