All Tutorials


WordPress Backup: How to Backup Your Site and Database



WordPress Backup: Complete Strategy with Solid Security Plugin and Iperius Backup

For those in a hurry:

  • WordPress is the most popular CMS in the world (used by 61.2% of sites with a known CMS, or 43.4% of all sites), but it is also the target of cyber attacks (over 90,000 attacks per minute on WP sites) due to vulnerable plugins and themes.
  • Most data loss does not come from organized attacks, but from technical or human issues: about 75% of data loss is due to human error , while hardware failure or malware accounts for 31% and 29% of cases, respectively. Therefore, regular WordPress backups are essential.
  • There are many WordPress backup plugins (free and premium) such as UpdraftPlus , Duplicator , VaultPress (Jetpack) , BackWPup , WPvivid , BlogVault , etc., which offer various features (cloud backup, schedules, incremental). However, many free plugins are limited (e.g. Duplicator free does not support scheduled backups) and often the more advanced features require paid versions.
  • Suggested strategy: combine the free Solid Security plugin (for automatic MySQL database backups) with Iperius Backup (FTP download function) to obtain a complete copy of the site and DB locally. The Solid Security plugin is lightweight, free and improves site security (performs DB audits and backups). Iperius Backup, with a low-cost perpetual license, allows unlimited backups and advanced options (incremental backups, compression, file exclusion, multiple destinations such as NAS or cloud). This solution does not create vendor lock-in , because the MySQL dump is a standard text file that can be easily restored with any tool. Furthermore, recovery occurs simply by rewriting the site files via FTP and importing the dump into the database. Having a local backup is equivalent to a “reverse offsite” (a copy outside the original server) which guarantees maximum recovery speed in case of problems (malware, accidental deletions, etc.).

Introduction: WordPress is a free and open-source content management system (CMS) , originally created for blogs but now used for any type of website. WordPress currently powers about 43% of all websites, with over 810 million installations worldwide. Its widespread use makes it an attractive target for hackers and malware. It is no coincidence that security studies indicate that over 90,000 attacks are launched against WordPress sites every minute . Most of these attacks exploit vulnerabilities in plugins and themes (according to WPScan, 52% of known flaws depend on plugins, 37% on the WordPress core and 11% on themes). Data from Wordfence and Sucuri confirms this: about 60% of compromised sites have at least one unprotected access point (malware and malicious scripts) and over half of compromised sites run outdated versions of WordPress. For example, 61% of infected sites were out of date. These numbers underline why it is essential to always keep cores, plugins and themes updated, but also to make regular backups . In fact, human errors and hardware failures are also frequent causes of data loss: independent studies estimate that 75% of losses depend on carelessness or accidental deletion, while server failures or viruses cause 31% and 29% of data loss incidents, respectively.

In short, no site is risk-free , so every WordPress owner should have a rigorous backup policy: regularly saving your site’s database and files to offsite locations (cloud or separate devices) ensures restoreability. An up-to-date backup means you can recover your site in minutes even after a hack or deletion, reducing downtime and damage.

WordPress Backup Plugins (Free & Paid)

There are many plugins available to perform automatic backups of a WordPress site. Among the most popular are UpdraftPlus , Duplicator , VaultPress (Jetpack) , BackWPup , BlogVault , WPvivid , WP Time Capsule , BackupBuddy , etc. These plugins offer data saving features on the local server or on cloud services (Google Drive, Dropbox, Amazon S3, OneDrive, etc.) and full, incremental or differential backup modes.

  • UpdraftPlus : Offers both a free and premium version. With UpdraftPlus free you can schedule backups to many cloud storage platforms (Drive, Dropbox, S3, Rackspace, etc.). The premium version (costs from ~55€/year) adds support for OneDrive, Azure and incremental backups.
  • Duplicator : Popular migration and backup plugin. The free version allows manual full site backups (files+database), but does not support scheduling, incremental backups or automatic cloud uploads . The paid version (from ~$60/year) enables scheduled backups and uploads to Google Drive, OneDrive, S3, FTP, etc.
  • BackWPup : plugin with free and pro versions. The free version allows scheduled backups and uploads to clouds such as Google Drive, OneDrive, Amazon Glacier, FTP, etc. The Pro version (from $69 per year) enables additional features, such as automatic backup recovery directly from the plugin.
  • WPvivid Backup – Free and paid plugin (from ~$29/year). The free version offers scheduled backups to cloud storage (Drive, Dropbox, S3, OneDrive, DigitalOcean Spaces) and also supports FTP backups.
  • VaultPress (Jetpack Backup) – A solution based on WordPress.com’s Jetpack, which performs incremental backups to the cloud without using up server space. The plugin is free, but requires a paid Jetpack (or standalone VaultPress) plan (from ~53€/year).
  • BlogVault – Paid third-party (SaaS) service (from ~$89/year) that performs full incremental backups, migration, and uptime monitoring, with built-in security options (malware scanning, firewall, etc.).
  • Others : There are also BackupBuddy, Total Upkeep, WP Time Capsule, etc., which generally offer paid backups with advanced features.

In general, most backup plugins rely on cloud services (often paid) or on the server itself for security. One limitation is that the backup can weigh down the site’s resources and the disk space of the hosting server. Furthermore, relying only on plugins leads to possible dependencies on the plugin provider itself. For these reasons, as we will see in the proposed strategy, it can be more effective to combine a local security plugin with external backup software.

The best strategy: Solid Security + Iperius Backup FTP

The simplest, cheapest and most effective combination:

  • Solid Security (free) – WordPress security plugin that, among other features, makes automatic backups of the MySQL database . By installing Solid Security, you can schedule periodic backups of the DB (in SQL or compressed format) in a folder on the site. In case of serious problems, you can quickly restore the database from the saved dump. Solid Security, in addition to backup, offers various protection features (2FA, brute force blocking, file audit, vulnerability scanning) that improve the overall security of the site .
  • Iperius Backup (perpetual license) – backup software for Windows that allows you to download all the files of a website and remote databases via FTP. In its “FTP Download” function, you configure an FTP account to the site server, indicating which folders/files to download. Iperius supports FTP, but also FTPS/SFTP for encrypted transfers, ensuring maximum security. With Iperius, you can select the main folder of the WordPress site (typically public_htmlor www) as an FTP source: at the first backup, it will download all the files of the site, then it can proceed with incremental backups (downloading only the modified files). Furthermore, Iperius offers advanced file filtering/exclusion options and the ability to immediately copy the downloaded data to additional destinations (NAS, Tape LTO, Cloud such as Dropbox, Google Drive, Amazon S3, etc.).

This strategy has the following advantages :

  • Solid Security is free and improves site security (DB protection and backup).
  • Iperius Backup uses a perpetual license model (one purchase, low cost) and allows unlimited backups of servers and sites. In addition to FTP backup, Iperius supports incremental backups, compression, backup to multiple destinations (NAS, disks, cloud) and advanced functions such as file exclusions or backup of email/Exchange/SQL configurations. In practice, with a single Iperius license you can manage the backup of any number of sites , virtual machines, databases, etc., without recurring subscription costs.
  • No vendor lock-in : the entire backup (file and MySQL dump) resides in standard files (dump is in SQL text format). It can be restored with generic tools (phpMyAdmin, mysql commands, etc.), no proprietary software needed.
  • Easy FTP recovery : If needed, simply upload the downloaded files via FTP to the server and import the MySQL dump, without having to rely on complex procedures.
  • Having a local backup (off the original server) guarantees maximum recovery speed (“reverse offsite”) in case of compromise or deletion, without waiting for recovery from remote services.

To summarize, the proposed system uses Solid Security to make regular backups of the database inside the site, and Iperius Backup to automatically transfer the entire content of the site (file + DB dump) locally via FTP. Iperius can be run on a corporate or home Windows server, thus maintaining an updated external copy of the WordPress site.

Technical Guide: Configuring Solid Security and Iperius

1. Configure Solid Security to backup your database

  1. Installation and Activation: In your WordPress admin panel, go to Plugins > Add New , search for “Solid Security” (by SolidWP) and install it. Then activate it.
  2. Enable DB Backup: In the WordPress menu, click on Solid Security > Settings > Utilities . Enable the Database Backups feature . You can set the backup interval (e.g. every 1-7 days) as per your needs.
  3. Save path: Choose the “Save Locally” or “Save Locally and Email” option , specifying a destination folder on the server (better outside the public root, for security). For example wp-content/backups/sql/. Solid Security will automatically generate MySQL dumps in this path with a name like backupsitowp_2025-05-16.sql.gz.
  4. Number of backups to keep: Set how many copies to keep on the server (e.g. 4-5 recent backups). Solid Security will delete the oldest dumps automatically.
  5. Check: After the first scheduled backup, the file .sql(or .zipif compressed) will appear in the chosen folder. If zip compression causes problems, you can disable it in the settings.

The result is a periodic backup of the WordPress database only , useful for restoring content and settings quickly. It is still necessary to also save the site files (plugins, themes, media) and other non-standard tables (if present).

2. Configure Iperius Backup to download the site via FTP

  1. Download and install Iperius : On the destination Windows computer or server (where you want to save the backups), install Iperius Backup. For the initial trial, the free version may be sufficient, but for unlimited backups, it is recommended to have a full Iperius license.
  2. Create a new backup job: Start Iperius and create a “New backup job” .
  3. Add “FTP Download” item: In the backup items list, click “FTP Download” . A configuration window will open.
  4. Set up FTP account: Click “Add new FTP account”. Enter the site’s FTP server address (e.g. ftp.miosito.it), username and password. If supported, select FTPS/SFTP protocol for added security. Save the account.
  5. Select remote folder: From the FTP tree shown, navigate to the root of your WordPress site (usually the main folder containing wp-admin, wp-content, wp-includes). Select this folder as the download source (or optionally wp-contentto save only files and plugins, but better the entire site).
  6. Destination local folder: Choose a local folder on your computer where you want to download the files (for example C:\Backups\MyWordPressSite\). Iperius will create an exact copy of the site structure here.
  7. Advanced Settings:
    • Incremental backup: Make sure the backup type is incremental . This way, all files will be downloaded at the first backup, then Iperius will save only the new or modified ones, making subsequent runs much faster.
    • File exclusions: If you want to exclude very large or temporary folders, you can configure exclusions for the files in the backup.
    • Copies to other destinations: In the “Destinations” window of Iperius, you can add a secondary destination (e.g. a NAS or an external disk or a Cloud destination) where to copy the downloaded folder at the end of the job. This creates an automatic double copy for greater security.
  8. Start test backup: Save the backup job and click “Run” to launch the download. Check the Iperius logs: it should connect via FTP and download the entire site to the local folder. When finished, check for the presence of the files (index.php, wp-config.php, wp-content folders, etc.).
  9. Include Solid Security DB dump: If Solid Security has saved the database dumps in a folder accessible via FTP (for example wp-content/backups/sql/), also include this folder in the Iperius FTP configuration. In practice, also select the SQL backup folder so as to download it locally. Alternatively, you can create a second Iperius job of the FTP Download type that points specifically to that folder. If you are downloading the entire site, the database backup files will be automatically included.

At this point Iperius Backup will automatically copy (on a scheduled or manual basis) both the site files and the MySQL dump files generated by Solid Security. With incremental settings, each subsequent execution will be rapid, downloading only the updates.

Read the tutorial showing how to configure FTP Download with Iperius

Advantages of the combined solution

This backup strategy combines the strengths of a free WordPress plugin with external software, thus obtaining effective protection without high recurring costs . Let’s summarize the main advantages, reiterating the key points in bold:

  • Solid Security is free and, in addition to DB backups, provides various protections (2FA, bot blocks, file monitoring) that increase the security of the site.
  • Iperius Backup uses a perpetual license model (one-time investment) and allows you to protect an unlimited number of sites, files and resources with a single tool. It offers advanced backup options (incremental, compression, multiple destinations – NAS, cloud storage – etc.), usually available only in expensive enterprise suites.
  • No vendor lock-in: the backup is made of standard files. The MySQL dump is an independent SQL text file that can be imported with any MySQL tool. This provides flexibility to restore even on different servers or other platforms.
  • Easy FTP recovery: In case of problems (compromised site, human error), simply upload the downloaded files via FTP and restore the DB from the saved dump. No advanced knowledge or special proprietary software is required.
  • Fast local backup (“reverse offsite”): by keeping the backup on your own server or NAS you avoid depending on third parties and speed up recovery: the site is restored in very short times, without waiting for downloads from remote cloud services.

This strategy provides a double security barrier . The image on the side illustrates the most common causes of data loss: as you can see, hardware failure (31%) and human error (29%) are among the main causes, followed by malware/ransomware (29%). A regular local backup protects against all these threats, acting as an independent security network. Solid Security covers especially database compromise scenarios, while Iperius Backup guarantees complete replication of the site.

Conclusions

In conclusion, the combination of Solid Security and Iperius Backup offers a solid, simple and economical backup solution for every WordPress site. The free Solid Security plugin automates database backups and improves site security, while Iperius Backup, with its FTP Download function, creates a complete copy of files and DB dumps locally with a low-cost perpetual license. The key advantages – no vendor lock-in, immediate restore, incremental and multi-destination backups – make this solution ideal for site owners who want to protect their online presence without complications.

Download and try Iperius Backup now



For any questions or doubts regarding this article, Contact us