How to take backup in WordPress
Written by: Morten Malde

All our web hosting packages have daily backups included totally free 30 days back in time. See our guide for this here on how to restore.

We always recommend that our customers set up backups on their installations as well. Below are some methods and plugins that can run a manual or scheduled automatic backup of your WordPress installation.

Why Backup WordPress?

Many people often think on backup, but rarely do anything about this and have to learn it on the hard way. Therefore, it can be smart to always have the habit of setting up backup from the start of each website.

There are many threats on the internet that will continue to attack and try to find holes in your WP installation.
Often it’s one of the reasons below that makes it important to make backup:

  • An update of the plugin or template fails and crashes the site
  • Fault from the user(s) due to negligence
  • Virus and malware inserted by hackers

How often should one backup?

It depends entirely on whether the website is updated regularly with content or not. If a website is updated daily, backup should also be performed daily. If content is updated a couple of times a year, monthly backup will suffice.

For major updates of plugins and templates, we always recommend taking a manual backup before the updates are performed.

Which backup solution should I choose?

There are many good solutions and which one fits you and your WordPress installation will vary. So it might be good to test some to see which ones work well and is not suited to your WordPress website.

UpdraftPlus

This is the most known and most commonly used backup plugin for WordPress.
It is used by more than 2 million installations.

UpdraftPlus Onedrive

We tested UpdraftsPlus and set up monthly backups for Google Drive. The WordPress installation is 85MB in size on the server. After backup to Google Drive, it uses about 13MB as backup files.
Recovery also worked fine without any error messages and went smoothly.

It is quite possible to upgrade to the Pro version of UpdraftPlus for more features and capabilities, but most of our customers will do well with the free version.
Overview of the free version and the Pro version can be found here.

BackupGuard

Slightly less known plugin for backup, but we have tested it and many of our customers are using it.

Backup Guard WordPress plugin

After a local backup, the installation of 85MB was compressed to 6.13MB in one backup file.
We tested recovery and it was fast and without error messages.
In addition, it is simple and intuitive so it is easy to understand for most people.

The free version only gives access to external storage to Dropbox. If you want Google Drive, OneDrive and the like, you need to upgrade to the Platinum version.

Softaculous in cPanel

In cPanel we have an auto installation of scripts such as WordPress etc. Softaculous has developed several tools that make it easier for our users. Some worth mentioning are automatic updates of plugins, templates and WP itself. In addition, there are functions such as cloning, staging and backup.

Softaculous backup
We have created a guide on how to backup WordPress inside Softaculous here.
It is possible to select the destination on the backup to:
local (webserver), Google Drive, Dropbox, FTP, FTPS and SFTP.

The advantage of this solution is that it is a free solution for all our customers. In addition, some of our consultants will have better experience and can help if problems arise.

How to recognize and avoid fake emails?
Written by: Isabelle

Fake emails are one of the biggest security threats online against private individuals and companies. Behind these emails are scammers trying to steal your personal information to abuse this. In a survey conducted by Intel Security, 80% of people cannot identify phishing emails.

What is a fake email and what is phishing?

A fake email is a type of fraud. Most of the times so called phishing is used. Phishing is a term for digital spying or “fishing” for sensitive information, such as passwords or credit card information.

A phishing email will try to cheat the receiver into believing the sender of the email is someone else. The email will contain logo and other elements to give the impression its a serious and genuine email. It will encourage you to click the links in the email. These links will lead to what may appear as a serious website, such as Google, DNB or any other companies we deem as secure and trustworthy. In reality you have now accessed a fake website created by the scammers, who will have access to any information you enter on the website.

fake emails

An increasing issue

Statistics shows that phishing and fake emails is an increasing issue when it comes to security. According to  “Enterprise phishing resiliency and defense report” phishing has increased with 65% in 2017. Wombat security reports in “2018 state of the Phish” that 76% of companies had reported being subject to phishing attacks in the past year.

As much as 95% of all attacks on company’s networks are the result of a successful spear phishing attack (an advanced and targeted form of phishing often directed towards companies) according to Networkworld.

Take precautions

There are several precautions you can do in order to avoid being a victim to fake emails and phishing, as a person and a company. An advanced and sophisticated spam filter is the first line of defense since this will stop many of the fake emails. All our web hosting includes spam filter. If you have Pro Premium hosting you also have access to SpamExperts, which is a more advanced and accurate spam filter.

Since the human factor is the weakest link when it comes to this problem, the most important measure you can do is get yourself (and your employees) familiar with some guidelines:

  • Do not trust senders name

    One of the most used tactics for fake emails is abusing the senders name. Do not trust the senders name, but also check the email address as well. If it seems suspicious, do not open the email.

  • Look, but do not click

    If the email contains links, hover the mouse over these to check where they lead but do not click. If the link appears suspicious, do not click them.

  • Check for spelling mistakes

    Companies and organizations are meticulous with their emails. Serious emails normally do not have spelling mistakes or poor language.

  • Analyze the subject

    If the email is addressed to “Dear client” it could be a sign of a fake email. Companies and organizations normally use a greeting including at least the first name of the client.

  • Do not give out personal information

    Banks and companies with access to sensitive information will never ask you to provide this information via email.

  • The use of “urgent” or any threatening language in the subject

    Giving the impression the email is urgent or using fear is a tactic often used in phishing emails.

  • Check the signature

    Lack of details regarding the sender and how you can contact the company is often a sign of phishing. Serious companies will always include their contact information.

  • Do not open attachments

    Fake emails often include attachments with malware. If you open this it can destroy files on your computer, steal your passwords or even spy on you without your knowledge. Do not open attachments you did not expect to receive.

  • Be skeptical 

    These fake emails have become highly sophisticated. Even though an email has the company’s logo, correct spelling and appears to be a valid email, this does not mean it is. Be skeptical and if you find an email to be suspicious, do not open it.