Backing up a WordPress blog isn’t as difficult as you might think. Sure, there are many plug-ins available which will back-up your WordPress databases but if you just want to keep a copy of your posts, here’s how to do it.
Head to your WordPress blog and click on the word Tools on the left hand side of the page. You’ll either see a pop-out on the right if you just hover the mouse over the word Tools or you will see this if you click the word:
We’re looking to Export here so click on that.
Since we’re trying to keep a record of our posts, we’ll choose Export. If we wanted to insert these posts into the blog, we would choose Import. This is what you’ll see next:
You can choose to back up everything or just your posts and/or pages.
You can choose to download All Content or just your posts. Whichever you choose, WordPress will quickly get an .xml file ready for you and it will automatically download that file to your computer, usually to your Download folder or the folder you have chosen for downloads. Once there, you can open the file with whatever program Windows has set up to deal with .xml files. Here, Adobe Dreamweaver opens them but you could use Safari or Chrome or even Notepad. The file you download is full of ‘markup’ language, hence the name, but you will be able to find all of your words very easily.
Once you have the file saved, you don’t have to do anything with it. It’s a back up. Your site is still running, your WordPress installation is still working perfectly but now you can relax, knowing that all of your posts have been saved. They won’t get lost in a server crash. If, god forbid, that ever happens, you’ll be able to copy and paste all of your posts into your new WordPress blog. You’ll have to do them one by one but, hey, at least you won’t have to rewrite every post.
Now don’t misunderstand us. We use plug-ins to back-up our databases and, of course, our hosting company saves back-ups as well. We were looking for an easy way to save all of our posts and this works very well. Try it, you’ll rest easy knowing that nothing is lost.
This morning I received an email from this site telling me that someone had registered as a user. Needless to say I was surprised. I wasn’t quite sure what damage a new user could do to my site but I logged in, deleted him and changed my settings. When WordPress asked me to confirm the deletion, it also asked me if I wanted to delete any links that the new user had put up here. I said yes, of course, but that made me think about my settings on my other sites. The default WordPress settings make it very easy for anyone to subscribe to your site AND to post links. Here’s how you can protect your site before this happens to you.
Head over to Settings, second last link on the left side of your Dashboard window. Once you are there, you should be on the General Settings page but make sure that this is where you are.
Halfway down you’ll see ‘Membership’ with a box that is, probably, checked. If it is checked then ‘Anyone can register’ which isn’t what you want. You want to un-check that box to prevent people from adding themselves as users. You can still add users but you have to be logged in as admin in order to do that.
The second thing you want to do, now that we are on this subject, is to limit comments on your posts. Yes, you want comments but you don’t want spam. There are two ways to prevent this. The first is to go to Settings then to Discussion Settings. What you are looking for there is ‘Email me whenever’ and ‘Before a comment appears’. In the second one, make sure that the box is checked beside ‘An administrator must always approve the comment’. Then, in the section above, make sure that you get an email when someone makes a comment and when one is held for approval.
If you have your WordPress installation set up this way, you won’t get surprised by someone adding themselves to your user list AND you won’t get spam comments showing up unannounced, either. Sure, you will get spam but you can check the comments and delete them. How can you prevent spam completely? You can’t. But you can add a plugin that will put check all comments and automatically put the ones that are spam into the proper folder. Here’s how.
Akismet is a standard plugin that you get with WordPress. To get it working, you need to activate it. To activate Akismet, you have to register and then get what they call an ‘API Key’. Don’t worry, it’s free. All of the links are there on your WordPress Plugins page. The key is the only thing you need before Akismet roots out spam for you. It won’t send an email but it will hold all the comments that it thinks are spam, and it is never wrong, until you show up to delete them.
There are other ways to secure your WordPress installation, these are only two. WordPress is probably the most documented bit of brilliance on the ‘net. Keep learning and keep safe, people.
Since the default WordPress username is ‘admin’, did you ever think that maybe it’s time to change it to something a bit more secure? Any hacker worth her or his salt can probably gain access to your WordPress installation quite easily. The only thing they need is a password generator of some type if you have left the default WordPress username as admin.
Besides changing the default setting, you should also do something else. If you are a single owner/poster, you should change your posting name to something other than your username. If you want to post as “Jane”, for instance, you can login in as kentucky or anything else that suits you. Why should you do this? It seems obvious but in case you missed it, if you post as “Jane” and your username for logging in is “jane”, maybe a hacker could easily guess your username. Simple, right?
Head over to ‘Users’ on the left side of your WordPress Dashboard. For the default installation, there will only be one Username, by default it is ‘admin’. Here’s what the default setting looks like:
Admin is the default user. No 'Role' is listed as there is only one user.
The default username can’t be changed but what you want to do is to add another user then switch the Role of Admin to ‘no role’. In other words you can’t get rid of the admin user but you can take the administrative power away from them in order to secure your WordPress site. You’ll notice from the photo above that there is no place to choose the Role of this user.
Update: I forgot to mention that you can’t change the default username’s role until you set up a new user as admin, log out and logo back in again. Set up new user, make that user admin, log out then log in again and change the default admin’s role to ‘no role’.
Tip: You can’t change the role of the current administrator until you have another administrator lined up. Create another user, use whatever name and nickname you want, then make the Role of that new user ‘Administrator’. Once you do that, go back to the original admin user and define its Role as ‘None’. This screen shows you what to look for:
This is where you can choose the Role for the new user.
In this window, make note of two things. First, the Role menu is visible since you are adding a new user. Any new user must have a role, even if it is no role at all. Next, make sure the username and the display name are totally different. The Username is the name you use to login to the site. The Display name is the name that shows on each of your posts. Make sure they are different. Anyone can try to login with your display name and guess your password but if your username is different, your site is more secure.
TIP: Whatever your role is on any WordPress site, make sure that your username for logging in isn’t the same as your posting name. If you’re an administrator, make sure of this small but very important detail for every user of your WordPress installation.
Once you have a second administrator set up, go back and remove the administrator role from the default admin username. Once you do that, your WordPress site is a lot more secure than it used to be.
Buying a domain (that’s a .com name, if you don’t know) is cheap, fast and fun. Even if you don’t know a thing about HTML or WordPress, if you’ve got a catchy name, why not register it? Sure, there are millions of domains that have been registered already, this doesn’t mean you should give up. Some people go as far as to snap up domains, locking them up before anyone else gets them. Personally, this doesn’t make a lot of sense but everyone is different. I guess if you’ve got money to tie up, maybe it makes sense.
Buying a domain means that you have it for a one year term. Many discount hosting companies offer significant discounts if you sign up for a two year or longer term. Many also give you discounts if you buy multiple domains at a time.
Right now, I would stick to the old .com domain if you’re going to try and make some money it it. People know .com, they assume that every site is a .com site and immediately head to whatever.com , even if the site is whatever.org.
In fact, when you are signing up for your domain with most companies, they will offer you all of the various combinations of your domain at the same time. Want whatever.com? How about getting whatever.org or whatever.net at the same time? The point of this, of course, is to guard against someone else stealing traffic away from your catchy name. Think of it. If you could snag google.org or google.info, you would. You’d be crazy not to.
Once you have your domain, think about doing something with it. As you might have read in past posts, I use WordPress on all of my sites. You can read about installing WordPress here and about how to set up your domain hosting here. Anything you want to know about installation and hosting is on this site, just search for the answers if you’re stuck. If I can do it, your probably can too.
Now we’re finally ready to install WordPress. We’ve got our domain name and hosting here. We set our nameservers here. Over here, we created a database and named it. OK, looks like we’re set.
2. Unzip it then copy and paste the WordPress folder on to your desktop. (Put it anywhere you want but putting it on the desktop is easier for beginners.)
3. Listen carefully to this part. First you have the zip file to unzip. Inside that is a WordPress 3.x folder (depending on which version is out now). Inside that folder is a WordPress folder (just that, no number). Inside that folder are ALL the files you need to upload to the folder in your hosting account. Don’t upload the WordPress folder, just the folders and files inside the WordPress folder. Get it? Those files look like this:
From WP-Admin to xmlrpc.php, these are the files you need.
4. Open your FTP program (I recommend FileZilla). On the left side of the window, navigate to your Desktop then to the folder that contains the WordPress files as shown above. Connect to your host using your username and password, then navigate to the folder where you want to put your files. This is the folder that is inside your root directory, right? It should be the only folder in your root directory. It should also be empty, except for the placeholder file (index.html) that we created here.
5. In the WordPress folder on the left, click on WP-Admin (the folder at the top), scroll down to the bottom , hold down the shift key and click on xmlrpc.php and click it. All of the files and folders in that WordPress folder will now be highlighted. Right click in the blue area and choose Upload. Depending on your FTP and upload speed, this last step might take a bit of time, maybe 5 minutes or less.
6. Wait until FileZilla finishes (no more queued files). You should now have a full selection of files on the right hand side from WP-Admin to xmlrpc.php. The next step can be done in FileZilla but I prefer to do it in the File Manager on my hosting site. Do what you feel better with here.
7. You are about to edit one file. If you make a mistake, it’s not a big deal so don’t get your knickers in a knot. All that will happen is that WordPress won’t be able to install itself…yet. Even if you really screw things up, you can always delete everything inside your host folder and start over again. Relax, OK?
You are looking for the wp-config-sample.php file. This file is the one that tells WordPress what database you are using, what the password is and who the user is for that database. Remember when we did all of that here?
8. Find the wp-config-sample.php file and click on it once. On the right side of the window you will see three icons. The one you want is the ‘edit’ icon. Click it and a small window will open up or you will be taken to another page, depending on which hosting interface your host uses. Once you see inside that file, it’s full of simple text that looks really complicated, look for this section:
_______________________________
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'database_name_here');
/** MySQL database username */
define('DB_USER', 'username_here');
/** MySQL database password */
define('DB_PASSWORD', 'password_here');
____________________________________________
9. Enter the database name, username and password of the MySQL database that we made earlier. Leave the apostrophes in, just type in the database name, user and password like this:
_______________________________
// ** MySQL settings - You can get this info from your web host ** //
/** The name of the database for WordPress */
define('DB_NAME', 'sitedatabase1');
/** MySQL database username */
define('DB_USER', 'joeschmoo');
/** MySQL database password */
define('DB_PASSWORD', 'goodpassword');
____________________________________________
10. In another browser window, paste this url (taken from the wp_config-sample.php file) : https://api.wordpress.org/secret-key/1.1/salt/
You will see a simple page that has information like this on it:
11. Copy that information (from the word define until the last semi-colon, exactly as is shown above). Don’t use the data shown here, get your own for security’s sake.
12. In the wp-config-sample.php file, find the EXACT section the corresponds to the information on the webpage you just opened. Highlight everything from the word define down to the last semi-colon. Once that is highlighted, either right click and choose ‘paste’ or hit control and v at the same time. Either way, the info from the webpage is pasted into the file you are editing.
13. This is important, read this carefully. Just below the section we just worked on, you’ll see the section for the ‘WordPress Database Table prefix’. Locate it and find the section that reads:
_____________________________________
$table_prefix = ‘wp_’;
____________________________________
14. Change the part between the apostrophes to some combination of numbers, letters and underscores. It will look something like this after you’re done:
______________________________________
$table_prefix = ‘new_site143uty‘;
______________________________________
This is an important step which adds to the security of your WordPress installation. You don’t need this information but you can write it down anyway. WordPress uses it, not you.
15. Last step, usually only needed if the current settings don’t work. Farther up from where we are, you will see a section (under the section where you put the database password) that reads:
_____________________________________________
/** MySQL hostname */
define('DB_HOST', 'localhost');
_____________________________________________
Most of the time, ‘localhost’ works just fine. If it doesn’t or if you just want to be sure, you’ll have to enter the path to the MySQL database that you are using. Save the file you are editing. Head back to the control panel and go into the MySQL databases again. Click on the database that you created and somewhere there will be a ‘generate code’ button. What you are looking for is ‘your server name’. This will be something that looks like a domain name: accountname.hostmysql.com Copy this and head back to the WP-config-sample.php file, open it for editing and highlight the word localhost then paste the new .com line into that space. It will look like this:
____________________________________________
/** MySQL hostname */
define('DB_HOST', 'accountname.hostmysql.com');
____________________________________________
At this point, save the file and stretch a bit, grab a coffee or something and smile because you’re almost done. The hard part is over. It’s all fun from now on.
16. In your host’s File Manager, look up at the top of the right hand side till you find the Wp-Admin folder. Open it and look for the install.php file. Click on it then choose ‘preview’ on the right. A webpage will open up. If you’ve done everything correctly, you can install WordPress from this page. Click OK and create a username (don’t use admin, choose something different) , take the standard password that WordPress creates for you, enter your email (make sure it’s correct since there is no way to recover your password if you put in the wrong email here) then click OK.
17. Here, I do two things. I take a screen capture of the page to ensure that I have the password and username correct, then I copy and paste the password into a text file for safekeeping. OK, I write it out in a book, too.
18. Once you’ve done all of this, log in to WordPress and start creating.
These are the steps as I do them for each installation of WordPress that I’ve done. In case you are wondering, I’ve done this about twenty-four times. I hope this sounds simple and that it’s all clear to you. Most of the information here is explained in the WordPress installation area but some of it is from trial and error. One of my hosts was fine with ‘localhost’ for the database host but my current host wasn’t. I hope it works for you.
Thanks for reading! Follow me on Twitter: @_BrianMahoney
a little bit of hi-tech, a little bit of common sense and a lot of fun
