Why WordPress security is so important?

Whether WordPress or not, your website is potentially vulnerable to attacks.

Recent reports have shown that Google blacklists thousand of websites containing malware and phishing attacks every week.

Given how serious potential WordPress security breaches can be for your business, we hope this article will inform you why you should always closely monitor how secure your website is.

Why WordPress security is so important

There may  be many smaller business owners who think their site is in no danger as they do not consider their business big enough to be at threat from hackers. Given that there is money to be made from selling personal information, hackers typically don’t care how big or small your business is. As you never know when or how your business is going to be attacked, it is essential you protect your site and use the necessary WordPress plugins to increase your security.

Mark Ronso; Marketing Manager at Top Writers Review stated that a business’s reputation can be seriously damaged due to a hacked website. Hackers commonly install malicious software or viruses in order to extract the data in the background, which can result in a loss of trust in your business and customers turning to a competitor.

When your site is attacked, the most immediate threats are the theft of customer’s personal and billing formation. As a result of the theft of customer information, the damage to your company’s reputation could also mean the loss of future income, not just the short term, but also the long term as you will need to invest extra money to rebuild your reputation and restore customer confidence.

How to Protect Your WordPress Website from Hackers

  • Strengthen your passwords – Always remember to use a strong password, even though it can sometimes be difficult to manage a long list of different passwords, it is absolutely necessary to do so. To make sure you have a strong password, you can use a password generator which respects the rules of password setting. Also remember to change it every two or three months and have it written down in a secure place.
  • Change your username – By default WordPress sets the administrator’s username as “admin”. All hackers knows this and it is the first username they will try when attacking your website. If you want to increase your website’s security, always personalize your username.
  • Two-Factor Authentication – WordPress is compatible with various additional security features such two-factor authentication, which requires the admins mobile phone to login and gives an extra level of security.
  • Constantly update your website – One of the biggest reasons hackers succeed in hacking a WordPress site is due to the software used to run it  becoming outdated. Whenever your website sends you an alert to update your software, it should be done as a priority. WordPress puts a lot of effort into improving it’s security features and sends constant updates as proof of their work in defending your website from hackers and unwanted attacks.
  • Perform regular backups on your website – Your car may have a lock, but it doesn’t mean it shouldn’t also be insured against theft.  

Backups are like that insurance policy if your security should fail.

You should always have your backup data stored on an external device (such as cloud storage). Having a secure, recently scheduled backup can be achieved by using UpdraftPlus. While a backup isn’t necessarily going to protect you from hacking threats, it will help you restore your site should it be maliciously hacked or defaced. Having an UpdraftPlus backup of your site can also be extremely helpful if a virus infects your PC, or an employee commits a negligent or malicious act.

Hackers can attack multiple sites at once, at any time and without reason. It doesn’t matter if you are a huge company that delivers financial services or small start-up selling handcrafted gifts, you need to invest in improving your WordPress website security.

Hopefully if you follow these recommendations, your website and your customers financial information will be protected and you will retain the trust and confidence of your customers for years to come.

Steven Mehler is a professional writer, experienced in the areas of web development and systems security.

The post Why WordPress security is so important? appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

UpdraftVault release new 250GB additional storage option

The team at UpdraftPlus are pleased to share the latest update with our users – We have released a new 250GB storage upgrade option for your UpdraftVault backups.

Alongside the 5GB, 15GB and 50GB UpdraftVault storage options that are already available, the 250GB option allows users to add additional capacity to any storage space you currently have with UpdraftVault.  

When you sign up for UpdraftPlus Premium, you automatically get 1GB of free backup space as standard. However we know that for some websites, this is not going to be enough to contain all the data that builds up over time. By purchasing a subscription to the additional UpdraftVault 250GB, users will be provided the extra space needed that will help prevent any issues that can come from running out of storage space on your site.

Customers also have the option to either pay quarterly, or gain a discount and choose to pay annually instead.

To see the full product description and user agreement, please check out the FAQ page. Further information on this and other products can also be viewed at the UpdraftVault Homepage.


The post UpdraftVault release new 250GB additional storage option appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

How to take an automatic backup before an update using UpdraftPlus Premium

When updating your WordPress core, plugin or theme, at some point you probably thought, “will these new updates break my site?”

The answer to this question is maybe. Confused? It largely depends on the plugins and themes that you currently have installed. If they are compatible with the latest version of WordPress, then updating them should not break your site. But if a core, plugin or theme is not compatible; post update, the chances of a broken site increase. As such, it is always best to always take a backup before updating.

You could choose to take your backups manually. However, this is not recommended as it is all too easy to simply forget to take regular backups or to mistakenly skip a step in the process. Instead we recommend making your backups automatic, so you are always up to date. When trying to update something on your site like a plugin or the WordPress core, you should first take a backup of the current plugins/core on your WordPress site before executing the update. UpdraftPlus has been designed to have a system that does just that – we call it ‘Automatic Backups.’

If you do decide to turn on automatic updates, then all your updates will run in the background and will no longer require permission. Our Automatic Backups add-on gives you additional peace of mind as It will take a backup before your updates automatically install.

Backups should be an essential part of a WordPress site as the site can be quickly restored if an updates causes unexpected errors. Should you ever need to restore your site, we highly recommend keeping your backup in a remote storage location. This has the additional benefit of saving you from any server crash or hosting issues. In the worst case scenario, this will enable you to quickly get your backups from the cloud and restore your site.

Automatic backup before an update using UpdraftPlus Premium

If you are using UpdraftPlus Premium then you don’t need to get the separate Automatic Backups add-on as it already comes with this time-saving feature.

Once you have a copy of UpdraftPlus Premium installed on your WordPress site, you can start the automatic backup directly. There is no configuration setup needed for this feature.

Head over to your plugins page and select the plugin that you wish to update. For this example, we will update the Contact Form 7 plugin.

As soon as you hit the ‘update now’ link, you will see a pop-up. Keep the default options as they are and press the ‘Proceed with the update’ button.

UpdraftPlus will now start the process of carrying out an automatic backup. In this scenario, UpdraftPlus will first take a backup of all plugins before the Contact Form 7 plugin is updated. Similarly, when you update the WordPress core, UpdraftPlus first takes a backup of the existing WordPress core files and themes to ensure there is a secure backup should you need it. With every type of update a database backup is included, as this is an essential process.

While the backup is processing the WordPress update schedule will go on hold, but once the backup is complete, the update schedule will continue. In the next step, you will see your plugin updated to the latest version upon the completion of the process.

In the UpdraftPlus settings page, you will now see this new backup listed under the ‘Existing Backups’ list.

To differentiate this kind of backup from other regular backups, UpdraftPlus have added an ‘Automatic backup before update’ label below the backup date.

The overall idea is simple, take an update automatically before you update plugins, WordPress core or theme.

We hope this explains the importance of the Automatic Backup feature in UpdraftPlus. Try it today and let us know your feedback in the comment section below.

Bye Sajid Sayyad

The post How to take an automatic backup before an update using UpdraftPlus Premium appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

Trust No One: Retired FBI agent reveals how site was hacked; but quickly restored using UpdraftPlus

As an organisation that is dedicated to backing up WordPress sites all over the world, one of the best parts of the job is when we receive emails and messages letting us know about the issues and problems people have faced, and how UpdraftPlus has saved them from losing everything they have spent years working on.

One such instance that was reported to us recently concerned the website of retired FBI agent Jerri Williams. Having served 26 years as a Special Agent with the FBI, Jerri is now a successful author of several books and creator of the “FBI Retired Case File Review” podcast.

Jerri’s website is a hugely important point of contact that allows her to communicate and share her work with listeners and readers, so it must have come as something of a shock when it was recently hacked. As someone who has spent her professional career dealing with scams and schemers, this malicious act of sabotage could have potentially destroyed everything she had put years of work into. After initially reaching out to us via our Twitter account, Jerri was kind enough to share the details of not just her incredibly interesting past career, but also the events surround the hack of her website and the aftermath.

Hi Jerri, please could you tell us a little bit about yourself and your background.

I’m a retired FBI agent, author and podcaster. I’ve been showcasing my crime novels and podcast on my website since January of 2016. Because I have a website that prominently features the FBI, I assumed that at some point someone might be challenged to hack my site.

To prevent that nightmare, I purchased UpdraftPlus, just in case.

Can you tell us the nature of your website and what happened regarding the hack?

On the morning of the hack, I received a message from a regular listener saying that he couldn’t access the podcast and blog carousel on my website. He thought I might have been hacked. I went to my site and everything looked fine, until I tried to click on an episode or post. I was sent to a strange sales support page. I don’t remember what is was, because Norton security service immediately sent me a warning and blocked the site, noting it did so to prevent an intrusion and computer attack. For a few minutes I went into panic mode and then I remembered I had installed UpdraftPlus.

I quickly accessed my website dashboard, located the UpdraftPlus backups in the the settings menu, and clicked the button to restore my files to the most recent backup before the hack.

How long did it take for you to restore your site using UpdraftPlus and was the process straightforward and easy to do?

The process to restore my site was straightforward and easy to do. After I clicked on the restore button I was up and running again in less than 30 minutes. The next thing I did was change my website account password.

What advice would you give to other website owners who may be at risk (such as backup and security)?

Having UpdraftPlus is like having an insurance policy for your website. You hope nothing will ever happen, but if it does, you’re safe. It was one of the best decisions I’ve made for my business. It’s always better to be safe than sorry. The one thing I would have done differently is I wish I had been backing up my website every week instead of every other week. I had to manually recreate a week and a half worth of work because the backup preceded my most recently posted show notes and blog posts. I’ve changed the frequency so, if it happens again, I will have a more recent backup to restore.


As Jerri’s story shows, anyone and any kind site can potentially be targeted. Without adequate security, protection and backups, years of work could be lost. We were happy to hear that in this case there were no lasting issues, but often sadly this is not the case.

With 2 million+ active installs, UpdraftPlus is one of the most popular and trusted WordPress backup plugins currently on the market. Download and install your copy today.

The post Trust No One: Retired FBI agent reveals how site was hacked; but quickly restored using UpdraftPlus appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

How restoring a WordPress website can be more difficult than you think

A website’s security, continued success and even its very existence is of fundamental importance for a site owner. What happens when you need to restore a site due to damage that can be caused by any number of factors, but then discover the data you thought was being backed-up and stored safely doesn’t actually exist? Sometimes the best case scenario can be only having a woefully out of date site that does not contain your most recent changes, data and information. The worst case scenario is that you encounter the ultimate site restore horror story and discover you do not have any backups at all!

That won’t happen to you though right? Everyone probably thinks this as they have taken steps to prevent such a scenario and

That won’t happen to you though right? Everyone probably thinks this as they have taken steps to prevent such a scenario and protect them from any potential misfortune. We’ve all heard a story of someone who installed something as simple as a WordPress update, which then crashed the site and took any chance of a restore with it. Often these scenarios can cost tens of thousand of dollars in lost business, valuable time and a loss of reputation while site owners attempt to rebuild a shattered site.

As was seen in a recent article, the hosting service A2 endured major issues related to a security breach that resulted in a shut-down of all Windows services. A malware attack resulted in A2 coming to the decision that the only way to recover the corrupted data it hosted was to do a full restore from the site backups. In theory, this should have caused very few problems as full and incremental backups should be taken regularly to ensure the most recent version of the website is always available for a restore.

Unfortunately it seems that in many cases, A2 were only able to restore from old versions of customer sites, which were very different from the latest and most recent versions their customers were anticipating.

While losing information on your site/business from just a few days or even a week ago might be bad enough, some A2 customers were faced with the prospect of having a restored site that was several months out of date. It is easy to imagine the embarrassment and issues this caused businesses that rely solely on their site to make sales. A loss of reputation and an outdated site would have been a best case scenario for many though, as some were even faced with the loss of their entire site due to the lack of security and updates in place.

This isn’t an isolated case limited to A2 however. While in a previous job, Marc Lacroix (a member of our team) experienced a situation where a client had a website with an older version of PHP hosted on an old server. The client was encouraged to contact their hosting company to find out if they could upgrade to PHP 7, to which the hosting company obliged and transferred the site to a new server, with the latest version of PHP.

When checking the website afterwards, it was noticed the content were no just old and out of date, but also had parts missing. It was discovered that the latest update for the site was dated from 2 months earlier, with no sign of all the changes that had been made since then. It remains a mystery why the hosting company used a 2 month old backup instead of migrating the live site directly. Thankfully the site owner had made a fresh backup with UpdraftPlus, which was quickly uploaded and restored. Problem solved!

While many customers depend on their hosting services to make regular backups and deal with security, the examples above clearly show that there is a massive need to take control of your own backups after investing so much time and money in your website.

That is why UpdraftPlus is the leading WordPress backup software and is used by companies and individuals all over the world. Should the very worst happen and your site gets completely wiped due to a hack or malware, you can rest easy knowing that you can fully restore your site simply and easily with UpdraftPlus.

Download UpdraftPlus today

The post How restoring a WordPress website can be more difficult than you think appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.