Protecting Your Data
In my post “How To Backup WordPress Correctly” I recommended two totally free backup plugins that can help protect you from disaster.
While actually not perfect, their free and easy to use status means that backups actually get done unlike many of the other systems that people tend to drag their feet over and its usually is plenty to get them back up to speed quickly in the case of an emergency.
One of these plugins, the WordPress Backup by BTE writes three backup files (plugins.zip, uploads.zip, themes.zip) to the host, and while not essential for function it is a good security measure to add a htaccess file (security file) to that folder top stop intruders.
While this plugin can be found in the wordpress repository here, its official homepage over at BTE is here.
On this page you will find a step that says:
Add an htaccess file to you backup folder (bte-wb folder). Here is what I have in mine. This is simply a filename “.htaccess” with the following contents.
<Files ~ ".*..*">order allow,deny
deny from all
I know this explanation sounds a little obtuse but all you need to do is make a new basic text file (suggest using “notepad” on Windows, do not use Word)… copy paste those contents into the file… and save it with the name “.htaccess” (with file type set to “all files” so it does not become htaccess.txt LOL)
Here’s a screenshot of making/saving one:
(click the image if you need a larger view)
Once the file is saved to your computer, then use FTP to upload it to your blogs bte-wp folder (located inside your blog’s wp-content folder) and your done.
For more information on how to use FTP be sure to check out “How To Use FTP For Blogging With WordPress” which is a full training. If you’re uncomfortable with using FTP, I suggest watching it (more than once if necessary).
This file stops someone from the “outside” from coming up to your site and going to http://yourdomain.com/wp-content/bte-wp/ and helping themselves to your backups.
I don’t stress getting this done initially partially because I do not want to in any way dissuade you from getting a backup made but partially because its not nearly as dangerous as if it were a backup of the database (which it’s not). However if someone outright wanted to mess with you (rather than how most infections are spread randomly) this would be a quick way to find out (by downloading the plugins.zip) if you were running any plugins that they knew how to hack.
This is quite a bit different than if it were a backup of your database and getting their hands on it gave them the keys to log in (as well as all of your commenters comments and email addresses).
This is why it’s also recommended to add an htaccess file to your blogs main folder, which protects the all-important wp-config file which contains all of your database connection information and can be accessed similarly if one has not been added.
Though this can seem like a tedious annoyance, the benefit to you in the long run – both in having at least monthly backups from the plugin (it does quickly get unable to email due to size of the blog) – and in having the security that others can not easily get to the backup – really is worth it. That said, if your blog is brand spankin new, and your new to WordPress/FTP, the risk to gain ratio may not make it worth your time when your still trying to learn WordPress and most of your blog could be easily recreated, compared to when your blog is a couple months old.
I am available to help out with support time should you get into a bind and not be able to sort it out yourself (or have the time) however the steps involved are something you should be capable of doing on your own if you’ve taken the time to watch the FTP training. (You also can bring questions to the #WordPressWednesday on my Facebook Page and either I or Nile will be available to help you out .)
Heres To Your Success,