How to Backup WordPress Without Plugins

Video is ready, Click Here to View ×

Backup plugins have been known to fail or your file can get too large for the backup. Even if you have a great plugin, learn to backup manually just in case.

Take my WordPress Customization Course

27 thoughts on “How to Backup WordPress Without Plugins

  1. +Lisa Irby Great video Lisa! I noticed that when you were downloading the theme files the download option wasn't available. I tried this in my HG Cpanel and it's not available for download. Any idea why this is?

  2. Lisa, This is a great video and you are an exceptional instructor. I have viewed hundreds of web site tutorials over last year and you instructions, flow, style and video is the best I have seen to date. Thank you

  3. Allow me to impart some professional information (actually limitations to some of these methods in the video).

    I build and secure websites for a living. I have experienced one of my clients WordPress site get hacked. He chose not to secure his WordPress site, so that opened him up. Suffice to say, his website host shut down his website because it contained malicious viruses and codes.

    When I got called to restore his site, I went in and what did I find?

    I found that the hacker inserted over 8000 HTML pages in the root folder and each one had malicious codes. The hacker also corrupted several WordPress PHP (core and working) files with more malicious codes. That was not all, and here comes the limitation.

    The hacker apparently had access to the file structure of the WordPress site for over a month and no one knew. He had corrupted, over time, the PHP files before he dumped his 8000 HTML files into the root folder.

    The website host does "regular backups" and since the website content had changed a lot over the month, the backups that were more than a month old were outdated. The backups for the past 30 days were all corrupted because the website hosting backup system saved the corrupted files in the backup process. Hence ALL backups by the host were useless because using one of those corrupted backups only replaced the hackers work. I had to do a complete "manual" re-install of WordPress. (Worst scenario that can happen is a required delete of the entire site and a complete new re-install. That did not happen in this case.)

    Then I had to manually remove all corrupted HTML files (yep, all 8000) and do a scan for more hidden malicious codes. Once it got cleaned, I had backups of the modification work I did and that returned the website to its original form. Then I worked to secure the website and do backups. (Note the content itself was not affected or lost)

    So here are my suggestions that do not involve the website host.

    Website host can be hacked, even with their wonderful security. Backups made by them are not 100% reliable and since their scans don't seem to pickup corrupted backups (as it was in this case), the work to secure and backup lies 100% on your shoulders.

    So if you want 100% security and reliability, do the backup yourself on regular basis. Sad but true.

    ==Manual Backups:==
    Yes, you can download the WordPress folders & files to your hard drive via FTP, which is best because most web hosts C-panel is too slow and some restrict the amount of files they allow for download at one time. FTP is pretty unlimited here for this.

    Know which files to download and which you can safely ignore. Caches are generally ones to ignore. Saves time and reduces backup file size.

    Keep your download on a backup drive that is not regularly used, this means the drive lasts longer if it is not constantly used. Also ZIP the backup folders and files to reduce their total size.

    Upload a copy of the backup to a cloud storage like Google Drive, Dropbox etc. Remember to include the Date of the backup in the backup file / folder name (I don't depend on the "date created" or "date modified" meta data seen in Windows).

    Backing up your Database is also crucial in the same way, export it as "sql" extension, NOT as a Zipped version, and save it. This is because some web hosts do not support other types of backup extensions for mySQL databases and some of their SQL databases will not support importing "ZIPPED" or compressed file versions of the database backup. The basic "sql" extension is pretty standard and works with most of them.

    There are some really good plugins out there, do some research and read reviews. Ensure the plugin can backup the entire WordPress site. This means a restore will be complete. Save the backup to both your own backup drive and a cloud storage.

    Most of all, install a security scan plugin that will scan the entire WordPress site and all its files for malicious code. This is important because if the web host gets hacked, you won't know in time and any backup you make can end up corrupted as well. So scanning your entire website is crucial BEFORE you do each backup.

    Now depending on the plugin, you will likely need to have some understanding of how to handle scan alerts when a file is corrupted or marked as a problem (like the file content is changed, but with good code). Just because a file has changed, does not mean its bad, as updates do change files and some security scans use original WordPress files as templates to match against current ones and that current ones may not match (usually because of updates). You need to know or have someone know how to identify good changes to WordPress files vs bad ones.

    Lastly, make sure your WordPress site and all plugins are up to date. Old plugins that have never been updated or not compatible with the current WordPress site opens the door to hackers. Plugins that are not compatible and not regularly updated should be removed and/or replaced. If you pay for someone to maintain your site, go in and check once in a while to ensure all is working good. I found some website managers or designers are not good (not skilled, trained and not knowledgeable at all for their work) and your paying for shoddy work.

    I hope this helps.

  4. This is a great video, its always best to backup your WordPress blog, The place I host all my websites does this for me everyday. Most people don't do this and than when something happens its to late.

  5. Well it's true that all WordPress sites have 2 parts. but if you just backup your theme files and database, you don't have a full backup.
    To have a full backup of your site, you have to download complete wp-content folder, wp-config.php file (optional) and your database.
    If you will follow this video and download theme files and database, you will not get your site's images backup.

  6. Hi Lisa, thanks for sharing your knowledge. I beleive  I done everything you stated, and found the folder and theme I want to back up however the download button stays inactive. the copy, and upload are active. What am I doing wrong? Thanks

  7. Thanks for the great tutorial, Lisa. You make incredibly easy to understand what others make ridiculously complex. 'Really enjoyed the info and especially the delivery. I'm now a subscriber and am looking forward to gleaning more of your knowledge. Peace.

  8. Hello Lisa,
    Greetings from Bonaire (caribbean)
    I'm thinking to buy a turn key Amazon affiliate website. For about $55. And start taking your Udemy course to make it work.
    Is that a good idea? Or do you have any suggestion?

  9. Thanks for this tutorial, Lisa! 🙂 I just have a question though. The download button doesn't seem to be clickable. It's grayed out like the one shown on your video. Do you have any suggestions? Thanks. I appreciate it. :)

  10. Hi Lisa, I am having trouble adding the "Google Adsense" gadget on my Blogger. There is a message that pops up when I click on the "save" button. It says: "Please correct the errors on this form."  Do you know what is going on with the GA gadget? thanks.

Leave a Reply

Your email address will not be published. Required fields are marked *