62 {{ upvoteCount | shortNum }}
62 {{ upvoteCount | shortNum }}

How to Beat the Hackers - Simple Steps to Protect and Restore Your Site

by sbucciarel Banned
43 replies
There's a lot of "my sites were hacked" lately. There's a very simple way to instantly restore your sites without buying any plugins or progams.

This is for cpanel hosting.

Backup Your Site Files
Go to your cpanel.
Click on File Manager.
Choose your domain
Click "Select All" files
Choose Compress
Check zip for file format and name your file
Click go

That's it - your files are now backed up and all you do to restore them is go to file manager, click on the zip file you created and choose Extract. It will overwrite all the files there, restoring them to their normal state.



Backup Your Database

If your site has a database, as Wordpress sites do, the final step is to backup your database.

Go to cpanel
Click on phpMyAdmin
Click on the database you want to back up
Click on Export
Click go
Save it to a folder for your site on your hard drive
That's it!



To restore your database, go to phpMyAdmin in your cpanel.
Click on your database
Select all the tables and Choose "Drop" from the dropdown box.
Then click on "Import"
Import the database that you saved to your hard drive
That's it.



That's all there is to it and it only takes about 5 minutes or less.
#beat #hackers #protect #restore #simple #site #steps
  • Profile picture of the author Bentley74
    Great advice, Suzanne!
    I'm embarrassed to admit that I didn't even know about the File manager "all files" compression/backup approach. Cool! (and easy)

    For that matter, I've never even backed up a database the way you described (usually just use some form of DB backup plugin).

    Thanks for sharing!
    {{ DiscussionBoard.errors[5134146].message }}
  • Profile picture of the author Andyhenry
    Yep - this is easy to do.

    I've been telling people this for ages. It comes up when people ask about backing up and cloning blogs, and although it's really quick and simple - people seem to still prefer to pay for a tool to do it instead.

    Hopefully a few people will read the OP and actually give it a try just so they know how easy it is.

    Andy
    Signature

    nothing to see here.

    {{ DiscussionBoard.errors[5134158].message }}
  • Profile picture of the author smartyjohn
    I didn't think that there is any option to select all and Compress it in cPanel I will surely try it tonight as I do back-up my file manually. thanks for the help.
    Signature
    {{ DiscussionBoard.errors[5134200].message }}
  • Profile picture of the author WikiWarrior
    Thanks Suzanne, I didn't realise it was that easy. One of those things I keep putting off but seeing it laid out like that there's really no excuse for not getting it done.
    Signature
    {{ DiscussionBoard.errors[5134237].message }}
    • Profile picture of the author AnniePot
      I've been using WordPress Backup to Dropbox for quite a while, and I've set it to backup daily. This way, I know everything in my blog (not just the database, as with many other backups), is being backed up daily, not just when I think to do it...
      {{ DiscussionBoard.errors[5134437].message }}
  • Profile picture of the author Jim Willis
    Banned
    [DELETED]
    {{ DiscussionBoard.errors[5134653].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by Jim Willis View Post

      I never knew you could just zip all the files and reup them. Is it easy to get it all to work on another server?
      Absolutely. If it's a Wordpress site, you have the Wordpress file as well as the theme files and images, etc. all zipped up. Just upload it to any host, unzip or "Extract" the file, create your database and import the database you saved, edit the wp-config file with the new database info and finally, go into the new database in wp-options and change the url to the new url. You now have an identical site on a different url. You'll have to go into your Wordpress control panel and go to Settings > General > and place your new url in the second box in there.

      Running the plugin Search and Replace will change all the old urls in the posts and images to the new urls.

      All those steps are in a document I created to help people transfer a site from one host to another. It's at domainingdiva.com/transfer.pdf
      {{ DiscussionBoard.errors[5134759].message }}
  • Profile picture of the author luckystepho
    Thanks Suzanne, I'm another one that had been putting off thinking about it and hadn't realised it was that easy. This information could potentially save hours and hours of time not to mention lost revenue!
    {{ DiscussionBoard.errors[5134798].message }}
    • Profile picture of the author Shaun OReilly
      Another thing you can do to make your WordPress installation
      more secure, it to change the table prefix for your WordPress
      database.

      By default, the table prefix is 'wp_'

      It is recommended that you change the 'wp' to something else.

      Export your current WordPress database and then open it up
      in Notepad and then do a Find and Replace (Ctrl +H) to change
      all of the prefixes from 'wp_' to 'xxx_' (replace xxx with whatever
      letters you choose).

      Then drop the database and import the new database with the
      new table prefix.

      You'll need to update the table prefix in your wp-config.php file
      too. Just do a search for the line in the code that has...

      Code:
        = 'wp_';
      Then change it to whatever letters you've chosen.

      Dedicated to mutual success,

      Shaun
      Signature

      .

      {{ DiscussionBoard.errors[5134874].message }}
      • Profile picture of the author sbucciarel
        Banned
        Originally Posted by Shaun OReilly View Post

        Another thing you can do to make your WordPress installation
        more secure, it to change the table prefix for your WordPress
        database.

        By default, the table prefix is 'wp_'

        It is recommended that you change the 'wp' to something else.

        Export your current WordPress database and then open it up
        in Notepad and then do a Find and Replace (Ctrl +H) to change
        all of the prefixes from 'wp_' to 'xxx_' (replace xxx with whatever
        letters you choose).

        Then drop the database and import the new database with the
        new table prefix.

        You'll need to update the table prefix in your wp-config.php file
        too. Just do a search for the line in the code that has...

        Code:
          = 'wp_';
        Then change it to whatever letters you've chosen.

        Dedicated to mutual success,

        Shaun

        Great tip and easy to do when you do it in notepad.
        {{ DiscussionBoard.errors[5135081].message }}
  • Profile picture of the author ericbryant
    Have you heard about wptwin from Jason Fladlein? It is well, unreal. Instant backups and transfers.
    Signature
    www.CoreZero.com
    - Social Media Marketing Strategy & Consulting
    - Custom Wordpress Website Design & Blogs
    - Wordpress Speed Demon? Click Here!
    - Live the life you love... now!
    {{ DiscussionBoard.errors[5159499].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by ericbryant View Post

      Have you heard about wptwin from Jason Fladlein? It is well, unreal. Instant backups and transfers.
      Yeah actually, I bought it when it was first released. Tried it on one site, it failed and never touched it again. It literally takes me two minutes to backup and transfer a site without software.
      {{ DiscussionBoard.errors[5160104].message }}
  • Profile picture of the author bhola badshah
    you can also download the backups from cpanel under backup section if you have daily backups provided by your hosting company.
    {{ DiscussionBoard.errors[5159565].message }}
  • Profile picture of the author waynewalters
    That is great info, Suzanne. Thanks for sharing.

    Is there any merit to not using Fantastico or Quick Install when adding Wordpress to your site for security purposes? I recently saw a video series on a more secure way to install Wordpress. I'm not tech savvy enough to know what the security risks are when using Fantastico versus the long way of installing Wordpress.
    Signature

    Skateboarding every damn day

    {{ DiscussionBoard.errors[5159566].message }}
  • Profile picture of the author timpears
    My problem with messing with data bases is, how do you figure out which data base goes with which domain?
    Signature

    Tim Pears

    {{ DiscussionBoard.errors[5159587].message }}
  • Profile picture of the author yong1515yong
    After being hacked, what I can do was to asked my host provider to do a frequent backup before.

    Thank you for sharing, I learn a lot!
    {{ DiscussionBoard.errors[5159849].message }}
  • Profile picture of the author Big Al
    Suzanne... thank you.

    11 sites hacked the other day... here was I thinking Google didn't like me and it turns out there was some redirect so it took people elsewhere. I use an alternative hosting company so I need to check if I can do this using their system -- or change host.

    Is that hostgator?
    Signature

    {{ DiscussionBoard.errors[5160612].message }}
    • Profile picture of the author sbucciarel
      Banned
      Originally Posted by Big Al View Post

      Suzanne... thank you.

      11 sites hacked the other day... here was I thinking Google didn't like me and it turns out there was some redirect so it took people elsewhere. I use an alternative hosting company so I need to check if I can do this using their system -- or change host.

      Is that hostgator?
      I use both Hostgator and Hostmonster. Any host with cpanel should work.
      {{ DiscussionBoard.errors[5160644].message }}
      • Profile picture of the author Chris Lengley
        Wow man .. Great tips... Thank you...
        {{ DiscussionBoard.errors[5161411].message }}
  • Profile picture of the author TammieJJ
    That's one of the best free tips on WF in a long time! Thank you for sharing it with us.
    {{ DiscussionBoard.errors[5161642].message }}
  • Profile picture of the author Jay Moreno
    As an alternative take a look at xcloner I used to use it for joomla buts it's available for WP and standalone sites now, it auto backs up your sites including databases, you can set it up a cron job too to do daily backups it also has a restore tool as well without getting super technical.

    And it's free... If might take one or two times to get the hang of it but it's well worth pursuing the learning curve. Installs as a WP plugin too.

    It's also extremely handy if you want to clone or move sites to a different domain.

    Thing is if your site got hacked and you restore everything be sure to try and find out how they hacked your site, and remove the original exploit. If not you maybe just restoring an open vulnerability and leaving the door wide open for it to happen again.

    HTH

    Jay
    Signature
    Sorry, I am too busy helping people to think of a cool signature!
    {{ DiscussionBoard.errors[5161749].message }}
  • Profile picture of the author cooler1
    Thanks for the tip.

    When I asked HostGator support how to backup sites, they told me to goto "Backups" then create a full backup.

    If it's been done that way, is there any advantage of doing it the way you explained using "File Manager"?
    Signature

    {{ DiscussionBoard.errors[5161968].message }}
    • Profile picture of the author Tom Ryan
      Nice writeup, I didn't realize that it was that simple to do.
      Signature


      {{ DiscussionBoard.errors[5162034].message }}
      • Profile picture of the author iDesigners
        Originally Posted by Tom Ryan View Post

        Nice writeup, I didn't realize that it was that simple to do.
        Me too. Btw, is there any way to change the url [or customize the link that appears on the url] without affecting our ftp?
        Signature
        World's #1 Affordable Logos
        {{ DiscussionBoard.errors[5164773].message }}
  • Profile picture of the author SarahZT
    Invaluable advice!! Thanks so much for putting this together in an easy to understand way - I've researched this topic before and have always ended up more confused with all the techie stuff. But this is great - thanks again.
    {{ DiscussionBoard.errors[5277802].message }}
  • Profile picture of the author sunray
    When exporting the database, it's good to choose custom options and add DROP TABLE. This way, when you will be using the archive, it will first erase the existing copy from the server. Otherwise any entries the hacker may have done outside the boundaries of the existing archive (added a new table row, which is consequently not in the backup copy) remain even after you restore the site, and this may be used as a backdoor.
    Signature
    {{ DiscussionBoard.errors[5277883].message }}
  • Profile picture of the author Gene Pimentel
    Suzanne - great post. What an easy, free way for anybody to protect their websites. Thanks for taking the time to post that.
    {{ DiscussionBoard.errors[5277978].message }}
  • Profile picture of the author maxentropy
    if you have drupal/joomla you use tokens for the admin page so nobody can easily access it. like mydomain.com/dkj32409randomtoken/admin.php

    also put a .htaccess password on it that is gigantic.

    change the database tables around with a unique prefix or something so they can't easily get common joomla or drupal table names

    pick a giant database password with high entropy using passwordgenerator(dot)eu and store it encrypted somewhere.

    change all the permissions so there's no executable -x

    if using a VPS there's a ton more things you have to do. like abandoning ssh passwords and using keys, mounting no exec partitions to store pages, chroot php/sql, use port knocking, endless checklist of things to do.

    pretty sure there are wordpress and other CMS scripts you can buy that check for any changes (like suddenly a banklogin.php appearing in your directory.. or e-pharma links in your pages) and reverse them.
    {{ DiscussionBoard.errors[5282720].message }}
  • Profile picture of the author bjd461
    Very good post and thank you Suzanne.
    An extra addition to that perhaps, after you do your initial backup as described above, install one of the backup plugins such as "BackUpWordPress".
    Set this to backup automatically, weekly (depending on your choice), database only, enter your email address, and it will automatically email you a database backup every week.
    Regards
    Brian
    Signature

    Some working strategies to earn extra money, by starting and maintaining your own blog for ways to make money online.

    {{ DiscussionBoard.errors[5356400].message }}
    • Profile picture of the author cooler1
      Originally Posted by bjd461 View Post

      Very good post and thank you Suzanne.
      An extra addition to that perhaps, after you do your initial backup as described above, install one of the backup plugins such as "BackUpWordPress".
      Set this to backup automatically, weekly (depending on your choice), database only, enter your email address, and it will automatically email you a database backup every week.
      Regards
      Brian
      If you do a full backup in cPanel using "Backups", then "Full backup", does that backup the WordPress databases also? Or do they need to be backed up seperately.
      Signature

      {{ DiscussionBoard.errors[5356783].message }}
      • Profile picture of the author sbucciarel
        Banned
        Originally Posted by cooler1 View Post

        If you do a full backup in cPanel using "Backups", then "Full backup", does that backup the WordPress databases also? Or do they need to be backed up seperately.
        From what I understand, when you do a full backup from cpanel, yes, it does back up everything, including email, database, etc. but you cannot use the file to restore on that server. The host can restore it for you.

        That's why I like my method. It gives me full control over the restore. I can restore at any time on any server in a very short period of time without asking the host to restore my site.
        {{ DiscussionBoard.errors[5356911].message }}
  • Profile picture of the author Fernando Veloso
    Cheers Suzanne, appreciated.

    For those of you wondering about full back-up with Hostgator, I think they only allow back-ups smaller then 5GB. Can anyone confirm this?
    Signature
    People make good money selling to the rich. But the rich got rich selling to the masses.
    {{ DiscussionBoard.errors[5356964].message }}
    • Profile picture of the author UMS
      Originally Posted by Fernando Veloso View Post


      For those of you wondering about full back-up with Hostgator, I think they only allow back-ups smaller then 5GB. Can anyone confirm this?
      Hostgator automatically do a full cPanel backup so long as you are using less that 20GB and/or less than 100,000 files.
      Signature
      {{ DiscussionBoard.errors[5499103].message }}
      • Profile picture of the author JackieGold
        Originally Posted by UMS View Post

        Hostgator automatically do a full cPanel backup so long as you are using less that 20GB and/or less than 100,000 files.
        Except I think it is only once a week!
        {{ DiscussionBoard.errors[5499684].message }}
        • Profile picture of the author Paul Irvine
          Originally Posted by JackieGold View Post

          Except I think it is only once a week!
          Great tip there Suzanne, well illustrated and simple to do. And as a few have commented, there really is no excuse not to do this now. Better than hitting a potential disaster further down the road

          Jackie, you're right. Hostgator do an automatic backup as long as you're not over their limit to allow the backup to complete.

          It should be pointed out though that although they do a backup, they will charge $15 for a restore of the data. And it's not a file you can get access to yourself to restore from. Just a couple of things to bear in mind.

          No matter what system you use, it is always worth having your own copy safely stored away should anything happen.

          But certainly creating a zip backup as suggested by Suzanne is at the very least a bigger "safety net" than most site admins have in place.

          Stay safe,
          Paul.
          Signature
          ---
          {{ DiscussionBoard.errors[5508409].message }}
  • Profile picture of the author ryuchi
    Wow Suzanne, thanks for the heads up! You will never really know when backing up would be of use so better be ready always. I have used the full back up option in my cpanel before but I see difference on your short tutorial, might just check this out and see what happens!

    Ryuchi
    {{ DiscussionBoard.errors[5499163].message }}
  • Profile picture of the author Yudhistira Mauris
    Really really great tutorial. I thank you so much for sharing. After reading some threads on WF about website was hacked, I am more cautious towards hacker. I need to bookmark this.
    {{ DiscussionBoard.errors[5499204].message }}
  • Profile picture of the author celente
    +1

    even the techno weenies. (i.e someone who does not know anything) can get some use from this. Great post.
    Signature
    Create a $5000 USD a month Business. 1-on-1 Coaching. By 6 figure marketer! - CLICK HERE
    {{ DiscussionBoard.errors[5499225].message }}
  • Profile picture of the author fahmi22
    Thank you for sharing these informative tips with us. I didn't know that before.
    {{ DiscussionBoard.errors[5499344].message }}
  • Profile picture of the author andy moore
    Fantastic! I knew there must be a simpler way after uploading a file last night.
    You are a star. I'm going to keep this and test it today...

    Thank you for your help.

    Andy Moore
    Signature
    http://videotubestation.com How To Get Top Ranking Videos In Google and YouTube - In Days!
    {{ DiscussionBoard.errors[5499447].message }}
  • Profile picture of the author Fallen_Angel
    Thank You Suzanne.

    This is without a doubt the best post online available on this subject and has the pics too :-)
    Signature
    Hypnosis Downloads
    {{ DiscussionBoard.errors[5889176].message }}
    • Profile picture of the author Alminc
      What's explained in this thread is really basic webmaster knowledge.
      It's surprising that so many people who have websites don't know these things.
      Learn the basics like this folks and you'll be on the safe side, as well as skip
      spending a lot of money on unnecessary scripts and plugins.




      .
      Signature
      No links :)
      {{ DiscussionBoard.errors[5889480].message }}
      • Profile picture of the author sbucciarel
        Banned
        Originally Posted by Alminc View Post

        What's explained in this thread is really basic webmaster knowledge.
        It's surprising that so many people who have websites don't know these things.
        Learn the basics like this folks and you'll be on the safe side, as well as skip
        spending a lot of money on unnecessary scripts and plugins.
        Quite true, but basic webmaster skills aren't something most are born with, so it's good to outline these types of things for people who aren't technically inclined or just haven't come across the info yet. A lot of newbies are scared of doing anything at all with a Wordpress database. Learning to back one up and import one can be a real timesaver when something goes wrong with a blog.
        {{ DiscussionBoard.errors[5889520].message }}
        • Profile picture of the author Alminc
          Originally Posted by sbucciarel View Post

          Quite true, but basic webmaster skills aren't something most are born with, so it's good to outline these types of things for people who aren't technically inclined or just haven't come across the info yet. A lot of newbies are scared of doing anything at all with a Wordpress database. Learning to back one up and import one can be a real timesaver when something goes wrong with a blog.
          The info you posted will point them in right direction - learning how to do it yourself. Good post, keep them coming
          Signature
          No links :)
          {{ DiscussionBoard.errors[5889593].message }}

Trending Topics