Start learning with our library of video tutorials taught by experts. Get started
Viewed by members. in countries. members currently watching.
This course explains how to secure self-hosted WordPress sites, including site configuration, code modification, and the use of free plug-ins. Beginning with the basics of site security, author Jeff Starr explains how to harden a WordPress site by configuring authentication keys, setting proper file permissions, and removing version numbers. The course shows how to implement a firewall, prevent automated spam, and control proxy access, and concludes with a series of advanced tips and site security best practices.
Keeping current backups is the most important thing you can do to protect your site. It's like your site's life insurance policy. In a worst-case situation, having current backup files enables you to get everything back up and running. Of course the easiest way to back up everything with WordPress is to do it automatically with a plug-in. There are several good backup plug-ins available, but the most powerful and flexible is one called BackWPup. Let's check it out from the Install New Plugins screen in the admin where we do a quick search and see it listed right here.
So we click on Details to read more about it, and we see that it's got a great rating. Daniel Husken is a reputable author. It's been downloaded 54,000 times. Says it has not been tested, but it is compatible with WordPress 3.1, so they are referring to the .3 current version of WordPress. We use it on several sites and it works great. Here is a list of the things that we're going to be doing: backing up our database, optimizing the database, and it also checks and repairs the database.
You can also do file backups and as you can see here, we get a host of options for where it should store the backup files. The plug-in is already installed on this demo site and as you can see here, the installation is as usual. So let's go to the Plugin page and configure the Plugin. It's under the Tools menu, BackWPup. The first thing we want to do is configure the plug-in's main settings, so we click on the Settings link.
Here on the Settings page, most of the fields should be pre-filled with the correct information, so let's take a look. First is the entire Send Mail panel, which looks just fine using default values. Then scrolling down, the Logs panel. The Log file folder is going to be the location on your server where the backup log files are stored. It should be fine using the default values, and then for Max. Log Files in Folder, pick a reasonable number to keep on your server to avoid file build up, because they will just keep adding files.
And then these two options we can leave at the default, the Gzip Log files!, Log a detailed file list. And these last two panels, Disable Cron and Temp Folder, those will be fine; you don't need to mess with those. When everything looks good, click Save Changes and then go to the Jobs panel to create our first backup job. To do so, we click the Add New button, and give it a useful name. We are going to back up everything, so we'll call it that.
In our first panel here, Database Jobs, we leave everything unchecked to back up everything, and these two options, we can leave those set at the default as well. Scrolling down to File Backup, let's check root, Content, Plugins, Themes, and uncheck the Uploads. You'll want to back up your uploads according to your own schedule, especially if you have lots of files. Then we fine-tune which files to back up by excluding directories and folders that aren't needed.
So we can always obtain these folders and files from a default installation, and we don't need to back up our temporary files or our old or existing backups. We do not need to include our plug-ins, so let's exclude these. You should keep a list of your plug-ins in case you do need to restore them. And for Themes, let's just back up the one that we are using, 2010.
Here are two more fields for including and excluding other items as you wish. In this panel, Backup to Directory, we're going to specify the location on the server where the backup files will go. Here we don't want to have a bunch of files accumulate on the server, so let's give it a reasonable number, like 10. And then everything beneath this point are alternate locations, other places to store your backups.
If we scroll down, we see Backup to E-Mail, and we want to include our Email address here, so we are backing up everything to the server and to your email. In the right column, let's check everything and make a complete backup, and then we are almost done. We want to activate automatic backups and to do this--let's say we want to do this every day. To do that, we set 0, 0, Any, Any, Any is the magic recipe for every day.
Then your backup file, you can customize the prefix and the compression method. The default value should work just fine. And if you'd like to receive email notification when there are errors, then go ahead and include your e-mail address here and check the option to send only if there are errors. Once everything is configured, that's pretty much it. All we need to do is save our changes, and we've created our job, and we can return now to the Jobs overview and we see we have Backup Everything ready to go.
The type of backup, we're backing up the database, files, and everything else. The file size, the database size is a little over a megabyte and the files, less than a megabyte. So, total backup file size is good at about 2 MB, roughly. It's set to run tomorrow, and it hasn't been run yet, so let's go ahead and do that by clicking the Run Now button, which you can click at any time to make an instant backup of everything. So we click Run Now and it shows the progress, and here it says the job was done in one second, which is great.
Let's scroll through and see if there are any errors or warnings that will be highlighted in red or yellow. And there's not, but if there are, you can use this information to help troubleshoot. At this point, the BackWPup plug-in is set up and ready to go. You should begin receiving your backup files via email and also see the backup files on your server the next time you're there. In this screencast, we've set up an automatic backup strategy using the versatile BackWPup plug-in.
Your site's life insurance policy is now in full effect, with current site backups available to you at a moment's notice.
There are currently no FAQs about WordPress 3: Developing Secure Sites.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.