If you're looking for a full security scanner and one-click fix solution for WordPress, I'd…
I’ve said it before, and I’ll say it again. The best way to keep your site secure is to keep your WordPress install and plugins updated. But it’s nice to have some protection from attacks and backups in case your site goes down. VaultPress is a premium service that takes care of both of these.
What’s It Do?
You can basically break down VaultPress into two services combined into one plugin. The first is security. The plugin will scan your site for possible weaknesses and has one-click fixes for quite a few problems, and it will point you in the right direction for others.
The other is backup and restore. VaultPress monitors your WordPress install and performs routine backups when things are updated, usually several times a day. At any time you can restore a part of, or your entire site, from a stored backup, and VaultPress will automatically transfer your files and database via FTP. You can have a restored site up and running in minutes, depending on how large your site is.
How’s It Work?
The first thing you have to do is sign up for a VaultPress account through vaultpress.com. Since the plugin is an Automattic service, you’ll have to create a WordPress.com username and password, if you don’t already have one. Once you’ve selected your pricing plan (which I’ll touch on below) and filled out your registration information, you’ll be given a registration key and a zip file to download. The zip file contains the VaultPress plugin, so just go to Plugins -> Add New then select the Upload tab to upload and install VaultPress.
After it’s activated, you’ll be prompted to “Register VaultPress.” If you go to the new VaultPress tab in your admin panel, there will be a text field for you to enter your registration code. Just copy and paste it from your welcome email, or go to your VaultPress dashboard.
Upon registration, the plugin will automatically start performing its first backup. You can continue to use the site as you would normally while this backup happens, and you don’t need to keep the page open. The backup will run in the background, and you will receive an email letting you know that the backup is complete. If you navigate back to the VaultPress tab in your admin panel, you’ll see a notification of what is currently being updated, a short summary of files and content that are backed up, and an “Activity” tab with more detailed information about backups.
Click on the “Visit Dashboard” button in the top right corner to configure the plugin. You’ll be brought to your main dashboard. If you have more then one site hosted on VaultPress, they will all be listed here. The main sections of each are Backups and Security.
The Backups tab gives you a summary of every backup that has been made. The calendar at the top of the screen can be used to bring up a list of backups made on any day in the past. Each backup instance will tell you the number of Posts, Pages, Themes, Plugins and Uploads (media) are in each backup. If you see a box highlighted in orange, it means that something from that box has been removed. If you see a box highlighted in green, it means something has been added.
Next to each backup on the list, you will see two buttons “Download” and “Restore.” The Download button will give you a link to download your entire WordPress install locally. The “Restore” button will automatically restore the backup to your current site over FTP. When you click on either of these buttons you will be given a list of what files you would like to download/restore, which checkboxes next to Database, Plugins, Themes, and Uploads.
Select which you would like to restore and then click on the button. If you chose to download, then VaultPress will prepare the file and you can download the .tar file straight from your dashboard. If you chose to restore, you will be brought to a new screen.
If you’d like to restore your backup to a new site altogether, you can simply select the “Change Site” button from this menu. From there enter the URL of your new site in the “Alternate” text box. You’ll need to enter the FTP information of the new WordPress install, as well as the path to the WordPress files themselves. After that, VaultPress will restore the site automatically.
The Security tab gives you access to the security scans that the plugin makes. If there any problems with your file, you will see them listed as “Threats,” with the affected file and more information about what is causing the problem. VaultPress has one-click fixes for a lot of these, indicated by a blue button that says “Remove Threat.” If you click on this, then the plugin will automatically change the affected file. You can choose “Ignore Threat” if you have recognized the problem and do not want to fix it. Otherwise, follow the instructions that VaultPress provides to manually fix any security vulnerabilities.
The Stats and Activity tab give you information about your site and VaultPress install. The Stats page will display a timeline of new pages, posts, and uploads. The Activity tab will give you a rundown of backups and security fixes made by VaultPress.
The Settings tab has general options for the plugin. You can use this tab to grant VaultPress SSH, FTP and MySQL access to your site. Doing so enables the plugin to do more when a restore or security fix is needed, but really FTP is all you need for it to do most of the work. You can also add new users to your account in this tab.
Except in the case of an emergency, you don’t have to touch VaultPress all that much. It will email you if it ever scans a security threat, and keeps daily backups that you can restore at any time.
Costs, Caveats, Etc.
VaultPress is a premium plugin, with three price levels, all with a monthly cost. The “Lite” package gives you access to basic features, the “Basic” package gives you more comprehensive backup options and the “Premium” package gives you priority support and daily security scans.
The plugin is maintained by Automattic, and they tend to know WordPress pretty well. It’s updated when it needs to be, but really what you are paying for is the support. All three plans give you access to “Safekeeper Support” which is a direct line to someone on the VaultPress team if you are having a problem.
There’s some controversy surrounding VaultPress and whether or not it should be included in the WordPress Plugin Directory, even though it is only a premium service, but I’ll leave that to others to decide.