How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

There's a lot of "my sites were hacked" lately. There's a very simple way to instantly restore your sites without buying any plugins or progams.

This is for cpanel hosting.

Backup Your Site Files
Go to your cpanel.
Click on File Manager.
Choose your domain
Click "Select All" files
Choose Compress
Check zip for file format and name your file
Click go

That's it - your files are now backed up and all you do to restore them is go to file manager, click on the zip file you created and choose Extract. It will overwrite all the files there, restoring them to their normal state.

http://autopostwp.com/backup.jpg

Backup Your Database

If your site has a database, as Wordpress sites do, the final step is to backup your database.

Go to cpanel
Click on phpMyAdmin
Click on the database you want to back up
Click on Export
Click go
Save it to a folder for your site on your hard drive
That's it!

http://autopostwp.com/db.jpg

To restore your database, go to phpMyAdmin in your cpanel.
Click on your database
Select all the tables and Choose "Drop" from the dropdown box.
Then click on "Import"
Import the database that you saved to your hard drive
That's it.

http://autopostwp.com/drop.jpg

That's all there is to it and it only takes about 5 minutes or less.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Great advice, Suzanne!
I'm embarrassed to admit that I didn't even know about the File manager "all files" compression/backup approach. Cool! (and easy)

For that matter, I've never even backed up a database the way you described (usually just use some form of DB backup plugin).

Thanks for sharing!

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Yep - this is easy to do.

I've been telling people this for ages. It comes up when people ask about backing up and cloning blogs, and although it's really quick and simple - people seem to still prefer to pay for a tool to do it instead.

Hopefully a few people will read the OP and actually give it a try just so they know how easy it is.

Andy

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

I didn't think that there is any option to select all and Compress it in cPanel I will surely try it tonight as I do back-up my file manually. thanks for the help.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Thanks Suzanne, I didn't realise it was that easy. One of those things I keep putting off but seeing it laid out like that there's really no excuse for not getting it done.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

I've been using WordPress Backup to Dropbox for quite a while, and I've set it to backup daily. This way, I know everything in my blog (not just the database, as with many other backups), is being backed up daily, not just when I think to do it...:)

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Absolutely. If it's a Wordpress site, you have the Wordpress file as well as the theme files and images, etc. all zipped up. Just upload it to any host, unzip or "Extract" the file, create your database and import the database you saved, edit the wp-config file with the new database info and finally, go into the new database in wp-options and change the url to the new url. You now have an identical site on a different url. You'll have to go into your Wordpress control panel and go to Settings > General > and place your new url in the second box in there.

Running the plugin Search and Replace will change all the old urls in the posts and images to the new urls.

All those steps are in a document I created to help people transfer a site from one host to another. It's at domainingdiva.com/transfer.pdf

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Thanks Suzanne, I'm another one that had been putting off thinking about it and hadn't realised it was that easy. This information could potentially save hours and hours of time not to mention lost revenue!

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Another thing you can do to make your WordPress installation
more secure, it to change the table prefix for your WordPress
database.

By default, the table prefix is 'wp_'

It is recommended that you change the 'wp' to something else.

Export your current WordPress database and then open it up
in Notepad and then do a Find and Replace (Ctrl +H) to change
all of the prefixes from 'wp_' to 'xxx_' (replace xxx with whatever
letters you choose).

Then drop the database and import the new database with the
new table prefix.

You'll need to update the table prefix in your wp-config.php file
too. Just do a search for the line in the code that has...

Then change it to whatever letters you've chosen.

Dedicated to mutual success,

Shaun

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Great tip and easy to do when you do it in notepad.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Have you heard about wptwin from Jason Fladlein? It is well, unreal. Instant backups and transfers.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

you can also download the backups from cpanel under backup section if you have daily backups provided by your hosting company.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

That is great info, Suzanne. Thanks for sharing.

Is there any merit to not using Fantastico or Quick Install when adding Wordpress to your site for security purposes? I recently saw a video series on a more secure way to install Wordpress. I'm not tech savvy enough to know what the security risks are when using Fantastico versus the long way of installing Wordpress.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

My problem with messing with data bases is, how do you figure out which data base goes with which domain?

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

After being hacked, what I can do was to asked my host provider to do a frequent backup before.

Thank you for sharing, I learn a lot!

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Yeah actually, I bought it when it was first released. Tried it on one site, it failed and never touched it again. It literally takes me two minutes to backup and transfer a site without software.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Suzanne... thank you.

11 sites hacked the other day... here was I thinking Google didn't like me and it turns out there was some redirect so it took people elsewhere. I use an alternative hosting company so I need to check if I can do this using their system -- or change host.

Is that hostgator?

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

I use both Hostgator and Hostmonster. Any host with cpanel should work.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Wow man .. Great tips... Thank you...

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

That's one of the best free tips on WF in a long time! Thank you for sharing it with us.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

As an alternative take a look at xcloner I used to use it for joomla buts it's available for WP and standalone sites now, it auto backs up your sites including databases, you can set it up a cron job too to do daily backups it also has a restore tool as well without getting super technical.

And it's free... If might take one or two times to get the hang of it but it's well worth pursuing the learning curve. Installs as a WP plugin too.

It's also extremely handy if you want to clone or move sites to a different domain.

Thing is if your site got hacked and you restore everything be sure to try and find out how they hacked your site, and remove the original exploit. If not you maybe just restoring an open vulnerability and leaving the door wide open for it to happen again.

HTH

Jay

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Thanks for the tip.

When I asked HostGator support how to backup sites, they told me to goto "Backups" then create a full backup.

If it's been done that way, is there any advantage of doing it the way you explained using "File Manager"?

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Nice writeup, I didn't realize that it was that simple to do.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Me too. Btw, is there any way to change the url [or customize the link that appears on the url] without affecting our ftp?

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Invaluable advice!! Thanks so much for putting this together in an easy to understand way - I've researched this topic before and have always ended up more confused with all the techie stuff. But this is great - thanks again.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

When exporting the database, it's good to choose custom options and add DROP TABLE. This way, when you will be using the archive, it will first erase the existing copy from the server. Otherwise any entries the hacker may have done outside the boundaries of the existing archive (added a new table row, which is consequently not in the backup copy) remain even after you restore the site, and this may be used as a backdoor.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Suzanne - great post. What an easy, free way for anybody to protect their websites. Thanks for taking the time to post that.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

if you have drupal/joomla you use tokens for the admin page so nobody can easily access it. like mydomain.com/dkj32409randomtoken/admin.php

also put a .htaccess password on it that is gigantic.

change the database tables around with a unique prefix or something so they can't easily get common joomla or drupal table names

pick a giant database password with high entropy using passwordgenerator(dot)eu and store it encrypted somewhere.

change all the permissions so there's no executable -x

if using a VPS there's a ton more things you have to do. like abandoning ssh passwords and using keys, mounting no exec partitions to store pages, chroot php/sql, use port knocking, endless checklist of things to do.

pretty sure there are wordpress and other CMS scripts you can buy that check for any changes (like suddenly a banklogin.php appearing in your directory.. or e-pharma links in your pages) and reverse them.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Very good post and thank you Suzanne.
An extra addition to that perhaps, after you do your initial backup as described above, install one of the backup plugins such as "BackUpWordPress".
Set this to backup automatically, weekly (depending on your choice), database only, enter your email address, and it will automatically email you a database backup every week.
Regards
Brian

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

If you do a full backup in cPanel using "Backups", then "Full backup", does that backup the WordPress databases also? Or do they need to be backed up seperately.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

From what I understand, when you do a full backup from cpanel, yes, it does back up everything, including email, database, etc. but you cannot use the file to restore on that server. The host can restore it for you.

That's why I like my method. It gives me full control over the restore. I can restore at any time on any server in a very short period of time without asking the host to restore my site.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Cheers Suzanne, appreciated.

For those of you wondering about full back-up with Hostgator, I think they only allow back-ups smaller then 5GB. Can anyone confirm this?

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Hostgator automatically do a full cPanel backup so long as you are using less that 20GB and/or less than 100,000 files.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Wow Suzanne, thanks for the heads up! You will never really know when backing up would be of use so better be ready always. I have used the full back up option in my cpanel before but I see difference on your short tutorial, might just check this out and see what happens!

Ryuchi

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Really really great tutorial. I thank you so much for sharing. After reading some threads on WF about website was hacked, I am more cautious towards hacker. I need to bookmark this.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

+1

even the techno weenies. (i.e someone who does not know anything) can get some use from this. Great post.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Thank you for sharing these informative tips with us. I didn't know that before.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Fantastic! I knew there must be a simpler way after uploading a file last night.
You are a star. I'm going to keep this and test it today...

Thank you for your help.

Andy Moore

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Except I think it is only once a week!

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Great tip there Suzanne, well illustrated and simple to do. And as a few have commented, there really is no excuse not to do this now. Better than hitting a potential disaster further down the road :)

Jackie, you're right. Hostgator do an automatic backup as long as you're not over their limit to allow the backup to complete.

It should be pointed out though that although they do a backup, they will charge $15 for a restore of the data. And it's not a file you can get access to yourself to restore from. Just a couple of things to bear in mind.

No matter what system you use, it is always worth having your own copy safely stored away should anything happen.

But certainly creating a zip backup as suggested by Suzanne is at the very least a bigger "safety net" than most site admins have in place.

Stay safe,
Paul.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Thank You Suzanne.

This is without a doubt the best post online available on this subject and has the pics too :-)

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

What's explained in this thread is really basic webmaster knowledge.
It's surprising that so many people who have websites don't know these things.
Learn the basics like this folks and you'll be on the safe side, as well as skip
spending a lot of money on unnecessary scripts and plugins.




.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

Quite true, but basic webmaster skills aren't something most are born with, so it's good to outline these types of things for people who aren't technically inclined or just haven't come across the info yet. A lot of newbies are scared of doing anything at all with a Wordpress database. Learning to back one up and import one can be a real timesaver when something goes wrong with a blog.

Re: How to Beat the Hackers - Simple Steps to Protect and Restore Your Site
 

The info you posted will point them in right direction - learning how to do it yourself. Good post, keep them coming ;)