Backing up your WordPress site means to backup both WordPress files as well as WordPress database. All WordPress sites contain both these parts. They store different sets of information and missing out on one or the other may mean that you’ll have a tough time restoring your site.

While database stores posts, pages and users, among other things, WordPress files store all the plugins and themes, WP core installation, images and other files. In short, WordPress files are responsible for the look and feel of your site.

 

WordPress files affect the look and feel of your WordPress site

 

Clarification:

This article only deals with how to make WordPress backup using FTP. Using FTP you can only backup your WordPress files. This will not help you restore your actual site. To know how to download your database using phpMyAdmin, refer to the article on how you can make WordPress database backup.

 

Setup to Make WordPress Backups Using FTP

Let’s dive straight into it. To make WordPress backups using FTP, first you must have access to your site files. You can achieve this by setting up an FTP account. To setup an account, typically, you have to use ‘FTP Accounts’ via your cPanel dashboard. cPanel access is usually given by your web hosting provider when you sign up for the service.

Tip: If finding FTP Accounts in cPanel is proving difficult due to a cluttered dashboard then simply use  CTRL+F to make it easier.

To set up an FTP account you will need to input a login ID and password. Along with this, a directory will be created in your site files. Once you hit the ‘create FTP account’ button you must have access to your website files. (If you have trouble doing this then contact your web host service provider for assistance.)

 

Step 1: Install an FTP Client

In order to manipulate or act on the files you now have access to via your FTP account, you will need a tool. That tool is an FTP Client. FTP clients provide the interface for you to access your WordPress files. You can do so by entering your FTP account credentials.

For the purposes of demonstration, this article uses FileZilla. Download and install FileZilla.

 

Step 2: Manual Setup

In the case of FileZilla you’ll see a form at the top of the page to fill in your site IP address, your FTP account username, and password. Inputting these details and clicking on ‘Connect’ must allow the FTP client (in this case FileZilla) to connect to the server on which your site is hosted.

 

You can connect to your WordPress files via FTP

 

Once the FTP client establishes a connection you should be able to see your site directory on the right hand column- “Remote Site”. The left hand side shows the local folders and files (in this case, the files on your computer).

Creating a destination folder

Tip:

If you are not sure of which files you have to download then a useful guideline is to search for a directory containing folders such as “wp-admin” and “wp-content”. There will also be a bunch of files in that directory, such as “index.php” and “wp-config.php”.

 

Step 3: Create a Destination Folder for making WordPress Backup

Ensure that you have a destination folder on your computer to which you want to download the files. Usually it is best to create a new folder for each backup. It allows you to be organised and be more efficient when you want to restore from one of these backups.

You can create a new folder in the dashboard of the FTP client itself. Right click on the folder in which you wish to create the new folder and choose create new directory. Input a name for the folder and hit “Enter” and you’re done.

 

Step 4: Drag and Drop

From here on simply choose the WordPress files you want to backup by clicking on them. Holding the down the CTRL key when clicking will allow you to choose multiple files at once. Drag the chosen files from the ‘Remote Site section and drop them in the directory you just created in the ‘Local Site’ section. The download process must begin as soon as you do this.

 

The download will take a while

 

Fair warning… Downloading all the files may take a while. Grab a quick bite to eat or take walk. Before that ensure that your system has power and that your internet connection is stable.

If making manual backups it not feasible for you because of the time and effort it entails, then you can choose and WordPress backups services which automate the process for you.

You can not only track if all the files in your site and the tables in your database are getting backed up, but add/remove them to/from backups; and even download them whenever you desire. All by just clicking a couple of buttons- backup with ease and stay safe.

 

Daily backups offer a balance between minimizing data loss & minimizing load on server/site. Is it, however, the most optimum WordPress backup frequency for your WordPress site? Here’s what you need to know about the different methods; and the pros and cons of each of them.

 

Daily backups are the most practical backup frequency for a majority of WordPress sites that have scheduled updates every day.

 

Daily WordPress Backups

Who is it for?

Daily backups are a good option for sites which make numerous changes in a month. These may be blogs that predominantly have content additions everyday, or news/magazine sites which have scheduled daily updates.

Even if daily changes are not made to your site, daily backups may be worth considering. WordPress sites depend on plugins, and themes. As you well know updates to plugins and themes, along with updates to WordPress Core are very important for the sake of your site’s security, and functionality.

Updates are not released at the same time and different plugins and themes have to be updated regularly. While these updates are important, they are part of a complex mix of softwares that together form your WordPress site. If you make an update and the site crashes then it is easy to pinpoint the problem. Often this is not the case. Problems only surface days; maybe weeks after a handful of changes are made. In such cases identifying the issue is a laborious matter.

Performing daily backups ensures that such updates are also saved. You can then restore your site with minimal or no data loss, and figure out any issue affecting your website, later. When you restore your site, fewer of those updates have to be made to harden your site’s security. Otherwise, without those updates, even if you restore your site it may have many vulnerabilities putting you at constant risk.

 

Advantages of Daily Backups

Good backup solutions optimize between resources consumed and efficiency. Daily backups bring the following advantages:

  • Reduces data loss
  • Provides the option of multiple backup versions to test and restore
  • Requires least tinkering once restored – updates made to plugins and themes can be retained.

 

Methods for Making Daily Backups

You can make daily backups in a few different ways. While all the methods used to make daily backups will offer the above mentioned advantages, each method also brings its own challenges. Let us explore them one by one.

Manual Backups

Making manual backups of your WordPress site is an additional, laborious job to add to  your everyday business task list. Remembering to make backups or taking out the time for it may not always be possible.

Securely storing backups is another issue that you are solely responsible for while making manual backups. HDDs or external HDDs or USB drives have been known to fail. Local storage devices, and the data stored in them can also become infected with malware.

Testing backups before restoring/migrating them can become a challenge when you are making manual backups and storing them locally.

Web Hosting Service

While many web hosting services offer backups and it is a seemingly convenient option, it is important to note that not all hosting services offer daily backups. Most of the time, premium web hosts like Flywheel, and WP Engine that do offer daily backups come at a premium price. Sometimes web hosts offer other backups solutions as add-ons and these come with additional costs.

A premium price tag may not be the only drawback when you choose your hosting service as your WordPress backup service. Backups with web hosts don’t have backup descriptions, which makes identifying and restoring the right version a very tedious process. Also, if your backups are stored by your web hosts then they might not be completely independent of your site. It means that your backups may be exposed to all the risks to which your site is exposed. For example, if your hosting service is hacked or the infrastructure is affected by a natural disaster, then chances are that along with your website, your backups are also lost. This is not an ideal way to store backups.

WordPress Backup Plugin

Some backup plugins are free and allow you to schedule your WordPress backups. While these plugins will help you perform daily backups, storage may be an added issue for you to consider. This is because not all plugins offer independent storage options. You can link your cloud storage account (for example, your Dropbox account) to these plugins. Doing so, however, usually means that the plugins store an API key of these accounts on your WordPress site. API keys are how the backup plugins communicate with your backup destination. However, it exposes backups to similar risks as your site. This may allow for your backups to be compromised when your site is hacked.

Backup plugins have to be installed on your site. If you lose access to your site for some reason then using the plugin to restore your site is not possible.

Tip: If you decide to use a WordPress backup plugin it may become important for you to track your WordPress site’s traffic. Backups can be resource intensive and making a backup when most visitors come to your site might slow the site and spoil the user experience.

WordPress Backup Service

A WordPress backup service offers a more complete  backups solution. Backup services perform incremental backups and automatically upload backups to completely independent storage.

Incremental backups mean that only those parts of the site which have changed since the last backup are stored. This means that you do not have to worry about large sites not getting backed up, or about forgetting to perform backups.

Backup storage comes as part of the service and you do not have risk using your personal accounts. Backup services also offer simplified processes for restoring and migrating your site. BlogVault offers you a one-click, test restore option which allows you test your sites on an automatically generated staging environment, before restoring them.

 

Choosing a WordPress backup frequency and solution for your site depends on a few factors– budget, frequency of changes to the site, time available, and the size of the site. There is a case to be made for daily backups as the most optimum frequency for most sites, barring sites with a high frequency of changes like e-commerce or news sites, (which might need solutions providing real-time backups instead). Knowing the advantages and challenges with making daily backups can help you make an informed decision.

 

WordPress site owners are constantly asked to update their sites. But keeping track of updates is incredibly difficult, because of the frequency and number of updates to be made. This is why automating updates might a useful practice.

 

Making sure your WordPress site is up to date could be an overwhelming process, since there are so many releases.

 

If there’s one piece of advice in the world of WordPress for site owners, it’s this: update, update, update. Updating WordPress is easy in theory, especially since all site-owners receive notifications about core and plugin updates. When it has to be put into practice, though, updating WordPress is its own beast. Not only might updates break WordPress sites; they might also cause incompatibilities, and be impossible to undo as well. This is why it’s important to always have a reliable backup solution for WordPress sites.

Updating WordPress is an important task though, because of new features that might impact user experience, but also security updates that help against major vulnerabilities. However, with WordPress receiving updates very frequently on the Core as well as the add-on front, it is difficult to keep up with all the changes, and apply them. This is why automating updates on WordPress sites might be a workable solution for you as a WordPress site owner.

Types of WordPress Updates

While updates for WordPress add-ons have both developmental as well as security updates, updates for WordPress core perform different functions. Based on these functions, WordPress Core updates can be categorized into:

  1. Release updates, which contain both Major and Minor releases.
    1. Major updates contain developmental changes including the addition of new features, or changes to core technologies on WordPress. Every major release is named after a major jazz musician.
    2. Minor updates contain security patches and fixes. As a result, they are highly recommended, and are automated by default on every installation of WordPress. Every WordPress site is recommended to run these updates since they contain important security updates that keep WordPress sites safe.
  2. Developmental updates, which are only for the changes that might be unstable– these updates are what future developments are built on. Also known as ‘bleeding edge’ updates, they are only meant for sites running the developmental version of WordPress.
  3. Translation updates (which are language packs), and come in handy if your WordPress site has multilingual support.

Depending on your comfort-level with code, and the time you’re willing to spend maintaining your site, you could automate your WordPress site’s updates manually, with the help of a plugin, or via managed WordPress services. Every method has its pros and cons, so it’s best to choose one with careful thought.

Automating WordPress Updates the Manual Way

This method will require you to make changes to your WordPress installation’s core files.

How to automate updates to WordPress Core the Manual Way

Updating WordPress Core includes making changes to the wp-config.php file.

WordPress contains a parameter called define( ‘WP_AUTO_UPDATE_CORE’) in the wp-config file. The value you assign this function determines WordPress release update is automated.

To Automate All WordPress Core Updates

Assign the value ‘true’ to the above function, as demonstrated:

define( ‘WP_AUTO_UPDATE_CORE’, true );

This will enable the automation of all release updates, developmental updates, and translation updates on your WordPress site.

To Only Automate WordPress Core Minor Release Updates

As mentioned, WordPress automatically makes Minor release and translation updates to your site. However, if you disabled all automatic updates by assigning the above function the value ‘false, you would have disabled Minor updates too. Just assign the value minor to the same function above, instead of true. This will disable all updates other than Minor updates, which keep your WordPress site secure.

Here’s how you do it:

define( ‘WP_AUTO_UPDATE_CORE’, minor );

 

How to Automate Updates to WordPress Add-ons the Manual Way

Automatically updating add-ons isn’t recommended by WordPress, since the developers’ updates might work for that plugin/theme, but might be incompatible with other add-ons or elements on your WordPress site. However, if your WordPress site is simple and has very few plugins/themes that are compatible with each other, it might not be as big a problem.

In order to manually configure your installation of WordPress to update plugins & themes, you have to make modifications to a filter called auto_update_$type, found in the wp-admin folder. The value assigned to $type determines which WordPress add-on is updated automatically.

To automatically update all plugins on your WordPress site, the filter must read:

add_filter( ‘auto_update_plugin’, ‘__return_true’ );

To automatically update all themes on your WordPress site, the filter must read:

add_filter( ‘auto_update_theme’, ‘__return_true’ );

Pros of Manual Automation of Updates

  • The code isn’t complex, so it’s beginner friendly.
  • Manual automation is free.
  • WordPress site owners won’t have to install an extra plugin just to keep their site up to date.

Cons of Manual Automation of Updates

  • The changes have to be made to the WordPress wp-config.php files and the wp-admin folder. This might make some WordPress users uncomfortable, especially since changes to the WordPress core files are not recommended.
  • Making the changes to code might require some time, especially for WordPress novices.
  • If your site crashes with any update, you will have to check your site’s status after disabling each update manually.

 

Automating Your WordPress Site with Plugins

This method comes in handy for WordPress site-owners who do not want to tinker with code themselves, and don’t mind installing an extra plugin on their site. A couple of examples of plugins that help automate updates, are Advanced Automatic Updates, and WP Updates Settings.

How to Use the Advanced Automatic Updates Plugin

Step 1: Install and activate the plugin.

Step 2: Locate the plugin under your WordPress site’s Settings tab, and click on it.

Using the Advanced Automatic Updates plugin

 

Step 3: Check the kind of updates you would like to automate on your WordPress site.

 

Updating Themes with the Advanced Automatic Updates plugin

 

If you would like notifications about these updates to be sent to an email address other than the one of the site owner, you can enter it here:

 

Notifications with Advanced Automatic Updates

 

As you can see, you can also disable email notifications about the same, and request for debug information (in case you’re running development updates).

How to Use the WP Updates Plugin

Step 1: Install and activate the plugin.

Step 2: Just like for the Automatic Updates plugin, locate the Updates tab under your Settings tab, and click on it.

 

The WP Updates plugin shows up under Settings

 

Step 2: Choose the kind of WordPress Core release updates you would like to automate on your WordPress site.

 

Core Updates with the WP Updates plugin

 

Step 3: Choose whether you would like to automatically update add-ons on your WordPress site.

 

Plugin and theme updates with the WP Updates plugin

 

Step 4: If you’d like translation and developmental updates, click on the appropriate check-boxes.

 

Click on these checkboxes if you want other updates also to be automated.

 

Pros of Automating Your WordPress Updates With a Plugin

  • These plugins do the work for you: you don’t have to manually tinker with any code; they’ll do it for you.
  • Most plugins that automate WordPress sites allow you to enable or disable different updates with a single click.

Cons of Automating Your WordPress Updates With a Plugin

  • This will require you to install an extra plugin just for updating your WordPress site.
  • Some plugins only update WordPress core, while others will allow you to update add-ons as well.
  • You, as a WordPress site owner, will still need to weed out problems if your site crashes with updates.

Using Managed Services to Automate Your WordPress Site

There are two types of managed services you could use to automate updates on your WordPress site: managed WordPress hosting, and WordPress support and maintenance services.

Managed WordPress Hosting

These services help manage your WordPress site’s hosting issues, as well as a few issues related to your WordPress site as well. A couple of examples of managed WordPress hosting services/ managed WordPress hosting providers are Flywheel, and WP Engine. These services automate the update of your entire WordPress site, but after the following steps meant to benefit you no matter the state of compatibility of your WordPress site:

  1. The hosting provider checks their systems for compatibility with WP updates (whether this includes both core and add-on updates depends on the web host).
  2. They then mail you beforehand with the dates for your WordPress site’s update.
  3. Every managed hosting service performs a backup of your WordPress site before the update. Only after this do they perform the update.
  4. Once they perform the update, they check for issues.
  5. If your WordPress site is not compatible with the update, the managed hosting provider restores your site with the backup that they made.
  6. The service then mails you about the status of the update (successful/unsuccessful, and reasons if unsuccessful).
  7. If you’ve tested your site and found it incompatible, you can ask certain web hosting services to postpone updates till you fix the issue at hand.

Notes:

Plugin and theme updates are not done automatically by managed WordPress hosting services, simply because different plugins have settings that might conflict with each other and break your site.

If you’d still like to automate the updates of add-ons, you can get in touch with your WordPress host about the same.

Since each managed hosting service has different terms and conditions, and pricing plans, it is recommended that you read their documentation carefully, and then get in touch via email or from their in-website chat support.

Pros of Using a Managed Web Hosting Service With Automatic WordPress Updates

  • You, as a WordPress site owner, don’t have to fiddle with the WordPress core files.
  • Your WordPress hosting service tests and runs WordPress updates for you.

Cons of Using a Managed Web Hosting Service With Automatic WordPress Updates

  • Managed WordPress hosting comes at a price.
  • These services don’t take care of all the issues that might come up during updating your WordPress site. If your site has certain customizations that makes it incompatible with WordPress updates, these services might mail you asking for you to seek a professional developer’s assistance. This means even if you’re paying a premium price for managed hosting, you might also have to hire a WordPress developer separately.

WordPress Support and Maintenance Services

WordPress support and maintenance services (such as WP Curve, WP Maintainer, and Valet), are perfect for super-busy site owners who can afford to have a full-time service just for maintaining their WordPress sites. In terms of updates and maintenance, these services usually perform the following functions:

  1. Core and add-on updates.
  2. Support/repairs in case of incompatibility.
  3. Audit of the security and maintenance of your site so the chances of it breaking upon update are reduced.
  4. Regular backups to rely on in case of incompatibility with any update.

Similar to managed WordPress hosting services, it is recommended that you go through the list of their offerings, (and their pricing plans) carefully. All you have to do after that, is contact them over email, or from their respective websites.

Pros of Depending on WordPress Support and Maintenance Services

  • Since you are paying these services specifically to maintain your WordPress site, you can expect them to solve any problems you might have while updating your WordPress site.
  • You need not hire a developer to this end.

Cons of Depending on WordPress Support and Maintenance Services

  • These services come at a premium price, and usually require you to pay more in order to fix issues that might come up during updates. Each service has its own pricing plan.
  • A number of maintenance and support services do not provide free support, so if you run into issues with your site, it might be expensive to get them sorted out.

Automating your WordPress site might seem like an easy fix that will help your WordPress site stay up to date with security patches and new features, but it also comes with many caveats. Not only might updates your site break, but they might also be difficult to undo. This is why it is imperative for every WordPress site owner to maintain a recent, secure backup of their WordPress sites that can be relied on.

The WordPress admin dashboard can only be accessed by entering in your username and login password. It is good practice to use a strong login password at all times, as this makes it difficult for bots and hackers to break into your admin dashboard. However, the internet has never been a very safe place, and no amount of security is ever enough. Therefore, it’s always good to have as many layers of security as (sanely) possible, to keep hackers at bay.

Password Protect

While login credentials are a robust security measure at the WordPress application level, we can add further security using HTTP Basic Authentication (BA). HTTP BA is the simplest technique for enforcing selective restriction of access to your web resources, making it a system level security. But well, enough nitty-gritty for now, lets try to understand this with a simple analogy. Imagine your WordPress site to be a house. Although the house’s main door (read login credentials) is a vital part of security, it may not be enough, and you might want to add a fence around your house as an additional security measure. HTTP authentication is one such ‘fence’ for the protection of your WordPress site. Anyone who wants to enter your admin dashboard will first need to go through the HTTP authentication (your fence) and then enter in their login credentials (your main door).

To secure your WordPress site with HTTP authentication, you need to first generate a .htpasswd file, where you’ll list all authorised usernames and their respective encrypted passwords. Following our analogy, think of this as setting up a door to your fence. One can leverage .htpasswd only on an Apache server, since .htpasswd is an Apache password file. Good news is, Apache is the most commonly used web server software worldwide. This makes it highly probable that your site is running on Apache.

Creating a .htpasswd File

You can use the htpasswd command line tool to create a new .htpasswd file. In your command line, use the following code:

htpasswd -c .htpasswd harini

Here, ‘-c’ stands for ‘create’ and should only be used while creating a new .htpasswd file. ‘harini’ is a case-sensitive username for our HTTP BA. On hitting enter, you’ll be prompted to enter the password you would like to use. By default, the htpasswd tool encrypts your password using MD5.

htpasswd 01

In the case that you already have an existing .htpasswd file, and would just like to add a new username to it, you should use the following command line:

htpasswd .htpasswd rahul

htpasswd 02

Note that you don’t have to use the ‘-c’ switch in this command, since you don’t have to create a new htpasswd file here.

A typical htpasswd file looks like this: ‘username:encrypted_password’. For instance, a sample .htpasswd file that contains users harini and rahul would look like:

sample .htpasswd file

If you aren’t able to get your hands on the htpasswd tool, you can easily generate your .htpasswd entry (username-encrypted password pair) using this htpasswd generator.

Now that you’ve successfully created the .htpasswd file, you have a lot of flexibility over where to place it, however it is advisable to store it in a directory that can’t be accessed directly through the web. One such good location would be one level above the WordPress install directory. This will ensure that your Apache password file remains secure, even if your web server software were to get corrupted.

Password Protecting wp-login.php

With the .htpasswd file ready and stored in a safe position, you can now go on to restrict access to your wp-login.php file. For this, you’ll need to specify the following things in your .htaccess file:

  • what file to restrict?
  • where to get HTTP BA credentials from?

Assuming .htaccess file is at WordPress install directory level, adding the following lines of code in the file will do this for us:

<Files wp-login.php>
AuthUserFile /path/to/.htpasswd
AuthName "Private access"
AuthType Basic
require valid-user
</Files>

Here, you need to focus on the following two lines:

AuthUserFile /path/to/.htpasswd: Make sure you provide the correct path to your .htpasswd file in place of ‘/path/to/.htpasswd’.

require valid-user: The ‘valid-user’ keyword tells Apache to provide any user mentioned in the .htpasswd file with access to the wp-login.php file. In case you want to grant selective access to the file, instead of using ‘valid-user’, you can just mention the usernames you’ll like to provide access to. For example, if there are three usernames mentioned in the .htpasswd file, out of which you want to grant access to only two users, say user01 and user02, and not to user03, you’ll use the following require directive:

require user user01 user02

Once you’re done, save the file and upload it to the directory that contains the wp-login.php file. Now, the next time you try to login to your WordPress dashboard, you will find your browser prompting for authentication even before the admin-login screen is loaded, just like the fence we discussed.

http authentication protect wp-login.php

A .htaccess file is a distributed configuration file that’s present not just in WordPress, but in all Apache web hostings. .htaccess files can be used to boost your website’s performance, security and usability. A few features that you can enable or disable using a .htaccess file include server signature, file caching, URL redirection, password protection and custom error pages.

WordPress installations may or may not contain the .htaccess file in the root directory, depending on your permalink structure; while a default ‘ugly’ permalink structure comes sans .htaccess, a pretty permalink structure auto creates a .htaccess file in your WordPress. In case you’re using default WordPress settings (read an ugly permalink structure), it is highly advisable to change it to a pretty permalink structure. Now assuming that you want to enable default pretty permalinks, create a new notepad file and rename it to .htaccess (not .htaccess.txt). Include the following basic code in the file:

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

Save the changes and upload the file to your WordPress root directory using FTP.

Protect your .htaccess File

To protect your .htaccess file from external users and to tighten website security, it is recommended to add the following code to the .htaccess file:

<Files .htaccess>
order allow,deny
deny from all
</Files>

While making any modification to your .htaccess file, it is important to remember that even a tiny error in the .htaccess file can cause a major issue on your website, so much so you might even end up disabling your entire server with one simple typo. Hence, it is advisable to make a backup of your .htaccess file before making any changes to it. This way, if something goes wrong, you can always revert to the backup version of the file.

 

You know how they say that insects develop resistance to insecticides over time? Well, that’s sort of how it’s become with passwords these days. Passwords have been used to secure user accounts for such a long time now that they’ve started to lose their effectiveness. Of late, more and more hack attacks have become successful. The need of the hour, therefore, is to put to practice novel methods to strengthen existing authentication processes. In this light, the easiest and most practical thing you can do to further secure your WordPress site is to set up a two-factor authentication process for your WordPress login.

Two-factor authentication requires users to provide a code sent to them, in addition to their login credentials, in order to login to the admin dashboard. This way, an extra layer of protection is added to confirm that it’s indeed the user that’s logging into his profile and not someone else that’s gained access to his password.

The iThemes Security Pro plugin for WordPress sets up a second verification step for your WordPress login by using Google Authenticator. For using this feature, you’ll have to first install iThemes Security Pro on your WordPress and then download the free Google Authenticator app onto your smartphone. Once that’s done, you’re good to go.

Setting up Two-factor Authentication

Step 1: Enable Two-factor Authentication in iThemes Security Pro

  • Scroll to the two-factor authentication section on the ‘Pro’ tab of the plugin.
  • Here, you’ll find options for time-based OTP (one-time password), email and backup verification codes. In time-based OTP, the secondary code will be generated by an app like Google Authenticator. In the email option, the code will be sent through email once the login credentials are provided. The backup verification codes comprise a set of secondary codes that can be used in the event that access to the primary two-factor provider is lost. These codes expire after use and should be stored in a safe place.
  • It is advisable to enable more than one of these three options by checking the boxes next to them (preferably, all three).
  • Click on ‘Save All Changes’.
  • Once two-factor authentication has been enabled by admin, other users can activate it on their individual accounts by editing their profiles.

setup two factor authentication 01

Activate by Editing Individual User Profile

  • Click on the ‘Your Profile’ option found under ‘Users’ on your WordPress dashboard and scroll down to ‘Two-factor Authentication Options’.
  • Here, you’ll find the list of authentication code providers.
  • Enable ‘Time-Based One-Time Password (TOTP)’ and make it your primary provider of two-factor authentication.
  • It is advisable to enable either one or both of the remaining options for backup, in case you lose access to your primary two-factor provider.

Now all that’s left is to set up your site in the Google Authenticator app. For this, you’ll require the QR code and secret key that appear on clicking ‘View Time-Based One-Time Password Configuration Details’.

setup two factor authentication 02

Step 2: Add your WordPress Site to the Google Authenticator App

  • Open the Google Authenticator app on your phone.
  • To set up the app on your phone, click on ‘Begin setup’.
  • You’ll then be given two options regarding how you want to add your WordPress site to the app: Scan Barcode and Manual Entry.
    • If you choose ‘Scan Barcode’, a QR code scanner will appear on our screen. Remember the QR code we spoke about earlier? The one on your WordPress profile page? Scan that QR code by pointing your phone’s camera at your computer screen.
    • If you choose ‘Manual Entry’, you’ll be asked for the ‘secret key’ mentioned on your WordPress profile page. Enter the key, and you’re good to go.
  • Once the QR code or secret key is recognized by the Google Authenticator app, your WordPress site will automatically be added to the app.

The Google Authenticator app will now start to continually generate 6-digit tokens – your authentication codes. Each generated token/code will hold good for 30 seconds, until the next token/code is generated.

In case you temporarily lose access to your primary two-factor code provider – say because you  don’t have your phone with you at the moment, but want to desperately log in to your WordPress dashboard nonetheless – you can always use a backup provider to log in to your account then. However, in the event that you lose your phone or something and want to completely disable two-factor authentication, any of your WordPress administrators can do it for you. All they need to do is turn the feature off on your user profile. This will override and disable two-factor authentication for your user account. It should be noted here that administrators can only disable the feature for a user, not enable it.

Two-factor authentication can also be enabled for WordPress using other plugins like Duo Two-factor Authentication, Clef Two-factor Authentication, and Rublon. Learn more about using these other WordPress plugins here.

The first thing that speaks out to your blog’s visitors would be its appearance, its design. In order to enthrall your readers in no time at all, it is important to select the ‘perfect’ theme for your blog. And for this, you’ll have to spend some quality time searching for a theme that fits your blog and goes along nicely with your style. It is advisable to choose a theme wisely, and during your initial blogging phase itself, because constantly changing the theme of a seasoned blog can affect your branding and user experience. This article will talk about the various things you need to keep in mind while selecting a WordPress theme for your blog.

Different WP themes

Website Niche

Every site is created with a specific purpose in mind; so is yours. While looking for a WordPress theme for your site, it is most important to ensure that you choose a theme that suits your site’s niche. A website’s theme should complement its content. Be it a modern online magazine or a news website; be it a simple blog or a professional business site, there is an ideal theme for every niche. Focus on finding yours.

Budget

Your budget, without any doubt, is a major determining factor for whether you go with a free/freemium theme or a premium one. While free themes might be light on your pocket, they seldom offer the regular updates and reliable customer support that accompany premium themes. And in case you’re worried about premium themes costing too much, don’t be. The market for premium WordPress themes is highly competitive, so they might as well cost you lower than you think!

Different options for choosing WP theme

Responsive Theme

Today, more than 70 percent of the population uses smartphones to browse the web and the world is continuously growing to be more and more mobile-friendly. Therefore, it is of foremost importance that the theme you select look pixel perfect not only on desktops and laptops, but also on tablets and mobile phones. For this, it is essential that the theme you select be a fully responsive one. That way, your website will easily adapt to various devices, and your content will look awesome on any viewing environment.

Custom Template

Make sure that the theme you select looks as close as possible to what you have in mind for your WordPress site. Choose a theme that is flexible and easy to customize, especially if you aren’t all that familiar or comfortable with custom coding. Also, there’s no point in buying a theme and then sitting down to do heavy customizations later on.

Top Features

Some of the features you might appreciate in your WordPress theme include a widgetized homepage, custom widgets and menu locations. You might also like to have a fully responsive layout with different layout options like boxed and wide. You might want a theme that contains social media share icons, so you can easily share your posts on various social sites like Facebook and Twitter. It is also a good idea to have several areas for advertisement on your site to place banners and such. This would come in handy in case you’re looking to draw in an income from your website. Most important of all, ensure that you’ll receive excellent customer support following the purchase of your desired theme; you never know when you might need it.

Choose perfect WP theme

Well, you’re all geared up for your theme hunt now! If it is a quality premium theme that you’re looking for, there are numerous premium WordPress theme shops available online to shop from. And in the case that you’re looking for a free/freemium theme, you might want to take a look at the WordPress themes directory.

Before making a big change like using a new theme, do remember to keep your site completely backed up using BlogVault!

So you’ve just installed WordPress on your system and are raring to go. You’re thinking of how to start and what to start with. However, before you embark on the journey of developing your website, there’s a tiny little thing you need to do – prevent Google and other search engines from crawling your site.

I know what you’re thinking. As a webmaster, one of the most important, and perhaps the most obvious thing you would want is to bring traffic to your site. And getting Google to index your site as fast as possible would surely help with that, right? Yes, it will, but you need to wait just a little longer for it. Trust me when I say that you don’t want web crawlers and robots all over your site just yet.

Blocking GoogleBot

More often than not, you would be directly working on your live site and it is only natural for things to get messy at this stage. It is for this reason that it is advisable to temporarily block search engines from crawling and indexing your site until you’re past the initial development phase.

You might also not want Google or other search engines to get their hands on your site’s content for a variety of other reasons. So the question now is, how do you stop Google from indexing your WordPress website?

Blocking Google and Other Search Engines

Using a Robots.txt File

The most basic thing to do would be to manually create and upload a simple robots.txt file to your website’s root directory, instructing all search engines to stay away from your site and not index any part of it. The text file will carry the following syntax:

User-agent: *
Disallow: /

You can also use an inbuilt feature on your WordPress dashboard to block search engines from indexing your site. For this, you need to

1. Go to ‘Settings’, select ‘Reading’.

Block indexing using WP tool Step01

2. Check the box next to ‘Search Engine Visibility’ that says ‘Discourage search engines from indexing this site’. Click on ‘Save Changes’.

Block indexing using WP tool Step02

This automatically adds the following syntax to your site’s robots.txt file:

User-agent: *
Disallow: /

It also adds the following line to your website’s header:

<meta name='robots' content='noindex,follow' />

Although this method protects you from most of the search engine crawlers and robots out there, it isn’t a hundred percent safe.

Password Protecting your Website using cPanel

Web crawlers cannot access password-protected files. Hence, if your web host provides you with cPanel access to manage your hosting account, you can password protect your website files from your cPanel dashboard. For this, you need to

1. Log in to your cPanel account and click on ‘Password Protect Directories’;

cPanel password protect directories

2. Select the document root in the pop-up window and click ‘Go’;

cPanel directory selection

3. Select the folder where your WordPress is installed;

4. Check the box next to ‘Password protect this directory’, type in a name for the protected directory, and click on ‘Save’;

5. Once you receive a success message, go back to create user;

6. Add a username and password, and click on ‘Add/modify authorized user’.

cPanel security settings

And you’re done! Your WordPress site is now password protected, and therefore, can’t be crawled upon by search engines.

Password Protecting your Website using a Plugin

Another way to password protect your site is by using any one of the various plugins available on WordPress itself.

password protect pugins

All you need to do is install a plugin (it is advisable to select one that has been updated recently) and activate it. Once it’s activated, go to ‘Settings’. Enable the plugin and set your password. Click on ‘Save Changes’, and you’re done! No search engine crawler or robot can access your website, let alone index it.

Whatever your reason may be, if you want to keep search engines from crawling on your website, you can choose any of the above mentioned methods to keep your website data safe, depending on your requirements and the resources at hand.