Many people rely on web hosts for their WordPress backup. Is this a good practice, and are HostGator backups any good?

We believe secure backups which are completely independent of your web host is a must for all who host websites. Otherwise, you may find that your backups are lost along with your website. In this case of WordPress users having a strong backup solution is important.

Backups are usually judged by how easy they are to restore, and how little burden they put on your labour or resources to make, store, and secure them. How do HostGator backups measure up on these points?


A screenshot of HostGator's pricing for WordPress websites A screenshot of HostGator's pricing for WordPress website hosting
A screenshot of HostGator’s pricing for WordPress website hosting


HostGator Backups: What do you get?

Frequency: Only once a week

HostGator creates backups of your site once every week. However, this is done on a random day of the week. There is no fixed day or time when your site(s) are backed up each week.

Ideally, we believe that automatic backups must be done daily. If it is automated then even better.

Storage: Only one copy of backup

Only one copy of backup is stored by HostGator. Each new round of backups overwrites the previous one. If you have a problem with your site, then chances are that the latest backup will also have the same problems. Restoring from that version may not be the best solution.

Ideally, multiple copies of backups need to stored. as part of backup best practices suggests that at least three copies of a backup must be maintained in three different off-site locations.


Your account is only eligible for automatic backups if it has less than 100,00 files and is less than 20GB. If you exceed this limit then your website will not be backed up automatically. You can only generate manual backups using the Create Backup tool in the cPanel dashboard; that too up to 150,000 files. If your site(s) has more than 150,000 files then HostGator recommends that you contact them for assistance. This means that even if you take up the responsibility of backing up your site regularly and maintaining the backups yourself, you might run into a lot of issues with processes.


A screenshot of the limits on file size, and number on HostGator's backup
A screenshot of the limits on file size, and number on HostGator’s backup

You can track your usage (number of files and size) in your cPanel dashboard. It shows up in a bar on the left side of your cPanel dashboard. If you exceed the size or number of files limit, then HostGator recommends that you contact them for assistance.

Ideally, there must be an easy option to track if the backups are being done and notification system for the same must be reliable.

Backup Access- Timeline

If your account is suspended less than a week after the last backup then you may have access to your backups. If it has been more than a week after the last backup then the latest round of backups will overwrite your previous backup.

How to Restore from a HostGator Backup?

Restoring a full backup is not possible through the cPanel interface. It must be done by a root user for the server. For this is you have to fill in a Restoration Request form. Partial restoration of individual tables or files can be done. In the latter case, you can restore the files or database from the cPanel by choosing the Backup Wizard option.

If you plan to use the backup of HostGator then you must pay a fee of $15. This fee is waived only if you provide your own files for backup.

Ideally, restorations have to be easier especially if you are for restoring full backups. Best WordPress backup services not only offer one-click restorations but also give you granular control over restoring individual files and tables; with greater ease. For more information on this check the ‘restoration’ section of the review below.


HostGator Backup Review: Is it worth the risk?

While those are the claims, here are a few cons we noticed when trying HostGator’s backups:

If you have not regularly logged into your cPanel and tracked your files and websites’ size to make sure that they have not exceeded the limit, then chances are that automatic backups may not have happened. If you haven’t downloaded backups too, then you may have no backups at all.

Backups are not Independent of Your Web Host

Another important point is that the backups are not independent of your web host at all. At BlogVault, this is a major red flag for us. After all, if you leave the key to your bank’s safety deposit box at home then you might as well leave the valuables at home too.

Lagging Notifications

In the case you exceed the file limit for automatic backups, (like we did) then you can always delete some files to get under limit using the File Manager tool. However, the next time we logged in to the cPanel we still got ‘Backup Skipped’ notification- mentioning that our site was not only not being backed up, but asking us to reduce the number of files as well.


Even when the number of files is within the permitted limit, HostGator asks to delete files for them to be backed up, or to use CodeGuard instead
Even when the number of files is within the permitted limit, HostGator asks to delete files for them to be backed up, or to use CodeGuard instead

A relatively smaller hassle is that even if the number of files in your account is under the HostGator limit for automatic backups and you generate a full backup, the email notification (alerting you to the fact that the backup is ready to be downloaded) takes a while to arrive or sometimes you don’t get it at all. This doesn’t always mean that backups aren’t done. Sometimes the backup is done, but you just don’t get an email. Again you have to stay logged in and track when the backups have finished and download them.

Restoring Can Be Difficult

When the time for restoring your site comes, you have to sift through files and tables of all the domains and subdomains under your one account and pinpoint the files you want to restore. This can be a tedious process.

Especially since you can only restore for free if you have downloaded and stored your backups. Storage and security of backups then become your headache. Otherwise, you have to pay the web hosting service each time you need a restoration; regardless of whether you want to restore a specific file or the entire site.

Considering that WordPress backup services like BlogVault allow for one-click restores, one-click migrations; and even to test backups before you restore your WordPress site, do you really want to go through all the hassle in HostGator’s cPanel?

One WordPress Backup Copy

Having only one backup of your WordPress site’s most recent version means that if you run into a problem today chances are that your backup to has that problem. We are referring to issues with hackers or malware.

Working closely with WordPress backups and security for over five years now, we have learned that many hacks and malware attacks are carried out a lot more subtle than shown on TV shows. The result is that most WordPress site owners don’t even know that they have hacked for months. In most cases, the problem generally surface long after it started.

Note: For their part HostGator is upfront in warning you about the backup service they provide. They clarify that the service is offered as a courtesy and that users must not rely on them.

Customer Support

With HostGator, starting a live chat took anywhere between 20-30 mins at least. So if you’re looking for a quick fix for an issue it might not be possible.



Not only are the backups random but you don’t have granular control- you can’t download specific files, or files of a particular subdomain.

Apart from this notification for skipped backups or manual backups are weak, in the sense that you don’t have reliable email notification. You are expected to login to the cPanel to keep track.

HostGator's features at a glance
HostGator’s features at a glance

* Cost includes web hosting and backups

The only use backups have is for restoring your site. If you have to pay to use your backup then, especially when you cannot keep track of the backups or their functionality, then it is an issue that needs to be addressed.

There is also no way for you to test if your backups are working. It is best to heed HostGator’s warning to not rely on their backups. You might as well plan to manually make backups of your WordPress site, store and secure it. Or, subscribe to a professional WordPress backup service.


When you’re venturing into the world of WordPress, one of the few things you come across, is the issue of your WordPress website’s security.

Making your WordPress site secure, is a lot like adding reinforcements to a fort. You fortify the walls, add security measures to points of entry, and add strength to the sentry. It’s no wonder that ‘hardening’ your WordPress is probably a phrase you’ve seen a lot.

Reinforcements to cybersecurity should never be taken lightly.  Exploring every option available is an important step to safeguarding your WordPress site.

One of the security measures you can’t get past, when doing your research, would be ‘WordPress Firewalls’.

Since firewalls have been around just as long as the antivirus software for Personal Computer security, the search results you end up with might be confusing, to say the least. This is because there are different types of firewalls, depending on a number of various criteria, including where they’re deployed.

This is why we thought of helping out, by coming up with a beginner’s guide to firewalls, and WordPress firewalls. Obviously this is going to be a long project, so we’re going to break it down into parts. This part of the series is going to give you an introduction to firewalls, WordPress firewalls, what they protect you against, and how you should rely on them as a security measure for your WordPress website.

What are Firewalls?

Firewalls are one of the oldest ways to harden your tech systems against vulnerabilities, but here’s an interesting fact about them:What is a WordPress Firewall_Firewalls continue to contain damage even with cyber security. They do this by controlling access to and from the general internet with regard to your resources; in this case, your WordPress site.

Firewalls fulfill two purposes:

  • filtering incoming traffic from the outside world that wants access to your WordPress site
  • controlling what the computers on your network may send to the outside world

Firewalls act as an extra layer of security, and are considered important, especially since nobody can be too careful when it comes to cyber threats.

What are WordPress Firewalls?

WordPress firewalls (as the term implies), are firewalls deployed specifically to protect your WordPress website. They are customized with rules tailored specifically to thwart attacks that are launched on the particular vulnerabilities and entry points of your WordPress site. Obviously, customizing these firewalls according to the nature and needs of your WordPress website make them that much more powerful. For example, if you configured your WordPress firewall so no one can access the wp-login more that five times in an hour, you could keep specific kinds of attacks at bay.

Types of WordPress Firewalls

Which kind of WordPress firewall you use, depends on the kinds of threats your website might be facing, and where you want firewalls to be deployed.

One type of WordPress firewall is plugin-based. This means it can be installed and configured to your WordPress site just like an ordinary plugin. It intercepts every request made to your WordPress website. Plugin-based WordPress firewalls use predetermined rules to check if the request made is malicious or safe. A couple of examples of plugin-based firewalls for WordPress include NinjaFirewall and WordFence.

Another way to ensure that malicious requests are blocked is by using a cloud-based firewall. Anytime a visitor tries to access your site, the requests are first sent to the cloud-based firewall. This firewall uses a wide variety of technologies to determine the validity of the request. The request is allowed to pass through if, and only if the request is determined to be safe. Some examples of this kind of WordPress firewalls include CloudFlare and Sucuri.

Other than this, your web host provider might have an in-built firewall. The protection of this firewall might extend to your WordPress site, but it’s primarily to protect their infrastructure, and not your website.

So how do you secure your website? Honestly, there isn’t a foolproof way to make your WordPress site completely secure. The best way to reduce vulnerabilities, though, is to use a combination of security measures. Having a functional WordPress firewall included in that combination is useful especially since it’s an extra layer that helps control access.

The best way to be completely at ease about your website even if disaster strikes, is to store all your data in a safe place; that is to backup your website. The easiest, most secure way to do that, would be to use a WordPress backup plugin such as BlogVault.