Daily backups offer a balance between minimizing data loss & minimizing load on server/site. Is it, however, the most optimum WordPress backup frequency for your WordPress site? Here’s what you need to know about the different methods; and the pros and cons of each of them.


Daily backups are the most practical backup frequency for a majority of WordPress sites that have scheduled updates every day.


Daily WordPress Backups

Who is it for?

Daily backups are a good option for sites which make numerous changes in a month. These may be blogs that predominantly have content additions everyday, or news/magazine sites which have scheduled daily updates.

Even if daily changes are not made to your site, daily backups may be worth considering. WordPress sites depend on plugins, and themes. As you well know updates to plugins and themes, along with updates to WordPress Core are very important for the sake of your site’s security, and functionality.

Updates are not released at the same time and different plugins and themes have to be updated regularly. While these updates are important, they are part of a complex mix of softwares that together form your WordPress site. If you make an update and the site crashes then it is easy to pinpoint the problem. Often this is not the case. Problems only surface days; maybe weeks after a handful of changes are made. In such cases identifying the issue is a laborious matter.

Performing daily backups ensures that such updates are also saved. You can then restore your site with minimal or no data loss, and figure out any issue affecting your website, later. When you restore your site, fewer of those updates have to be made to harden your site’s security. Otherwise, without those updates, even if you restore your site it may have many vulnerabilities putting you at constant risk.


Advantages of Daily Backups

Good backup solutions optimize between resources consumed and efficiency. Daily backups bring the following advantages:

  • Reduces data loss
  • Provides the option of multiple backup versions to test and restore
  • Requires least tinkering once restored – updates made to plugins and themes can be retained.


Methods for Making Daily Backups

You can make daily backups in a few different ways. While all the methods used to make daily backups will offer the above mentioned advantages, each method also brings its own challenges. Let us explore them one by one.

Manual Backups

Making manual backups of your WordPress site is an additional, laborious job to add to  your everyday business task list. Remembering to make backups or taking out the time for it may not always be possible.

Securely storing backups is another issue that you are solely responsible for while making manual backups. HDDs or external HDDs or USB drives have been known to fail. Local storage devices, and the data stored in them can also become infected with malware.

Testing backups before restoring/migrating them can become a challenge when you are making manual backups and storing them locally.

Web Hosting Service

While many web hosting services offer backups and it is a seemingly convenient option, it is important to note that not all hosting services offer daily backups. Most of the time, premium web hosts like Flywheel, and WP Engine that do offer daily backups come at a premium price. Sometimes web hosts offer other backups solutions as add-ons and these come with additional costs.

A premium price tag may not be the only drawback when you choose your hosting service as your WordPress backup service. Backups with web hosts don’t have backup descriptions, which makes identifying and restoring the right version a very tedious process. Also, if your backups are stored by your web hosts then they might not be completely independent of your site. It means that your backups may be exposed to all the risks to which your site is exposed. For example, if your hosting service is hacked or the infrastructure is affected by a natural disaster, then chances are that along with your website, your backups are also lost. This is not an ideal way to store backups.

WordPress Backup Plugin

Some backup plugins are free and allow you to schedule your WordPress backups. While these plugins will help you perform daily backups, storage may be an added issue for you to consider. This is because not all plugins offer independent storage options. You can link your cloud storage account (for example, your Dropbox account) to these plugins. Doing so, however, usually means that the plugins store an API key of these accounts on your WordPress site. API keys are how the backup plugins communicate with your backup destination. However, it exposes backups to similar risks as your site. This may allow for your backups to be compromised when your site is hacked.

Backup plugins have to be installed on your site. If you lose access to your site for some reason then using the plugin to restore your site is not possible.

Tip: If you decide to use a WordPress backup plugin it may become important for you to track your WordPress site’s traffic. Backups can be resource intensive and making a backup when most visitors come to your site might slow the site and spoil the user experience.

WordPress Backup Service

A WordPress backup service offers a more complete  backups solution. Backup services perform incremental backups and automatically upload backups to completely independent storage.

Incremental backups mean that only those parts of the site which have changed since the last backup are stored. This means that you do not have to worry about large sites not getting backed up, or about forgetting to perform backups.

Backup storage comes as part of the service and you do not have risk using your personal accounts. Backup services also offer simplified processes for restoring and migrating your site. BlogVault offers you a one-click, test restore option which allows you test your sites on an automatically generated staging environment, before restoring them.


Choosing a WordPress backup frequency and solution for your site depends on a few factors– budget, frequency of changes to the site, time available, and the size of the site. There is a case to be made for daily backups as the most optimum frequency for most sites, barring sites with a high frequency of changes like e-commerce or news sites, (which might need solutions providing real-time backups instead). Knowing the advantages and challenges with making daily backups can help you make an informed decision.


Frequent WordPress backups can minimize data loss and thereby greatly help your business. However, they can be resource-intensive and affect your WordPress site performance, if not done right.  

Frequent backups present some obvious advantages which are particularly important for WordPress (WP) sites. Content creation takes some planning, effort and resources. Losing such content may become a major setback for your website. Daily backups minimize data loss in such cases.

Finding secure storage solutions is a real challenge with frequent WordPress backups.
Finding secure storage solutions is a real challenge with frequent WordPress backups.

WordPress sites are dependent on many third party plugins and themes. WordPress site owners are always running the risk of installing software that is not compatible with other plugins or themes on the site or installing those which may have some vulnerabilities. The risk of losing data from frequent updates and third-party software vulnerabilities is mitigated to a degree by having up-to-date backups.


Advantages of Frequent Backups

  • Minimize data loss
  • Reduce downtime
  • Retain updates & functionalities on WP sites


What are Frequent Backup Options?

Of course real-time backups is the best solution to achieve the goals stated above. Hourly/Daily backups may be the most frequent options apart from that.


Challenges with Frequent Backups

Higher frequency of performing backups brings its own complications. Backing up sites not only makes demands on your server resources but also brings up the issue of secure storage of the backups made. To add to the list of issues to consider, tracking whether backups have happened correctly and what has been backed up is not always easy.


Backups are Complicated

We have been in the business of premium WordPress backup service for over five years now. A number of things can, and do go wrong with backups. Sometimes when someone opts to backup their site manually, it is as simple as forgetting to perform frequent backups.

Often, WordPress site owners don’t know if backups are happening according to plan. Sometimes not all files are backed up.

In cases where site owners may have backups, restoring sites may not be easy. At other times, site owners who are relying on backups by web hosting services may not be fully aware of backup & storage policies. As a result, there have been times when WordPress site owners find out that there may not be any backups when they need it the most.


Resource Intensive

Increased load on your server resources could lead to an increased  site load time or pages crashing. Otherwise, the user experience of visitors to your site may be spoiled because certain elements in the site may not function as intended.


Large Sites Offer Their Own Problems


Backing up larger sites takes more time & more resources. In such cases it is possible that certain sites may not get backed up at all. This is because hosting services; especially on shared hosting, have policies about the time, and the server-resources that a particular task can take. In such cases although you may have employed a backup solution, your site may have not been backed up at all, or may have been backed up incompletely. In both cases, restoring the site is not possible.


Storage Space & Security

Frequent backups lead to multiple copies. Storing these copies securely can be a challenge. Storing backups on your own Dropbox accounts or local storage devices like your PC’s hard drive (HDD) or USB drive is not recommended.

Backups stored locally can become infected with malware as you are constantly browsing and downloading files. Also, HDDS or USB drives have been known to crash. This doesn’t even account for the risks associated with accidents and natural disasters.

Storage may drive up the cost of storing backups as you may have to invest in independent storage solutions.
In all the above cases the real risk is that eventually when you need to restore your site you may not have backups, have incomplete or infected backup files. This is not the optimal scenario for your business. Probably a good way to evaluate a backup solution is to list some scenarios in which you would need to rely on backups, and see if the backup solution in question will give you access to backups and allow you to restore your WordPress site.


The Answer?: Backup Service as a Solution

A WordPress backup service like BlogVault will not only take care of storage space and security but make incremental backups. This intelligent approach ensures that even large sites on shared hosting can be completely backed up. Apart from this backups services may also eliminate cache and log files from backups, thereby reducing problems at the time of restores. All of this is done automatically, thereby eliminating the human errors so that you can go about your business without worry.


With a WordPress backup service restoring your site is always the goal. When the time comes you will have multiple backups versions; securely stored, from which you can choose. You can also automatically restore your site with a single-click. Of, course a backup service comes with a more premium price tag but with the price you’ll have backups with best practices at your disposal.


Frequent WordPress backups contribute greatly towards efficient your WordPress restores. The battle is between resource consuming hourly backups and infrequent backups which increase the risk of data loss. Do you know what is the right answer?

The frequency of WordPress backups is a much-discussed topic. At BlogVault we believe that ideally, WordPress sites must be backed up at least once a day. This is a logical idea when you consider that all backups are meant for recovering your site. This means you want to minimize data loss, when you restore your WordPress site.

Daily backups, however, is not a ‘golden frequency’. Different types of sites require backups to be made at different frequencies. Daily backups strike a balance between minimizing data loss and not consuming too many resources of your WordPress site’s servers. Backing up more frequently, however; especially when done inefficiently, may affect your site’s performance. On the other hand, backing up infrequently, like on a weekly/monthly backup schedule may mean that you lose substantial amount of data.


How frequently do you backup your WordPress site?


WordPress Backup Frequency


Why Make Daily Backups?

We mentioned that daily backups ensure that updates to all the posts and pages of your site are saved. WordPress users who manage smaller sites may feel that daily backups are not as important. This may be because the website is not updated with new content. However, we have to remember that WordPress sites are run on plugins and themes which are updated often. Older backups will not contain these updates and restoring them is not very efficient. This can also cause security concerns as plugin and theme updates include security updates too.


Restoring from Older WordPress Backups

If older backups are restored, then you may have to go back and update all the plugins, themes and may be even WordPress core. This may not be feasible in case you own multiple sites or have many plugins and and themes on your site.

Also, backups bring up compatibility issues. In case you restore older backups, then you can only test these issues after the site has been restored and the updates are made. However, the more recent the backup, the easier it is to test for functionality. Of course, with a WordPress backup service like BlogVault you can test your backups with a single click.


What Type of WordPress Site Do You Have?


E-commerce sites & Popular Blogs

While daily backups are a great option, for e-commerce and popular blogs it still may not be enough. For e-commerce sites, it is crucial to track transactions, data on pending orders, and the delivery status of orders with utmost immediacy. For popular blogs, comments and content can be generated very regularly; and this includes news sites. In such cases, real-time backups is the answer.


Real-time Backups for WordPress Sites

Backups in real-time are meant to save every change as soon as the changes are made, (or at least as quickly as possible). The concern with this is of course the effect on WordPress site-performance. However, when done right, real-time WordPress backups can be a comprehensive solution.

Real-time backup solutions for WordPress sites track changes and backup only those changes to the site as quickly as possible. Since only the changes are backed up, even large sites with frequent updates and changes can be completely backed up without affecting site performance. However, there are different methods to achieve this result and results vary depending on how effectively your backup plugin does the job.


Frequency is Key to Having Secure WordPress Backups

If backups do not allow you to make efficient restores then the point has been missed. Making daily or real-time backups are key to having functional backups which are ready for restores. A WordPress backup service, can allow you to not only automate the frequency of your backups; but also ensure that your backups follow other best practices of WordPress backups as well.


Storing WordPress backups on your PC can quickly become laborious and the risks outweigh the convenience or economic benefits. Find out why.

Locally storing your WordPress backups means storing them on your PC or desktop. The other option is maybe to store them in an external storage device like a USB drive or or an external HDD/SSD.


Saving backups of your WordPress site to your computer seems convenient, but how reliable is it?
Saving backups of your WordPress site to your computer seems convenient, but how reliable is it?


In this article let us look at how you can do it, why you may be looking at this option and also answer the question which matters the most– should you do it?

How To Make WordPress Backups Locally

There are 3 ways through which you can download backups to your computer:

  • Manual WordPress Backup Download
  • WordPress Backup Download via cPanel
  • Plugins


Manual WordPress Backup Downloads

You can download WordPress files by using an FTP client— eg: FileZilla, CyberDuck. Making a full backup includes backing up files as well as your WordPress site database. To make WordPress database backups you can use phpMyAdmin.

However, once you download your backup files, labeling and organizing them is important. Otherwise it may be impossible to find the desired version when you want to make a restore.


Usually web hosts provide a cPanel account to users. Using the tools in cPanel– Create Backup or Backup Wizard, you can download backups. Again these backups are usually .zip files with filenames containing date names. However, that is not enough information when you make regular backups. You may have to spend more time organizing your backups with descriptions to ensure restores are easy.


Most WordPress backup plugins; at least all the popular ones, offer the option to download WordPress backups to your computer. However, regardless of the WordPress backup plugin you use, downloadable backup files; especially of the full site, are available in .zip format when you download a full WordPress site backup. On top of that not all plugins give you the option to download individual files. This means we are back to our recurring theme of how downloading and storing backups also means maintaining them.

Storing WordPress Backups Locally

There are some key concerns when thinking of destinations for WordPress backups.

  • Storage space
  • Security
  • Organization
  • Restoration Issues
  • Ease of use

An ideal WordPress backup solution addresses all of these concerns.

Pros and Cons of Storing WordPress Backups Locally

Storage Space

Backups must be made regularly; daily if possible. If you are making regular backups then storage space will become a concern for you. Your PC’s internal HDD will eventually run out. You can solve the problem by investing in an external HDD/SSD, or USB drives dedicated for storing your backups; especially if you have large sites and you make regular backups. If you use USB drives for example you may be forced to make backups once in awhile and and overwrite previous copies. This is not a good solution.

Security of WordPress Backups

Making a backup is a security measure. Which means your backups must be secure. However, storing them on your PC or on a storage device is not the best idea when considering the security of backups.


Backups stored on a PC may be infected with malware from a few sources. They may either already be on your computer, or your browser may have been infected by a malware from an unsafe site, or your backup files may be corrupted by malware in external storage devices like USB drives or HDD/SSD.

Storage Location

Apart from malware issues, there is the concern of where your backups are stored. Even if you have a dedicated external storage device– HDD/SSD, it may not be enough as they are not reliable. They do have failure rates, and may crash or be infected with malware as they have to connect to your computer at some point. HDDs/SSDs may also stop working due to heat or natural wear and tear. Along with all of these points, if you choose to store backups locally on a hard drive, then your backups are in a single location, this raises the risk of losing them significantly. As a result, they may not serve as the most secure environment for storing your backups.


Downloaded backups have to be organized if they have to be useful when you have to restore your WordPress site. Consider that your site is down and you have to restore it. If you are left going through all your backup versions one by one trying to make the right decision, then you might spend a lot of time and effort which you could have invested in developing your business ideas.

Restoration Issues

Manual downloads or locally stored backups usually mean manual restores too. This may suit some developers or those who have spent time working on WordPress but for the majority who are business owners, or bloggers who are utilizing the CMS, this may not be a viable option.

Restorations usually have to be done via your cPanel account or via an FTP Client and phpMyAdmin. There are often limits to the size of files that can be uploaded via cPanel or PHPMyAdmin. These restrictions can cause restores to fail. Again, the lack of backup descriptions, and easy options to make restores, together make extra demands of your time and energy. Expending this extra effort may be unnecessary if you utilize a complete WordPress backup service.

Ease of Use

First of all since this is a manual process. If you are following best practices than you have to make backups daily. This can get tiring, and worse, you may forget to make backups at all.

After taking all of the above points into consideration, the answer to this one seems to be clear. Storing WordPress backups locally doesn’t seem to be a great idea. However, there may be a couple of benefits. It is an economical option, and you can be sure that backups are done as making manual backups or downloading them from plugins allows you to keep track  of your backups.

However, even in these cases, you may end up spending on storage devices, or professional help when you need to restore.  Along with those issues, if you account for the time spent doing the work— making, downloading, organizing, and maintaining backups; and the time spent worrying about their safety, then the economical benefits and surety about backups being done seem to be nullified.

Instead choose a professional WordPress backup service like BlogVault, for worry free backups so you can do what you do best.  A premium WordPress backup service  would allow you to easily track backups, makes one-click WordPress restores, and even one-click WordPress migrations; leaving you worry free.


Making WordPress Backup to your Google Drive account may mean that you are choosing convenience over efficiency and security. Here’s why.

Uploading WordPress Backups to Google Drive

Google Drive presents a convenient option. To begin with it is accessed with your Google account. No multiple logins. Added to this 15 GB of storage space is free to users.


Google Drive seems like the perfect vault to store your WordPress backups in.
Google Drive seems like the perfect vault to store your WordPress backups in.


You can simply choose among the many plugins which allow you to upload your WordPress backups to Google Drive. UpdraftPlus, BackupGuard, and WP Database Backup are all example of plugins in the WordPress repository which allow you to do just this. However keep in mind in some cases, you may have to pay for an add-on to add Google Drive to your list of backup destinations.

Setting Up Google Drive with Your WordPress Backup Plugin

This process may take some steps to get through, but if you follow the documentation of the respective plugins it will be easy. However, the point to keep in mind is that setting up your Drive account with your backup plugins generally means that the plugin stores a ‘client ID’ and ‘client secret’ to your Drive account. This is how the plugin can upload backups to your Drive account. However, this can be a double-edged sword.

WordPress Backups to Google Drive: Pros & Cons

Google Drive gives users 15 GB of free storage space. This may prove sufficient if your site is not  large. The economic benefits from using a free plugin and having free storage space cannot be discounted without consideration. Along with this, you can gain access to your Drive account with your Google credentials; no extra logins required.

However, the very same advantages have another face when viewed from the perspective of control, efficiency, and security.

WordPress Restores from Google Drive

All backups are about restores. This means making restores must be easy and it must give full control. Backup files uploaded to Google Drive by plugins may not allow for this. It is true that with plugins like UpdraftPlus you can restore directly from your WordPress admin dashboard. However, this may not be enough.

Backups uploaded to Drive are usually in .zip folder; and that makes it very hard for you to find and restore individual files. This is, if your plugin allows for restoration of individual files; which is not always the case.

Restoring individual files has its benefits. Large sites take time to restore. This means more downtime. In other cases your hosting service may limit the time for each action. This is true of most cases, and in such cases your website may have to be manually restored. This is not a burden your business needs.  On the other hand, restoring individual files means that you can avoid all these complications and not suffer the cost from unnecessary downtime. With each passing day this cost continues to increase. For this reason, having more granular control over your backups and restores is important.

Are your Backups Secure in Your Google Drive Account?

The other point to consider is that your backups may be vulnerable because a single set of login credentials gives you access to all your accounts. If that is compromised then your backups may be compromised too. The other way is that if your WordPress site is hacked, then that may lead the hackers to your backups since your plugin stored the ‘client ID’ and ‘client secret’ to Drive account.

WordPress Backup to Google Drive: Storage Space Issues

In the case that your Google Drive account runs out of space, how will your plugin continue to make backups? You may want to know if you’ll get notifications from the developers of the  backup plugin you use. If this is not the case, then you may not have backups to make restore; which is when you need them the most

While convenience is one factor, uploading your WordPress backups to your Google Drive account may not allow you to practice WordPress backup best practices.

No Backup Descriptions

Now let us say that you are following good login practices, using smart passphrases, and following the basic security practices well. You also don’t mind making manual restores. In such a case you may be okay with a plugin which uploads your WordPress backups to your Google Drive account. While this not advisable from a security standpoint, you may still have to contend with another issue– backup descriptions.

As mentioned plugins usually upload your WordPress files in .zip files. The file names may have the date and time when the backups were made but not much else. When you want to manually restore a file you may want a description of what has changed from one backup version to the next. Without this, you may spend a considerable amount of time sifting through files, or spend time organizing backups in your Drive. Either way, you have to invest a considerable amount time and labor.

When backing up to Google Drive, ensure that you label the downloaded backups in an organized manner, so you can categorize and differentiate backups. This will be helpful when you have to restore your site.

You need to safeguard your data in a more robust manner to ensure that in your hour of need you know not only know that you have access to backups but also that they are functional. Especially, if you’re running a small business or a popular blog then you might want to look at a more complete WordPress backup solution and continue making WordPress backup to Google Drive only as an additional step.

WordPress is a popular target for hackers because every website has something to offer them, and the returns on attacks are high.


Hackers gain something from every WordPress site


WordPress is the most popular CMS in the world, and a popular target for hackers too. The scale of the problem may make it seem like the hacks occur randomly and for random reasons. In reality, every website has something to offer hackers. The exact nature of the payoff also depends on the intentions of the hackers.


Hackers can be grouped into three categories, depending on the purpose behind their attacks:

White-hat hackers usually test a website or a computer system for vulnerabilities. They do not have malicious intent, and disclose vulnerabilities responsibly.

In the WordPress community, white hat hackers are either a part of a web security team, or are developers within the community who contribute by discovering vulnerabilities and helping protect the community against such risks.

Hacktivists, (who are ‘activists’ acting by means of hacking) target websites mostly to bring awareness to socio-political issues, but the means they pursue for these ends are questionable. This is why it’s difficult to categorise what they do. Most of the time, hacktivists deface websites, or publish sensitive information.
Examples for hacktivist defacing websites range from  Anonymous’ hack of the Phillipine Comelec that asks questions, to the defacement of the ISIS website with ads for performance-enhancing drugs. Hacktivists could also publish sensitive information. Examples of such attacks include the  Panama Papers leak, and the hack of the  CIA  and FBI websites that released officers’ personal information and put them in danger.

Since the classification of what hacktivists have to gain, and the means they use to achieve their ends can fall in gray areas, we’re going to exclude hacktivism from this article.

Black-hat hackers, who hack websites indiscriminately, purely because of more ‘materialistic’ gains. They exploit vulnerabilities to their own ends. Any website can be targeted by these hackers, since they are not looking to test a specific system for vulnerabilities, nor do they want to further a socio-political agenda.


What Black-hat hackers can gain from hacking websites

Black-hat hackers could gain one of three things from hacking websites:

  • Reputation
  • Access to resources
  • Information



In terms of technical know-how, and the scale of the reputation they seek, black-hat hackers could be ‘script kiddies’, or ‘experienced hackers’.

‘Script kiddies’ depend on tools to perform hacks. While the scale of the havoc they wreak can vary in degree, they usually hack websites to be accepted, or to gain reputation among their peers. They usually don’t have criminal intent. However, the more they learn, the more they could move towards higher levels of experience and reputation.

Garnering reputation among other black-hat hackers depends not only on the technical know-how they have, but also on the damage they have the ability to wreak independently. This is when/why they move away from readily-available tools, and craft malicious code of their own that can bypass usual security measures on websites.

‘Experienced’ hackers look to earn a more ‘professional’ kind of reputation. You might know that there are black markets for the sale of illegal goods, but there are similar establishments for cybercrime too. One such black market/forum, was Darkode. Hackers have profiles on these websites and are ranked. These hackers look to earn higher ranks so that their ‘customers’ will pay more for their services, and their work will be recognized more.

How high a hacker’s rank is, on cybercrime forums, depends on:

  • The number of sites they’ve hacked.
  • How proficient they’ve been (the difficulty of the hack).
  • The reputation of the sites they’ve hacked.
  • How satisfied their customers are with their ‘service’.

In short, even if  your website has great security, it’s better for them: they get a better ranking if they succeed in hacking your site.

For example, if your site had tight security, and a hacker successfully retrieve contact information of all your customers, they only garner reputation and have no use for the information afterward. They could go ahead and publish it on the cybercrime forum so other hackers could use the information to send spam mail to your users, send them downloadable malicious code, or send them mails crafted for phishing.


Access to resources

The resources on your WordPress site include your site’s database, the server it’s hosted on, as well as the users and visitors to your site. Black hat hackers hack your website in order to gain access to these resources. Attackers have a number of ways that they could exploit your site’s resources:

  • They could plant malicious code on your site to do anything they need to do, without the action getting traced back to them. An example of this would be that of hackers planting malicious code on your server to send their spam mail to your site’s visitors. This would not only get your server blacklisted by mail servers, but also could lead to your WordPress site getting blacklisted by search engines (since it has malware).
  • They could use your site to perform Black Hat SEO practices that allow them to hijack your site’s traffic and redirect it to their own websites, or their customers’ websites. A common type of attack on WordPress sites that uses this technique is the WordPress Pharma hack.)
  • They might use malicious code on your site to trick the visitors of your site into downloading malicious software to their computers.
  • Cross-site scripting attacks  could be used to steal cookies from your site’s visitors and use their credentials.
  • They could use your server as a bot in a DDoS attack.
  • They could manipulate your site to trick users into entering sensitive information that could be used for phishing.
  • They could use ‘ransomware’, which is malicious software that doesn’t allow you access to your resources, your website, or important files on your website unless you pay up. Ransomware keeps popping up in tech news because of technology’s progression into the Internet of things (smart home appliances that can be connected to the internet). In the context of websites, ransomware could be used to either lock you out of your site, or encrypt all the data on your website until you meet the hacker’s demands. If you don’t give in to the hacker’s demands, they could keep all the data from your WordPress site to themselves until you do, or worse, delete it all. The only sensible way to protect yourself from such an attack, is to have a reliable WordPress backup solution that has updated backups of your site.



As any website owner knows, information is probably the most important thing on a website. From your site’s data to your visitor’s data, all of the information on your website is unique to you, and is hence valuable.

Hackers could hack your site to retrieve information that belongs to your site’s visitors, such as their personal information(which includes contact information, photos, medical records and other information about their identity), or financial information.

Hackers could use this information in the following ways:

  • They could use it for their own purposes (such as to send spam mail). Sending spam mail from your website’s server could get it blacklisted by search engines, and other mail servers.
  • They could publish sensitive information from your site.
  • They could sell it to others looking for this kind of information.
  • They could also retrieve confidential information from your WordPress site (such as information about your investors), and ask you to pay a ransom to make sure it isn’t published, or sold.


Publishing sensitive information

Sensitive information on your website doesn’t have to just be related to the financial information … it could be anything that is specific to just your site, such as the personal information of your site’s users (like their email addresses), that could be used in line with malicious intent (to fulfill a job request, to damage the reputation of the company whose information they publish, to help other hackers send spam).

For example, a hacker could publish your users’ email addresses, to ruin your establishment’s reputation and the trust your customers have in you.


Selling sensitive information online

This is another dangerous way hackers target the information on your site.

While some hackers sell personal information of celebrities online (like in the case of Pippa Middleton’s iCloud photos that the hacker attempted to sell), in the past few years, a number of medical websites have been targeted.

This is because social security numbers, medical and healthcare information could prove to be more valuable in terms of identity theft than even financial credentials.

Hackers who sell financial information are in a race against time; they only get the best price for their hard work as long as the credentials are recent, and valid. If the people whose information was stolen, blocked their cards or switched banks, they don’t get paid. However, with identity-theft, the validity of the crime is much longer; and the payoffs for the buyer is considerably higher.

The parties that buy this information could use it to:

  • Create online loan applications
  • Create applications online for credit cards
  • Apply for prescription drugs
  • Create fake IDs

This poses a serious risk for any website, but especially for those that store any sort of user-information.


With reasons/aims like these, it’s no wonder that hackers continue to do what they do. They know that there is no such thing as a secure website, so any website can be hacked, and used to any end. The returns for them on hacking websites is high. This is why hackers who seek to obtain information or access to resources on your site make sure to keep their tracks hidden. They do this in order to utilise your site for as long as they can, and make sure to leave backdoors in inconspicuous file so that they can always gain access back to your site.

This is why the best way to stay safe is to have a solid disaster recovery plan in place. The prime element in such a plan, would definitely be a WordPress backup solution like BlogVault that is truly reliable, and an intelligent malware scanner+cleaner, like MalCare, that leaves no malicious code behind.


Flywheel being a managed WordPress hosting service offers great features including WordPress backup. The increase in features and focus specialization is certainly reflected in the price too. So, are Flywheel backups worth it?

Flywheel is a managed WordPress hosting platform. They exclusively host WordPress sites and as a result, Flywheel is optimized for that platform. This means that you can expect WordPress backups and services that are a cut above your run-of-the-mill shared hosting environments on other web hosts. With this, costs rise proportionally as well. So, does this mean that we will discover a web host WordPress backup on which you can rely? Read on, to find out!

A Screenshot of Flywheel's website
A Screenshot of Flywheel’s website

Before we begin, welcome back to our series reviewing backups by web hosts. Check out our previous articles in this series on backups by WP Engine, HostGator & SiteGround if you’re interested in how they backup your WordPress site.

Flywheel Backups:

As usual we would, ultimately, be looking to answer one question- Can you rely on Flywheel for your WordPress backups? Being a hosting service dedicated to WordPress, Flywheel is optimised for the CMS and provides backups as a part of its service. However are the WordPress backups completely independent of Flywheel? Let’s find out.

  • Flywheel makes nightly automated backups of your WordPress site.
  • You access 30 days of backups through your dashboard.
  • Flywheel’s documentation says that it backs up everything in your WordPress folder including uploaded files.
  • Backups are stored offsite on Amazon S3 servers.
  • Apart from these features you  can download your backups in .zip format; and restore your WordPress site with a single click.

Points to keep in mind:

  • When you are restoring your site, visitors are going to see a ‘site down for maintenance’ message.
  • Flywheel provides a staging environment to test changes and updates to your site.

Review of Flywheel backups

Flywheel allows you to force backups anytime you want. This is helpful when you have to make updates or major changes to your site. When you are restoring your site, it automatically prompts you to make a restore of the current version. It is a handy feature to have as you can roll back your site in case the restoration process does not work out. However Flywheel does not function as complete WordPress backup service despite getting many things right. As a consumer you will have to decide if you can ignore issues or do you want to go for the best WordPress backup plugin.

Backup Descriptions

When you force a backup, you are prompted to provide a backup description. In such a case, you can name the backup according to the reason you are performing the backup. For  example, if you are updating plugin X, then you can name the backup as ‘before updating plugin X’. Although you have 30 days of backups available on a list in the Backups tab of your Flywheel dashboard, you can immediately identify this one.

Forcing a backup on Flywheel first results in a pop-up asking for a backup description to help tell backups apart
Forcing a backup on Flywheel first results in a pop-up asking for a backup description to help tell backups apart

Automatic backups on the other hand, can only identified by their dates and the number of posts, pages, comments, plugins & uploads. There is very little to differentiate what has exactly changed since the last backup. This is particularly painful when you start making backups before updates, restores, and so on. This interrupts with the automatic backups repeating number of posts or pages or jumbling them up. A hack most people would think of, to restore the backup version with the most posts or uploads will not work in such a case.

Flywheel's automatic backups are hard to tell apart
Flywheel’s automatic backups are hard to tell apart

Downloading Backups from Flywheel

Downloading backups is very easy you can do it from the BACKUPS tab in your Flywheel dashboard itself. Once you have opted to download a particular backup, you will get an email notification informing you that your backup is ready for download.

Downloading Flywheel's backups is easy
Downloading Flywheel’s backups is easy

One thing we did notice when we unzipped the downloaded backup is that, wp-admin and wp-include files were missing from the downloaded backup.

Our downloaded backup didn't contain the wp-admin and wp-include files
Our downloaded backup didn’t contain the wp-admin and wp-include files

We must mention that we had no issues with restoring the site from our dashboard. This means that Flywheel will have a backup of those folders. But, you can’t access those folders of your site when you simply download a backup from the Flywheel dashboard. It is more a question of convenience- how easily can you access all the files on your site?

Does Flywheel backup give you control?

In case some files are being excluded from backups, you cannot simply add files to your backup right from the dashboard of your account. You can’t know the specific files or directories being backed up either.

This lack of granular control extends to downloads and restores too. Your backups as mentioned are zipped and sent to you. You do not have the option of choosing which files or tables you want to download. While this outs some sort of a burden on your storage space or labor the matter is a little more serious when it comes to restores.

Losing Data When You Lose Control Over Backups

Flywheel restores your site by removing all the old files and replacing them with the backup version you have chosen. This means that changes made in this interim will be lost. In case you know that a specific plugin or file is the issue, then you can restore only those files or plugins without losing your data.

Ideally, making incremental restores to your WordPress site would not ensure that it is up and running quicker but will also ensure that changed data since the restore also is not lost.

Of course you can always make a backup before restoring, and then download it. You would then have to upload all of that content again and make sure to take a backup of this latest version of your site. However, this seems like a circuitous way to solve the issue.

On the note of control over backups, we thought we’d mention that you also cannot customize your backup schedule.

Conclusion on Flywheel Backup:

A summary of FlyWheel's backups
A summary of FlyWheel’s backups

As expected Flywheel gets a lot things right however, their backups still don’t cut the standard of a complete WordPress Backup service. As Flywheel mentions on their site, they’d like to work with the “best of breed” for everything. If you too are looking for that “best of breed WordPress backups” then you might want to look elsewhere.

Stay safe & always, always backup!

WordPress backups by WP Engine are generally solid but may not be completely independent of the hosting service. Read on to find out not only if you can rely on their backups but also if the feature is convenient to use?

WP Engine is one of the most popularly used hosting services to host WordPress sites today. It provides its users with an array of features that include robust security, data backups, good speed, & customer service. In this article, we’ll discuss the data backup and restore features of WP Engine at length.


A screenshot of the WPEngine website
A screenshot of the WPEngine website


Before We Begin: Our Backup Mantra

No hosting service is by itself a sufficient security measure, because all web hosts including WP Engine can be vulnerable. We firmly believe that your WordPress security is best served by a strong combination of actions. At the foundation of that security pyramid must be a robust WordPress backup plan that will allow you to keep your website’s best form online always and solve problems- malware cleaning, compatibility issues, etc., offline, without harming you or your audience/consumers.

WP Engine Backup

Accessing Your Backups on WP Engine

WP Engine backups can be accessed by clicking on your ‘Install’ name and then clicking on ‘Backup Points’. You can also create a ‘Backup Point’ manually at any time you want by clicking on ‘Backup Now’ option before making any drastic changes to your site.

Backup Schedule on WP Engine

WP Engine displays the last 40 backup points at any particular time. They perform automated daily backups of your WordPress site – files and database. However, the backup schedule is automatically set by WP Engine, and there’s no option for you to schedule your backups at a preferred time. To make backups lightweight and fast, WP Engine smartly ignores files like logs, cache, and backup data. Also, to ensure that your backups are safe and secure, they’re encrypted at the source itself and stored in a geographically separate location from your site.

Downloading Your Backups From WP Engine

Moving on, there’s a ‘Download ZIP’ option present next to the ‘Backup Now’ option that lets you download a zipped copy of your site backup. On clicking ‘Download ZIP’, the download process gets initiated immediately. Once the ZIP folder containing the backup archive is ready for download, you’ll get an email from WP Engine containing a link to download it (this, I received within 5 minutes).


Screenshot highlighting the discrepancies between downloaded backup ZIP and remote website
Screenshot highlighting the discrepancies between downloaded backup ZIP and remote website


Screenshot highlighting the folders missing in the downloaded backup ZIP
Screenshot highlighting the folders missing in the downloaded backup ZIP


In addition to Production backups, WP Engine also generates backups of your staging site. Staging backups work the exact same way as Production backups, and can be accessed via the ‘Backup Points’ tab itself, by clicking on ‘Staging’ backups.


WP Engine generates both Production backups and Staging backups
WP Engine generates both Production backups and Staging backups


The one issue here is that of details of backup points. As you can see in the above screenshot, backup points only have date, time and a short description. You cannot see details of which files/tables were backed up, excluded and what are the specific changes that occurred between the chosen backup and the one immediately preceding it. While the descriptions help, if all you see is ‘daily checkpoints’ in your list you may have to make a few trail runs at times before you find the right WordPress backup version.

WP Engine’s Restore Feature

With WP Engine, you can easily restore to an earlier backup version on your site by choosing a Backup Point and clicking on ‘Restore’. By default, WP Engine restores only files. If you want to restore site’s database too, then you need to select the ‘Restore DB’ option on the pop-up that appears upon clicking ‘Restore’. There is however no direct way to restore only the database (sans files).


WP Engine restores the DB files with the sites files
WP Engine restores the DB files with the sites files


Once the chosen backup is restored, you’ll receive an email from WP Engine intimating you of the same. WP Engine’s restore process is quick and efficient, although it seems to delete new files in the process. This might result in a loss of data upon restoration of a backup version. One good thing to note here is that when you restore your site to a previous backup version, WP Engine automatically creates a new backup point, so you can easily go back to the way your site was before performing the restore if the your website isn’t functioning correctly after the restoration process.


WPEngine creates a pre-restoration checkpoint so you can go back to a version of your site before the restore
WPEngine creates a pre-restoration checkpoint so you can go back to a version of your site before the restore


The Last Word

One of the good things about WP Engine is that it prompts you to create a restore point whenever you’re about to make any new change to your WordPress site.

WPEngine prompts to create checkpoints or restore points whenever any change is to be made to your WordPress site
WPEngine prompts to create checkpoints or restore points whenever any change is to be made to your WordPress site

Also, before making any updates on your site, it automatically generates a backup of your site. WP Engine is an excellent hosting provider for WordPress sites, no doubt about it, and if you don’t mind shelling out big bucks for quality service, it’s definitely worth a go!

Here’s a brief summary of the features offered by WP Engine backups:

A summary of WPEngine's backup
A summary of WPEngine’s backup

As can be seen from the above table, WP engine backups are good and do the basic job. The backups are encrypted and are infact stored off-site. Backups are also made daily. However, if you want features like real-time backups, easy automated backup validation and one-click migration of your backup to a different URL or host; if you want to be able to schedule your backups, and control what tables/files get backed up and what get ignored, then you might need to look for a more complete WordPress backup solution other than WP Engine backups.

We checked SiteGround’s backup with their most basic WordPress hosting plan, StartUp; and distilled some of the pros and cons. This article will help you decide if you should rely on SiteGround backups as part of your website’s security plan.

It is important to mention right at the start that unless you’re manually downloading your backups and storing them securely, none of your backups are completely independent of SiteGround’s infrastructure. You’ll see what we mean as you read the pros and cons of each of the four options listed below. However, it is important to keep in mind that secure WordPress backups mean that they have to be completely independent of the hosting server. That way you can be sure that you have access to your backups in case of regular needs or during a freak accidents when web hosts lose your data.

A screenshot of SiteGround's webpage showing WordPress hosting details
A screenshot of SiteGround’s webpage showing WordPress hosting details

There are 4 ways you can backup your WordPress site hosted on SiteGround

  • The first way is to manually backup your site– make WordPress database backup using phpMyAdmin and make WordPress backup using a FTP Client
  • The second way is to make backups using your cPanel dashboard. You can click on ‘Create Backup’ under Backup Manager
  • The third way is to use Softaculous. The tool is available on your cPanel dashboard as well
  • Fourth way; you can utilize SiteGround’s paid backup service
  • Lastly, you can turn to professional WordPress backup services or plugins


Manual WordPress Backup

Manually backing up up your WordPress files and database has nothing to do with the service SiteGround offers. It is the same process with all services when you are on shared hosting. You can read articles on how to backup WordPress using FTP Client and how to make WordPress database backup using phpMyAdmin.


SiteGround Backup – Create Backup Tool


Backup options seen in the Create Backup tool which is accessed through your cPanel dashboard
Backup options seen in the Create Backup tool which is accessed through your cPanel dashboard

cPanel backups made with the Create Backup tool are generally similar across hosting services. You create a full backup using the Create Backup tool, set an email notification and wait. In some cases in the past we have not received any emails from the hosting service. With SiteGround however, the notifications were always prompt.

Even with the prompt notification however, you will be responsible for logging in to the cPanel dashboard, regularly downloading backups, and maintaining them in a secure fashion.


SiteGround Backup with Softaculous


Softaculous is another way you can manually backup your WordPress site if you host it on SiteGround.
Softaculous is another way  you can manually backup your WordPress site if you host it on SiteGround.

In terms of implications to the user, Softaculous backups are no different to making backups with the cPanel. Select the tool in your cPanel dashboard and make a backup. As with cPanel backups, unless you are regularly logging in making backups you’re bound to get in trouble. If you only login when your site has an issue or has been infected with a MalWare then you’ll only be backing up a bad copy. The onus again is on you to regularly make backups manually.

Restoring though is a little easier with Softaculous. Once you access the tool, you’ll have a list of the backups you have generated. Next to each backup is a restore icon. You only have to choose one of the backups and click on the corresponding restore.

Restoring your WordPress site with Softaculous is easier than performing manual restorations
Restoring your WordPress site with Softaculous is easier than performing manual restorations


Do You have Control Over Your Backups?

Note that in the case of cPanel backups, you cannot download specific file.  Unless you are dealing with SQL database, you don’t have control over which files to download. Choosing the Full Download or Home Directory means that you’ll be downloading the all the files related to all the domain or subdomain of your account. You have to download it all and sift through it later.

With Softaculous you can specify the domain or subdomain you want to download, and then download all the files related to that domain/subdomain.

While restoring, in the case of cPanel backups you can restore specific files or tables if you know what you are doing. In the case of Softaculous you have restore your entire directory and database, thereby restoring the entire site.

Web host backups generally tend to place an extra layer of burden on you. This is a good example of it. However, you can opt for the paid Backup service as an alternative.


SiteGround’s Paid Backup Service

SiteGround offers a paid backup service for users of the StartUp hosting plan. Paid backups are automatic backups carried out daily. 30 versions of backups are stored by SiteGround on their servers. When we got in touch with their customer support via chat, SiteGround informed us that the servers are different from the ones on which  your site is hosted.

As StartUp plan user, even if you have not subscribed to paid backup service, then SiteGround maintains a copy of the backup to your site. We got in touch with SiteGround  to ask how we can access that copy of the backup. We were informed that, that copy is only for ‘technical experts’ of the hosting servers. Users cannot access it. To do so, you’ll have to subscribe to the paid backup service, which is part of the higher hosting plans; but is not included for the basic plan.


To restore your WordPress site via the cPanel dashboard, you'll need to subscribe to the paid backup service to gain access
To restore your WordPress site via the cPanel dashboard, you’ll need to subscribe to the paid backup service to gain access

Paid backup service is especially important for sites hosted on SiteGround during restorations. Even if you have manually backed up your site, you cannot restore it via the cPanel’s Backup Restore tool. To access the Backup Restore tool you have to subscribe to the backup service. If you have not subscribed to the paid service you will see the above screen when you choose the Backup Restore tool. Otherwise you have to upload the files using a FTP client, and import the database using phpMyAdmin. This requires some technical know how, otherwise your restorations can be unsuccessful.


Why we think you need a professional backup service?

This means that if you have the basic hosting plan- StartUp, on SiteGround, you either have to do all the heavy lifting (manually make backups), give up some of the finer controls over backups and restores (download and restore entire sites), or just pay for their service. However if you run a small service, then some these shortcomings or financial additions may be worthwhile. If you’re looking for a complete WordPress backup solution, then try out BlogVault, to run your small business or blog than you might have to look elsewhere. Obviously we may be a little biased but we think the option is worth considering if you want peace of mind regarding your safety net- your website backups.


As a lot of us following technology news might know by now, TechCrunch was hacked today, by OurMine. The message left by hackers was caught just before the post was taken down:


OurMine hacked TechCrunch earlier today, and posted this on the website.
OurMine hacked TechCrunch earlier today, and posted this on the website.


According to OurMine’s website, the organisation is made of “professional hackers and vulnerability assessors” who “only care about the security and privacy of your accounts and network”.

And while a tech security company hacking sites to expose vulnerabilities is not very big news; what makes it newsworthy, is the size and reputation of the enterprise being hacked, which in this case, was TechCrunch.

For those of you not in the know, TechCrunch was built on WordPress, which is a hot target for hackers due to the CMS’ popularity. Close to a third of the world’s websites run on WordPress– if you’re a WordPress user, this might alarm you. And while we don’t yet know if the vulnerability exploited by OurMine was on WordPress, the case of TechCrunch is especially disturbing.

This is because TechCrunch was hosted on WordPress VIP. VIP services include priority hosting, offering the best enterprise solutions; and starting at $5,000/month they do not come cheap. As part of the VIP service, the website’s code is subject to rigorous code reviews from the best developers at WordPress. In addition, this service also included a host of security measures that included PAAS, DDOS mitigation, two-factor authentication and an antivirus (among other things). Basically, TechCrunch functioned in the most secure WordPress environment available.

If companies that can afford the best security measures are vulnerable, then it is a signal that there is no foolproof way to safeguard your website.

However this isn’t to say that WordPress VIP and TechCrunch were completely vulnerable. As seen in the thread, the post was taken off TechCrunch’s site within the hour, and things went back to normal almost immediately.

This hasn’t been our experience in general with websites though. In fact, some of our clients have been hacked for years before they even found out about it.

The best way to safeguard your website is to fortify it.

This is what inspired us to work on our new WordPress website security product that will be out soon. It scans for hacks, and auto-cleans them with a single click.

Apart from this, we’re big believers in having a WordPress backup, because it’s the one way you can be completely sure that the damage is reversible.