Yea I have a crazy automated setup. It goes like this > backup every 4 hours and is sent to Dropbox > Dropbox pushes to my computer > My computer has backups to a NAS here. I end up with backups going back 12 months or more. And one time I did indeed need it.

Most virus scanners would detect those backdoors.

Great point thank you so much.

@@WPCrafter wow it really crazy automated setup for backup

Sorry to hear and happy you had a backup. Did you have Yellow Pencil installed on your website?

@@WPCrafter YES... and it had the most recent change date. I suspected it. I just noticed that I am reinfected so I guess that I have to ditch Yellow Pencil and maybe load a much earlier backup.

@@furtrapper11 You would have needed to disable YP. But they have an update out that fixes the vulnerability.

Yes, please.

yes, I installed a couple of these recommended by Divi and now I am like.. what d fq

For me, it is important because my database is constantly changing with comments, student registrations, course progress, etc.

@@WPCrafter Absolutely that's true what u said, We need to back up every 4 hours for established sites. For newcomers learning to create new sites and editing continuously must not keep the backup on auto and need to back it up less frequently otherwise the database may get corrupted if files are being edited while the backup is also being copied. In that case we need to back it up manually or weekly after an edit for new sites under construction sites. I love your video's keep us updated with all your research. Thanks

develop everything off site and use off site backups. The only sure way to know is constantly updating from off site original, replacing online exposed ones. If the files were exposed, they can't be trusted. You can go one step further - have one account for offline development and another for hosting to prevent cross contamination. Use Linux or Mac

Thanks for watching.

Good, that is the first option to do if you're developing a website.. You must choose to be customers or subscribers.. If you're using E-commerce is wise to turn it on

I need to clarify that. I do 4 hours because my website is constantly changing with activity. Less active sites don't need to be backed up as often. I send them to Dropbox, and then they are sent to my local computer. I keep 7 days worth, but my local PC has its own backup that lasts much longer.

Thanks Adam...that’s very clear now.

You have nothing to worry about on local installations because there is no way for one of these scanners to access your site since it's not publicly accessible.

@@WPCrafter sounds good, thank you for your time Adam. Best regards.

Yes that happens. That's why it is good to have to rolling 30 days of backups.

I am gonna take it down, just not sure how. It's still there, just the link is gone.

@@WPCrafter So, you are going to remove the forum section permanently, why like that? please let us know.

I was using WebARX which advertises that they protect against 0-day attacks :-(

No I'm happy with my hosting.

Oh I stated it there for sure. Its the MarTechWise group. It's a great group.

@@WPCrafter Cheers ole matey

Ha, great call out. I have the paid version of the plugin, that does the offsite backups. But it doesn't go against it, because there is a massive business model around the free version of the plugin. Of course, the paid version is not needed to backup offsite. But you go look at all the free backup plugins with less than 50k installs and no business behind it, those I won't use.

Please share the list of 300 plugins which might be vulnerable

Try Sucuri. it is usually able to rescue your site even after being hacked.

They make a lot of marketing claims and it's not clear if what they claim is even possible. Their website claims they protect against 0-day attacks and that they check if your site has been changed.

Haha, I think there will be more, would you agree?

Not if there's a zero day exploit.

Most WordPress plugins are open source that’s the point of WordPress

@@TheDesignCreative So 'pro' versions of plug-ins are still open source?

Most of the Internet is powered on open source software. I'm not talking about WordPress, I'm talking about the server infrastructure.

@@WPCrafter Aha, thanks. TBH I didn't realise that.

I think he uses InMotionHosting.

Yes, those backups are stored in 3rd party cloud storage, which is outside of your hosting server

Because if you watch my backup tutorial you would have 30 days of backups and potentially 6 months. If you are not engaged enough with your website to notice a hack within 30 days, you should hire someone to manage it for you.

​@@WPCrafter That still did not answer the question i mentioned. Never said the hack didnt get noticed. I said how is the average person supposed to know WHAT or HOW it got hacked. A backup does not say hey buddy, this plugin is a problem. You can go back 30 days, doesnt mean the hole is still there, so what is the point. I got hacked a week ago, did your restore and it happened again.

Your website is almost always hacked when there is a vulnerability in a plugin. That happens either when you are not on top of keeping things updated, or in this case when there was a 0day attack. In both situations, a backup saves your ass. Simply restore the backup then update. Problem solved!

WPCrafter.com WordPress For Non-Techies as your video stated what if you have a website that does not have an updated good plugins, your site got hacked right. Sites still get hacked even when you do, maybe you did a check on all your plugins to find your social was the issue but not everyone is going to go through and spend hours to see if there is an issue with plugin x. Maybe you have a small plugin, chance of finding data is zero. Basically shit happens and there is no point of putting a bandaid on something that needs stitches. Backups dont solve the hole that is there, backdoor, bad files or anyone coming in again if you dont find the issue, bad plugin is still there. All your doing is removing the hack by using a backup not preventing. This video is very one sided. Anyways thanks, was just looking for a solution since you seemed like an expert, wasn’t looking to make this in to a big deal.

I just don't understand your argument here. Is it that having a good backup is not a good idea? That somehow it's not something that should be a site owners priority? And that because I am saying it is a good idea that the video is one-sided somehow? I would wholeheartedly disagree with that. Having a quality backup solution is place is ALLWAYS the ONE THING you have control over and is 100% the highest priority unless you want to spend $200 to Securi or some other service to fix your website. Priority one is always to get your website back online and buys you the time to sort everything else out.

That happens to all KZbin videos when they are first published. Thumb's up show immediately, views don't.

Sorry about that Mr. President.