How to Beat the Hackers - Simple Steps to Protect and Restore Your Site

by 43 comments
There's a lot of "my sites were hacked" lately. There's a very simple way to instantly restore your sites without buying any plugins or progams.

This is for cpanel hosting.

Backup Your Site Files
Go to your cpanel.
Click on File Manager.
Choose your domain
Click "Select All" files
Choose Compress
Check zip for file format and name your file
Click go

That's it - your files are now backed up and all you do to restore them is go to file manager, click on the zip file you created and choose Extract. It will overwrite all the files there, restoring them to their normal state.

Backup Your Database

If your site has a database, as Wordpress sites do, the final step is to backup your database.

Go to cpanel
Click on phpMyAdmin
Click on the database you want to back up
Click on Export
Click go
Save it to a folder for your site on your hard drive
That's it!

To restore your database, go to phpMyAdmin in your cpanel.
Click on your database
Select all the tables and Choose "Drop" from the dropdown box.
Then click on "Import"
Import the database that you saved to your hard drive
That's it.

That's all there is to it and it only takes about 5 minutes or less.
#main internet marketing discussion forum #beat #hackers #protect #restore #simple #site #steps
  • Profile picture of the author Bentley74
    Great advice, Suzanne!
    I'm embarrassed to admit that I didn't even know about the File manager "all files" compression/backup approach. Cool! (and easy)

    For that matter, I've never even backed up a database the way you described (usually just use some form of DB backup plugin).

    Thanks for sharing!
  • Profile picture of the author Andyhenry
    Yep - this is easy to do.

    I've been telling people this for ages. It comes up when people ask about backing up and cloning blogs, and although it's really quick and simple - people seem to still prefer to pay for a tool to do it instead.

    Hopefully a few people will read the OP and actually give it a try just so they know how easy it is.

  • Profile picture of the author smartyjohn
    I didn't think that there is any option to select all and Compress it in cPanel I will surely try it tonight as I do back-up my file manually. thanks for the help.
  • Profile picture of the author WikiWarrior
    Thanks Suzanne, I didn't realise it was that easy. One of those things I keep putting off but seeing it laid out like that there's really no excuse for not getting it done.
  • Profile picture of the author Jim Willis
  • Profile picture of the author luckystepho
    Thanks Suzanne, I'm another one that had been putting off thinking about it and hadn't realised it was that easy. This information could potentially save hours and hours of time not to mention lost revenue!
  • Profile picture of the author ericbryant
    Have you heard about wptwin from Jason Fladlein? It is well, unreal. Instant backups and transfers.
  • Profile picture of the author bhola badshah
    you can also download the backups from cpanel under backup section if you have daily backups provided by your hosting company.
  • Profile picture of the author waynewalters
    That is great info, Suzanne. Thanks for sharing.

    Is there any merit to not using Fantastico or Quick Install when adding Wordpress to your site for security purposes? I recently saw a video series on a more secure way to install Wordpress. I'm not tech savvy enough to know what the security risks are when using Fantastico versus the long way of installing Wordpress.
  • Profile picture of the author timpears
    My problem with messing with data bases is, how do you figure out which data base goes with which domain?
  • Profile picture of the author yong1515yong
    After being hacked, what I can do was to asked my host provider to do a frequent backup before.

    Thank you for sharing, I learn a lot!
  • Profile picture of the author Big Al
    Suzanne... thank you.

    11 sites hacked the other day... here was I thinking Google didn't like me and it turns out there was some redirect so it took people elsewhere. I use an alternative hosting company so I need to check if I can do this using their system -- or change host.

    Is that hostgator?
  • Profile picture of the author TammieJJ
    That's one of the best free tips on WF in a long time! Thank you for sharing it with us.
  • Profile picture of the author Jay Moreno
    As an alternative take a look at xcloner I used to use it for joomla buts it's available for WP and standalone sites now, it auto backs up your sites including databases, you can set it up a cron job too to do daily backups it also has a restore tool as well without getting super technical.

    And it's free... If might take one or two times to get the hang of it but it's well worth pursuing the learning curve. Installs as a WP plugin too.

    It's also extremely handy if you want to clone or move sites to a different domain.

    Thing is if your site got hacked and you restore everything be sure to try and find out how they hacked your site, and remove the original exploit. If not you maybe just restoring an open vulnerability and leaving the door wide open for it to happen again.


  • Profile picture of the author cooler1
    Thanks for the tip.

    When I asked HostGator support how to backup sites, they told me to goto "Backups" then create a full backup.

    If it's been done that way, is there any advantage of doing it the way you explained using "File Manager"?
  • Profile picture of the author SarahZT
    Invaluable advice!! Thanks so much for putting this together in an easy to understand way - I've researched this topic before and have always ended up more confused with all the techie stuff. But this is great - thanks again.
  • Profile picture of the author sunray
    When exporting the database, it's good to choose custom options and add DROP TABLE. This way, when you will be using the archive, it will first erase the existing copy from the server. Otherwise any entries the hacker may have done outside the boundaries of the existing archive (added a new table row, which is consequently not in the backup copy) remain even after you restore the site, and this may be used as a backdoor.
  • Profile picture of the author Gene Pimentel
    Suzanne - great post. What an easy, free way for anybody to protect their websites. Thanks for taking the time to post that.
  • Profile picture of the author maxentropy
    if you have drupal/joomla you use tokens for the admin page so nobody can easily access it. like

    also put a .htaccess password on it that is gigantic.

    change the database tables around with a unique prefix or something so they can't easily get common joomla or drupal table names

    pick a giant database password with high entropy using passwordgenerator(dot)eu and store it encrypted somewhere.

    change all the permissions so there's no executable -x

    if using a VPS there's a ton more things you have to do. like abandoning ssh passwords and using keys, mounting no exec partitions to store pages, chroot php/sql, use port knocking, endless checklist of things to do.

    pretty sure there are wordpress and other CMS scripts you can buy that check for any changes (like suddenly a banklogin.php appearing in your directory.. or e-pharma links in your pages) and reverse them.
  • Profile picture of the author bjd461
    Very good post and thank you Suzanne.
    An extra addition to that perhaps, after you do your initial backup as described above, install one of the backup plugins such as "BackUpWordPress".
    Set this to backup automatically, weekly (depending on your choice), database only, enter your email address, and it will automatically email you a database backup every week.

Next Topics on Trending Feed