What is the Protection Trifecta?
Toolkit for Backups, Upgrades and Security Scanning
Site backups, malware protection, and updated software – form what we call the Protection Trifecta. They provide the layers of protection and insurance you need to make sure your site is as secure as possible and easily recoverable in the event of a disaster. Visualize three deadbolts on an apartment door in a rough part of town (and some really great insurance on top of that!).
Setting up the Protection Trifecta is something you can do yourself. To help you, we have created this Tool-Kit that shows you what to do, step by step. In a nutshell, you will need to purchase backup storage and malware protection, and you will need to diligently stay on top of your backups and your WordPress updates.
All of the information you need is in our Tool Kit. We love our DIY-minded customers and are pleased to offer this information for free to support you.
Update
Since writing this DIY guide years ago, an online service has been created that allows you to handle most aspects of the DIY WordPress Maintenance and Care without needing to perform the tasks manually as specified below. For backing up both files and database and simple server side security scans consider signing up for ManageWP.
ManageWP is a tool that allows you to handle the DIY more easily. They are not a “do it for you” service, except for tasks that are automated in the software. So, if you are not really in to DIY, you may want to consider a more hands-on WordPress Website Care & Maintenance Plan.
At ManageWP, you only pay for the add-ons you need, which are very reasonably priced. They even have a free plan with the very basics.
1. Back Up Your Website (Files and Database)
A back-up of your website database and website files is REQUIRED before any updates or upgrades are made to WordPress or Plugins. As with your personal computer files, keeping regular back-ups is also a best practice. In the event of a catastrophic failure, having a good back-up of your site is the best insurance, allowing you to get back online quickly.
Step 1: Back Up Website Files
Your options for backing up your files may vary a little based on your hosting company.
Select a Back Up Option
- Back Up Files via the Hosting Company Control Panel
Search your hosting company help for articles specifically addressing how to back up your files. Some hosting companies may have an automated process allowing you to put this on auto-pilot (this may be free or a paid service). Here are links to file backup instructions for some popular web hosts:- SangFroid Hosting – Manual via FTP (go to the next option, “Back Up Files via FTP”)
- Network Solutions
- BlueHost
- HostGator
- GoDaddy – Manual via FTP (go tothe next option, “Back Up Files via FTP”)
- Back Up Files via FTP (File Transfer Protocol)
Some hosting companies may not have any automated backup solutions available, instead directing you to backup your site via FTP. An FTP program allows you to connect directly to your web server to download, upload and manage the files stored there (your website files).- You must first install an FTP program on your computer. Some popular FTP programs are FileZilla, Fetch (Mac), and gFTP (Linux).
- Locate your FTP login credentials. You will need to know the host, username and password. This is available in your hosting control panel if you don’t know it.
- Connect to the webserver using the FTP program you have installed.
- Create a folder on your personal computer to which you will download the files. Name it something meaningful. Download the files from the web server to your personal computer. Take care not to delete or move any files on the web server.
Step 2: Back Up WordPress Database
WordPress.org has detailed instructions on various options for database update. This is not an exhaustive list, but will point you in the correct direction.
- Database Back Up Using a WordPress Plug In (If we built your site, you may already have WP Database Backup plugin installed – Check under Tools, Backup)
- Database Back Up Using phpMyAdmin
- Database Back Up Using cPanel
- Check with your hosting company support for options available for backing up your database. There will most likely be a simple ‘one-click’ option for backing up your database. Some hosting companies may have an automated process allowing you to put this on auto-pilot (this may be free or a paid service). Here are links to database backup instructions for some popular web hosts:
Learn about our WordPress Website Care & Maintenance Plans »
2. Purchase Security Monitoring
Website Security Monitoring offers another layer of protection and insurance against the fallout of a compromise, allowing you to recover your site quickly with minimal impact. We have partnered with Sucuri for security monitoring.
Sucuri security monitoring relies on several levels of monitoring:
- SiteCheck software performs daily scans of your site, reporting any visible compromises immediately before your site can be black-listed by Google. SiteCheck manual scans are available for free on the Sucuri website, but keep in mind that 100% accuracy is not realistic for a remote scanner alone, and therefore never guaranteed. The real power behind the Sucuri product is found in the next two layers.
- Server-side security scanning (paying customers only) detects difficult to find hacks such as hidden phishing pages or conditional hacks where the code is executed only when certain conditions are met.
- Manual audits – If you suspect you’ve been hacked, but the scans are clean, you can request a manual scan at no extra charge.
Site Clean Up Included
In addition, as a Sucuri customer, if your site is compromised, Sucuri will clean it up at no extra charge, as many times as is needed, over the course of your subscription.
Learn about our WordPress Website Care & Maintenance Plans »
3. Upgrade Your WordPress Installation, Plugins and Themes to the Current Versions
For many of you, auto-upgrading your WordPress installation will be a ‘one-click’ process. However, prior to initiating any upgrades, a full back up of your site files and database are REQUIRED (see item #1 above). In the unlikely event that something goes wrong, having proper back ups of both the site files and the database are required to put the site back online. You have been officially warned!
- Upgrade WordPress: How to Upgrade Your WordPress »
- Upgrade Plugins: If you have taken a proper back up of both your files and database, you should be able to use the Auto-Update function. To Auto Update: Go to “Plugins, Installed Plugins” in the WordPress dashboard. Next to any out-of-date plugins, there will be a notice stating that ‘There is a new version” with an option to “Update Now”. Click the “Update Now” link and wait for the auto-update to complete. (You MUST have a back up of your site files and database before doing this.) Repeat with each out-of-date plugin.
- Upgrade Themes: If you have taken a proper back up of both your files and database, you should be able to use the Auto-Update function.
Learn about our WordPress Website Care & Maintenance Plans »