Five WordPress Security Mistakes Your Nonprofit Is Making
#5 of 5: Not Backing Up Files

June 3, 2019
We’re at the final week learning about the five types of security mistakes your nonprofit is probably making with its WordPress website.
It’s important to close any doors that can make your site open to attacks.
Dealing with a hacked website is a time-consuming, expensive, and an emotionally draining experience for your organization. This problem can be prevented from happening in the first place.
Four key security tips to remember:
This week, we’re wrapping the series with a final mistake you’re probably making which is not backing up your nonprofit’s WordPress website files.
You’re probably thinking: backing up our entire website sounds complicated. I’m skipping that.
If you’ve ever used a graphics program like Adobe Photoshop or Illustrator, one of the most convenient features is the History panel. Accidentally deleted a layer? No problem - just go back before the mistake happened and it’s fixed.
What if there was a way to make WordPress do the same thing? It would be like having a time machine built into your website.
Imagine if a hacker broke into your site and deleted your theme, pages, and plugins. You’d want a way to restore to your website to a previous state before the attack happened.
It’s possible if you’re regularly saving copies of your website’s files, known as “backups”.
Why website backups matter
Backups are duplicate copies of all your nonprofit’s important WordPress website files, which contain everything from the database to the plugins.
WordPress files you want to save:
- Database - the circulatory system and brain of your site
- Theme - the framework and visual presentation of your website content
- Plugins - extra functionality that supports and extends WordPress
- Uploads - photos and documents that bring the theme to life
How often should I save my website files?
To build a time machine into your WordPress site, you want to be backing up your website files every day. It’s especially important that all of your files are saved off-site on a completely different server.
If a hacker gets into your website, they can also compromise the backup files you’ve saved on the server. Be sure to avoid that mistake.
Tips:
If you’d like to start this website security mistake series from the beginning, head over to number #1: why it’s important to regularly update your WordPress plugins.
Data breaches that are both likely to happen and can result in serious harm fall in the “high priority” category. Many nonprofits collect and store sensitive personal information that is protected by law as confidential. When there is a breach of the confidentiality of those data, that poses a risk for the individuals whose data was disclosed, AND for the nonprofit that will now potentially be subject to liability for the breach."
~ National Council of Nonprofits
By Chuck Spidell, the Nonprofit WordPress Security Expert who helps communications teams free up their time and lock down WordPress from getting hacked.