If you’re looking to start a newsletter, you’ve likely encountered two major options: Substack and WordPress. While both can help you reach your audience, they represent fundamentally different approaches to building your online presence. One locks you into a single platform with limited growth potential, while the other provides a foundation you can build on for decades.

In this concise guide, we’ll compare WordPress vs. Substack to help you choose the platform that aligns with your long-term goals as a creator.

Substack: Simple but limited

Substack invented itself as a newsletter-first platform, offering creators a straightforward way to write, publish, and monetize newsletter content.

Substack’s strengths:

• Simple setup: Launch a newsletter quickly with minimal technical knowledge.
• Built-in discovery: Potential exposure through Substack’s recommendation system.
• Integrated monetization: Easy paid subscription setup.

Substack’s limitations:

• Platform dependency: Your entire business exists within Substack’s ecosystem. If they make changes you don’t like—whether to pricing, features, or policies—you’re forced to accept them or start over completely on another platform. 
• Unsustainable revenue sharing: Substack takes 10% of your subscription revenue forever. This becomes extremely expensive as you scale. A creator earning $5,000 pays Substack $500 per month.
• Limited customization: Substack offers minimal branding and design options. Your newsletter looks like everyone else’s, making it difficult to establish a unique brand identity.
• Growth ceiling: While Substack has expanded beyond newsletters to include podcasts and video, it remains limited to basic communication mediums. You can’t easily sell products, courses, or memberships without using separate platforms.
• Platform evolution: Substack has increasingly focused on social features like tweets and shorts. This shift toward chasing cheap engagement rather than fostering meaningful creator-audience relationships contradicts why many chose newsletters in the first place.

WordPress: Built for ownership and growth

WordPress powers over 40% of all websites because it offers something Substack can’t: complete ownership and unlimited potential for growth. As the world’s most popular website software that’s endured for decades, WordPress provides the foundation for creators who want to build something lasting.

WordPress’ strengths:

• Complete ownership: With WordPress, you own your content, data, and audience without being locked into any single company’s platform. Your website, subscriber list, and content remain under your control regardless of what happens to hosting companies or service providers.
• Unlimited customization: WordPress offers thousands of themes and plugins, allowing you to create exactly the newsletter and website experience you envision. Want specific colors, fonts, layouts, or functionality? WordPress makes it possible through extensive customization options.
• Platform Independence: WordPress is portable. You can move your site between hosting providers, change themes, or modify functionality without losing your content or starting over. This flexibility ensures you’re never trapped by a single company’s decisions or policy changes.
• Superior SEO capabilities: WordPress sites consistently rank higher in search engines thanks to clean code structure, SEO plugins like Yoast and RankMath, and complete control over technical optimization. This means new audiences can discover your content organically.
• Unlimited growth potential: Start with a newsletter and seamlessly expand:
  • Full website
  • Sell products
  • Online courses and membership areas
  • Podcasts and multimedia content
  • Community forums

WordPress’ limitations:

• Technical knowledge: Self-hosted WordPress requires a basic understanding of web hosting, domain management, and website maintenance. While many hosting providers offer one-click WordPress installation, you’ll still need to handle updates, backups, and security measures. But there are hosts like WordPress.com that can handle all of that for you.
• Plugin and theme management: With thousands of plugins and themes available, choosing the right combination can be overwhelming. Some plugins may conflict with each other or slow down your site, requiring careful selection and testing.

WordPress.com Newsletter: Best of both worlds

WordPress.com Newsletter offers the same benefits of WordPress while removing the complexities of WordPress behind the scenes. It’s easy to start a newsletter or a full website, grow your audience, and build meaningful connections.

WordPress.com’s strengths

• All the benefits of WordPress listed above
• Creator-first pricing: Start completely free with unlimited subscribers and sends. Upgrade your plan to reduce fees, all the way down to 0%. This can add up to thousands of dollars in savings as you grow your subscriber list.
• The calm platform: For those that are trying to leave “always-on” social media platforms, WordPress.com offers a thoughtful platform focused on meaningful creator-audience relationships without the anxiety of chasing trends or social media metrics.
• Built for growth: Transform your newsletter into a full website, add e-commerce functionality, create membership areas, or expand into any direction your creativity takes you—all without changing platforms.

WordPress.com’s limitations

• Discovery ecosystem: While WordPress.com offers the Reader and other discovery features, it isn’t as strong as Substack’s recommendation system. Building your initial audience may require more active promotion and SEO efforts.

Head-to-Head comparison

When to choose each platform

Choose Substack if:

• You want the fastest possible setup
• You’re comfortable with permanent platform dependency
• You don’t mind paying 10% of your revenue indefinitely
• You have no plans to expand into e-commerce, courses, or forums
• You’re willing to accept limited customization and branding options

Choose WordPress if:

• You want to own your platform and audience completely
• You value long-term cost savings over short-term convenience
• You plan to grow beyond newsletters into a full online business
• You want superior SEO and organic discovery capabilities
• You prefer maximum customization and branding control
• You want the security of platform independence
• You’re comfortable with some technical maintenance

Specifically Choose WordPress.com Newsletter if:

• You want WordPress without technical complexity
• You need professional newsletter features with creator-friendly pricing
• You want to start free and scale affordably
• You value a calm platform, free from social media style tweets and shorts
• You value having your online presence integrated under one platform

Setting up your newsletter with WordPress

Option 1: WordPress.com Newsletter (recommended for most creators)

1. Visit WordPress.com/newsletter and select “Start my newsletter”
2. Go through the onboarding checklist to finish setting up your newsletter

Option 2: WordPress + Jetpack Newsletter

1. Choose a WordPress hosting provider like Pressable or Bluehost
2. Install WordPress (most hosts offer one-click installation)
3. Install and activate a Jetpack, which is made by the people behind WordPress.com, and offers all of the same benefits as WordPress.com Newsletter
4. Configure Jetpack Newsletter settings

Option 3: Add Newsletter to an existing WordPress.com site

1. Add a Subscribe Block or Newsletter Subscription Pattern to your existing site
2. Update Newsletter settings to your liking.

Importing from Substack to WordPress.com

If you’re ready to make the move from Substack, migrating to WordPress.com is straightforward:

1. Export your Substack content and subscribers
2. Visit the content importer by visiting Tools -> Import
3. Import your content to WordPress.com
4. Import your subscribers to WordPress.com
5. Update your Newsletter settings

Your questions answered

How much does WordPress.com Newsletter cost compared to Substack? WordPress.com Newsletter starts free with unlimited subscribers and sends. Paid plans offer lower transaction fees (down to 0%) compared to Substack’s permanent 10% revenue share. See our detailed cost comparison to understand potential savings.

What does “owning your content and subscriber list” actually mean? It means your content and audience data belong to you, not the platform. You can export everything at any time, switch to different hosting, or change platforms entirely. With Substack, your audience relationship is mediated through their platform—if they change policies or shut down, rebuilding becomes much more difficult.

Can I customize my WordPress newsletter’s appearance? Yes, extensively. WordPress.com offers numerous themes, color schemes, custom fonts, logos, and layout options. You can create a unique brand identity rather than looking like every other newsletter on the platform.

How do I know WordPress is reliable for email delivery? WordPress.com sends over 20 million emails daily with excellent deliverability rates. This infrastructure has been refined over 17+ years and includes proper authentication, spam protection, and delivery optimization.

Is it really easy to import from Substack? Yes. WordPress.com’s import process handles both content and subscribers. The technical migration typically completes in hours, though you may want to spend additional time customizing your new site’s appearance and features.

Can I start free and add paid subscriptions later? Absolutely. This is one of WordPress.com’s key advantages—start building your audience for free, then add monetization when you’re ready, with much lower fees than Substack.

Your newsletter deserves a forever home

Choosing a newsletter platform isn’t just about today—it’s about where you want to be in five years. Substack might offer quick setup, but WordPress gives you a foundation that grows with your ambitions.

WordPress represents a fundamentally different philosophy: instead of renting space on someone else’s platform, you’re building a forever home on the open web. A place where you make the rules, keep more of your revenue, and never worry about platform changes affecting your business.

Whether you choose WordPress.com Newsletter for the perfect balance of power and simplicity, or self-hosted WordPress with Jetpack for maximum control, you’re choosing ownership over dependency, flexibility over limitations, and unlimited potential over artificial constraints.

Your brand deserves a home you own.

Start your WordPress.com Newsletter today or learn more about migrating from Substack to begin building your audience on a platform you truly control.

Have you made the switch from Substack to WordPress? Share your experience in the comments below!

 [#item_full_content]

Changing your domain name can feel intimidating and isn’t without risks. If done carelessly, it can lead to broken links, lost traffic, and a drop in search rankings. At the same time, it can also be a chance to rebrand, upgrade to a more memorable website address, and improve your SEO.

The difference simply lies in careful planning and execution. In this tutorial, you’ll learn everything you need to know to change your website’s domain name with as little hassle as possible.

Why change your domain name?

Your site’s domain name is a very important part of branding, which is why you usually want to keep it as is. Then again, there are also many valid reasons to switch.

For example, you might have changed your company or blog name and want your domain to match it. Or maybe your business has changed, and your current domain no longer accurately represents what you do.

Another possibility is that you found a better, shorter, more memorable, or more professional domain.

You might also only want to change the domain extension, such as when relocating your business and going for a country-specific TLD like .de, .fr, or .co.uk. Domain changes also happen for legal reasons, such as trademark conflicts.

Finally, you might aim to improve your SEO with a more relevant domain or distance yourself from an old name that carries a damaged reputation.

No matter the reason, a domain change can be a smart move if you plan it carefully and with a clear purpose in mind.

Challenges to be aware of

Switching to a new domain name is not without risks. Discussing them isn’t meant to scare you off, but to stress the importance of preparing well. Most of the risks can be minimized or avoided entirely, and if your reasons for changing your site’s domain name are good, the effort is usually worth it.

Loss of branding

Making the switch without communicating it can negatively impact your audience’s brand association that you worked so hard to build. Returning visitors might not recognize your site right away and think it has shut down or moved.

In addition, any other marketing material your domain name was part of, such as logos, slogans, social media presences, or printed materials, may need updates.

SEO implications

Your site will likely experience a drop in rankings and website traffic after the domain change. This is a normal part of the process and is usually temporary. Search engines need time to recrawl and re-index your site under the new domain.

You do, however, need to do the necessary work to maintain your rankings. For the most part, that means putting redirects in place to make sure traffic from search engines, backlinks, and other sources is sent to the correct (new) address.

Costs involved

Changing your domain name isn’t just a technical task, but can come with financial costs:

• More expensive fees for the new domain.
• Paying for two domains during the transition period.
• Design costs, such as for logo changes and reprinting branded materials.
• Technical costs like development time or a new SSL certificate.
• Additional marketing costs to promote the new domain.

While not all of these costs apply in every case, it’s important to budget for them in advance.

Website downtime and technical issues

There can be technical hiccups as well, such as:

• Lengthy DNS changes may cause your site to become temporarily inaccessible.
• Redirect mistakes can lead to broken pages or errors.
• SSL certificates may not transfer automatically and may stop working.
• Email services connected to your domain can be disrupted.
• Third-party integrations and APIs may need reconfiguration.

These issues are usually temporary, but even a short period of downtime can affect visitor trust and search engine rankings.

Time investment

Even with a clear plan, transitioning to a new domain involves many small steps, most of which need to be done by hand. It can be time-consuming, but it’s critical for success.

Expect the process to take several hours at minimum, and potentially days depending on the complexity and size of your site. It’s better not to rush than deal with time-consuming problems later.

Changing your domain: A step-by-step guide

Here’s how to switch domains with minimal disruption.

1. Choose and purchase your new domain

The process of choosing a domain is worth its own article, so we won’t go over it in detail here. You can register domains from any registrar. When using WordPress.com, you get domain privacy and super fast DNS included. Just saying.

Use our domain search tool to find your desired name:

Make your choice, then continue to the checkout and complete your purchase. That’s it.

Tip: Do you want your domain and hosting under one roof? Switch to WordPress.com’s world-class secure hosting using our hassle-free site migrations and get a free domain for the first year (on annual plans). You can also move your existing domain and manage everything in one place.

2. Plan your redirects

A redirect is like a virtual signpost showing that a web page has moved. It automatically sends visitors and search engines from an old address to the new one.

If you change your domain name without redirects, old links to your site in search results, other websites, and social media will lead to broken pages and 404 error messages. That’s why they are essential to preserve traffic, SEO value, and usability, and need to be planned in advance.

There are different kinds of redirects. The one most relevant here is the 301 redirect, which signals that a page has permanently moved.

Make a list of your most important pages — blog posts, product pages, landing pages, and any content that gets consistent traffic — and plan their counterparts on the new domain.

For detailed information, check out our online course lesson on redirects.

3. Notify your audience

Once you are ready to execute the domain change, let your audience know about it ahead of time. Send out an announcement via email, blog post, or banner on your site.

Clearly explain that only the address will change, not the content or company behind your website. Use this opportunity to reinforce your branding and highlight improvements that come with the change.

4. Change DNS records

DNS stands for “Domain Name System.” It’s a network of servers containing the information regarding which domain points to which server. It’s essentially the internet’s phone book (if you are old enough to remember those).

To change domains, you need to update your new domain name’s DNS settings so it is connected to your server and site. This process isn’t instantaneous — the changes have to register or “propagate” globally, which takes up to 48 hours, but usually happens much sooner.

Here’s where to direct your new domain depending on your use case:

• If all you are doing is switching the domain name, aim it at your existing website. Your site will simply have two domains for a while, allowing you to switch once ready with no downtime.
• Should you be changing hosts too, point the new domain to your new server instead, and keep the old site live as is for now. This allows you to migrate your content and prepare the new site without affecting your current web presence. You can update the DNS to point the old domain to your new hosting provider once ready.

You can manage your domain’s DNS settings through your domain registrar or a management panel like cPanel, and it roughly looks like this:

1. Get your hosting provider’s nameserver address(es). It will be something like “ns1.example.com” and “ns2.example.com.”
2. Log in to your domain registrar account and find your new domain’s DNS or nameserver settings.
3. Update the A records with your hosting provider’s nameservers.
4. Save the changes.

Make sure to back up the DNS records from your old domain in case you need them later!

In WordPress.com, you manage your site domains under Upgrades → Domains (or Hosting → Domains if you are using WP Admin).

If you purchased your domain together with hosting, it’s automatically connected to your site. You also have the option to switch transferred domains to the WordPress.com nameservers with the click of a button.

You can learn all about it in our detailed instructions for changing nameservers, including alternative methods, and more information about DNS on WordPress.com.

5. Back up your existing website

Always back up your website in full before making major changes like switching your domain name. On a managed hosting provider like WordPress.com, backup is done for you, and you can restore your site with one click.

When self-hosting your website, use a backup plugin like Duplicator or back up your site manually. Make sure to save both your database and website files. For even more security, download your backup and store it in multiple places.

6. Switch the domain in your CMS

The upcoming steps will all directly impact your site’s usability and — possibly — availability. Therefore, if you are not switching your host along with your domain and only have one version of your site, it’s highly recommended that you use a staging site first before making changes to your live website.

When the DNS changes have propagated, it’s time to update your site to use the new domain. In WordPress, you usually do this under Settings → General. Fill in the new domain under WordPress Address (URL) and Site Address (URL), then save at the bottom.

Both settings should include the https:// or http:// part and not have a slash (“/”) at the end.

Depending on your hosting provider, these settings may also be located elsewhere. For example, on WordPress.com, you change your website’s primary domain in the aforementioned Upgrades → Domains.

An important consideration for this step is your SSL certificate. You need to ensure it is active and valid for the new domain. On WordPress.com, SSL/HTTPS is included with every plan.

7. Update links in your database

After changing your domain, all WordPress page and menu links will switch automatically as well. However, you likely still have manually created links pointing to the old domain in posts, pages, and elsewhere.

The easiest way to update those is to replace them in your website’s database. WordPress has several plugin solutions for this, like Update URLs.

Alternatively, you can also use a tool such as the database search and replace script by Interconnect, SQL commands inside phpMyAdmin, or WP-CLI. Double-check your input and run a preview or dry run to see if your tool supports it and avoid making mistakes!

8. Implement redirects

Now the only thing left is to set up redirects from your old to your new domain. You have two main options for that, depending on your scenario:

1. Set up redirects on the old server: When you move hosting providers along with switching your domain name, you can keep your old website around, but redirect it completely. In this case, you do NOT change the DNS record of your old domain to the new host.
2. Redirect on the new server: If you plan on directing your old domain to your new host, redirects have to be in place on the new server. That’s because, once you change the DNS records of your old domain, anyone who uses it will arrive at the new server and need to be redirected to the right location from there.

A plugin like Redirection is great for self-hosted sites where you will keep the old website around, at least for a while. It has a dedicated option to move your entire site.

There are also SEO plugins that help you set up redirects, like All in One SEO.

A comfortable solution for implementing redirects on the new server is your .htaccess file. Place the following code at the top of the file and make sure to replace the example domains with your old and new domains:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^olddomain.com$ [OR]

RewriteCond %{HTTP_HOST} ^www.olddomain.com$

RewriteRule ^(.*)$ https://newdomain.com/$1 [R=301,L]

Tip: On WordPress.com, redirecting your website is super easy. It happens automatically when you change the primary site address.

9. Check site links thoroughly

Once redirects are in place, be sure to test them! Access your most important pages via your old domain and see if you land in the right place. You can also use a bulk redirect checker to test multiple links at once.

While you are at it, look for any broken links on your site and correct or redirect them as well. You can find them with a plugin like Broken Link Checker. The aforementioned Redirection plugin also tracks 404 errors, so you can easily point them to the right location.

Another option is advanced tools like Sitebulb or Screaming Frog.

Once you’re done with that, if you’ve been working with a staging site so far, now is the time to move your changes over to your live or production website.

10. Signal the domain change in Google Search Console

To preserve your SEO rankings and speed up the reindexing process, Google needs to be notified that your website has moved to a new domain. To do that, both your old and new domain names need to be set up and verified in Google Search Console.

Open the old domain property and use the Change of Address tool under Settings.

Select your new domain from the drop-down menu and click Validate & Update.

In addition, prepare and submit a new sitemap for your new domain under Indexing → Sitemaps.

Do the same for other webmaster tools you might have connected to your site.

11. Update Google Analytics

The last step is confirming your change in domain in Google Analytics so you can continue tracking your traffic correctly. Log in to your Google Analytics account and go to the Admin panel, and then to Data streams under Data collection and modification.

Edit the stream details to use your new domain’s URL.

Ensure the existing tracking code is installed on the new domain and working properly. If you plan to track traffic for both domains, make sure to enable cross-domain measurement.

Next steps

The domain switch is done, but a few follow-up steps help ensure everything continues to run smoothly:

• Stay on top of analytics and Search Console: Watch for crawl errors, indexing issues, warnings, and unexpected changes in traffic patterns to catch problems early.
• Update robots.txt: Check your robots.txt file for any hard-coded links to the old domain, such as the sitemap URL.
• Revise social profiles: Update the website URL on all your social media accounts to reflect the new domain.
• Adjust email addresses: Change any email addresses that used your old domain. On WordPress.com, you can use email forwarding for that.
• Migrate backlinks: While redirects should do a good job of preserving the SEO value of your backlinks, it’s a good idea to reach out to websites that have linked to your site and politely ask them to update the links to your new domain.
• Disconnect and cancel the old domain: Monitor traffic and indexing to ensure the new domain has fully replaced the old one in search results before canceling the old domain. Google recommends maintaining 301 redirects for at least 12 months to preserve SEO value. 

Change your domain name with confidence

A domain name isn’t just an address — it’s part of the brand and identity of your site and business. Changing it can feel like a risk, but it can also be an opportunity to grow, move forward, or start fresh.

What matters most is that you take your time. Switching to a new domain is a process with many steps that requires careful planning and attention to detail.

Of course, having a good partner on your side makes it easier. Choose WordPress.com and comfortably manage domains and redirects right from your site backend.

 [#item_full_content]

Imagine publishing once and instantly reaching engaged readers across dozens of platforms—without ads, algorithms, or corporate interference. That’s the power of the Fediverse. You can expand your reach to millions of potential readers while maintaining full control over your content and audience relationships. WordPress.com’s newest ActivityPub features make joining this thriving network of independent creators simpler than ever. 

A smoother start with the new onboarding experience

Trying something new can feel overwhelming, so we’ve added a step-by-step guide that walks you through everything ActivityPub can do. When you turn it on, you’ll get a quick tour of the basics: what ActivityPub is, how it helps you connect your blog with the wider Fediverse, and where to find all your new settings. We’ll even show you the special editor blocks you can use to highlight your Fediverse profile right on your site.

Customize your Fediverse presence

When your blog appears on other Fediverse platforms like Mastodon, these new settings help shape how your content and identity are presented. Each platform might display things a little differently, but customizing these options helps your blog stand out and feel more welcoming to potential followers.

Here’s what you can personalize:

• Avatar: This is the small image that shows up next to your posts and comments across the Fediverse. By default, it’s your WordPress.com Site Icon. Want to change it? Just update your Site Icon in your General Settings—a clear, recognizable image works best.
• Header Image: The header is a big banner that sits at the top of your blog’s profile on Fediverse platforms. You can upload something that reflects your style or what your blog is about, or leave it blank if you prefer.
• Description: This is your blog’s short bio. By default, it uses your WordPress tagline, but you can write something custom to introduce your blog to new followers.
• Extra Fields: Add links to your homepage, social profiles, pronouns, or anything else you want people to see. You can edit, add, or organize these fields however you like.

See and manage your followers

Curious about who’s following your blog from across the Fediverse? Now you can see a list of your followers, complete with profile details and the last time they interacted with your site. It’s a simple way to keep track of your growing audience.

Ready to try it out?

If you haven’t enabled ActivityPub yet, it’s easy to get started!

Just head to Marketing > Connections in your WordPress.com dashboard and activate the Fediverse feature. Once it’s on, you’ll find all the new settings under Settings > ActivityPub.

We can’t wait to see how you use these new features to connect with even more people across the Fediverse!

 [#item_full_content]

How do you fix a hacked website? How can you tell if your website has been compromised? What can you do to prevent it from happening again in the future?

This guide will cover each of these questions in detail. So, if you are currently dealing with a website that’s been infiltrated by a hacker, you’ll know exactly what to do about it by the end of this article.

How websites get hacked

How do website hacks happen in the first place? Here are some of the most common ways ill-minded individuals gain access:

• Poorly secured web hosting: For example, weak server configuration or a lack of separation between sites.
• Compromised login credentials: Typically through brute-force attacks, credentials leaked in another breach, or those obtained via phishing.
• Outdated WordPress core, plugins, or themes: They often contain known security flaws that hackers can easily exploit.
• Extensions from untrustworthy sources: Nulled or unofficial plugins or themes frequently contain hidden malware and backdoors.
• Injection attacks: A poorly secured site may allow hackers to execute scripts on your site to access your database, inject malicious code, or breach it.

Why hackers target websites

You might think your site is safe because it’s small and unknown, but this is a common misconception.

Most website hacks aren’t personal or planned, but simply a matter of opportunity. Automated bots scan the internet for potential targets, and if your site is vulnerable, it may become subject to an attack.

Why do hackers do this? For various reasons:

• Data theft: Hackers harvest emails, passwords, and customer info to resell or use in future attacks.
• Install malware: They use your site to infect your visitors’ devices with harmful software.
• Traffic redirection: Visitors are sent to shady, scammy, or fraudulent websites.
• Hijack server resources: Sometimes hackers secretly use your server’s processing power to mine cryptocurrency, send email spam, or carry out DDoS attacks.
• Phishing: Fake login or payment pages steal credentials from users.
• Ransom demands: Here, attackers lock you out of your site and ask for payment to get back in.
• Hacktivism: Some people disrupt services or deface websites to push a political or ideological message.
• Fun, practice, or testing: Hackers may just target you because they can, to improve their skills, or to test new attack methods in the wild.

What happens when your site gets hacked?

Some attacks are obvious, like finding your homepage vandalized, your site filled with spam content, redirects to other websites, or pages you didn’t create. Others are more subtle:

• Website unavailable: Your site shows a blank page or the “white screen of death.”
• Security warnings: Alerts from browsers, Google Search Console, or sites like Google Transparency Report, Norton Safe Web, or your hosting provider that indicate that your site is unsafe, contains malware, or has been blocked/suspended.
• Traffic changes: Unusual visitor patterns, like an influx from unexpected countries or a sudden drop in website traffic.
• Unknown admin users: Suspicious new user accounts in your dashboard or existing users whose privileges have been escalated.
• Strange files in your webspace: Files or scripts you don’t recognize, or server files containing unusual code.
• Suspicious activity: Login attempts, file edits, or plugin changes you didn’t make show up in your activity log.

In addition to these visible problems, a hacked website can have serious, long-term consequences for your business, site, and bottom line. It can result in a loss of revenue, traffic, and search rankings, as well as harm your brand reputation. Cleanup can be time and cost-intensive; you might run into legal issues, lose important data, and have to pay higher hosting and security fees in the future.

Overall, it’s a scenario best avoided, but what do you do if it’s too late for that?

Fixing a hacked website — Phase 1: Check site access

When dealing with a hacked website, the first step is to find out what level of access you still have to it.

1. See if you can log in

Try logging in to your WordPress admin dashboard. It’s usually located under yoursite.com/wp-admin.

If the login screen doesn’t appear or redirects elsewhere, skip ahead to downloading and cleaning up your website files first. Otherwise, try your normal username and password. Should that not work, try the password recovery.

In case neither of these steps is successful, you can access your database (e.g., via phpMyAdmin) and check the wp_users table to confirm your admin account still exists.

If it does, you can reset your password directly in the database or even create a new admin user to regain access. It’s also possible to reset your password using FTP and WP-CLI.

2. Switch your site to maintenance mode

Once you can access your backend, it’s best to make your site temporarily unavailable. This helps you protect your site visitors and reputation from further harm while you fix the hacked website. The best option for that is to put it into maintenance mode.

You can use a maintenance mode plugin or set up an HTML file for that. Some CDN providers also let you put up a maintenance mode screen, such as Cloudflare.

Phase 2: Secure the site

Next, it’s time to start regaining control of your site.

3. Talk to your hosting provider

Your host should be one of your first ports of call and also your strongest ally in case of a website hack. For example, at WordPress.com, you can trust our security features to the point that, should a site we host become compromised, we remove the hack for you. Just contact WordPress.com support, and we’ll help you right away.

Even if you host your site elsewhere, you should get in touch with your provider. On some types of hosting, such as shared hosting, the hack could have originated from another website on the same server. In that case, your site would likely just become compromised again, no matter what you do.

Speaking to your host will also let you know about any assistance they offer to fix your hacked website and if temporary account restrictions or suspensions are in place. They might also be able to give you an indication of when and how the hack happened via access and error logs.

4. Back up your site in its current state

Save a copy of your site — even if it’s compromised. It lets you preserve recent content, conserve evidence to analyze the source of the hack, and allows you to restore your site should something go wrong during recovery.

Make sure to back up both your site files and database. Use your hosting control panel, SFTP, or a backup plugin. Managed hosting providers like WordPress.com usually offer automatic backups. On our Business and Commerce plans, you can restore from backup with one click and also download site backups.

You can spin up your copied site in a local development environment, for example, using WordPress.com’s Studio, to analyze it later or perform your cleanup there.

5. Restore from a recent clean backup (if possible)

If you had the foresight to set up an automatic backup solution, restoring from a recent clean site copy is often the easiest way to fix your hacked website.

Make sure the backup predates the hack or suspicious activity. If possible, first load it on a staging site to run diagnostics before restoring.

Be aware that restoring doesn’t remove the original vulnerability. You’ll still need to investigate how the hack happened to prevent reinfection.

Phase 3: Lock it down

This phase is all about closing off common entry points into your site.

6. Go through your user accounts

Hackers who gain access to a website frequently create an admin user account for themselves. This gives them a quick way back into the site and is often easy to disguise.

Therefore, review all accounts in your WordPress User menu and/or database.

Look for unfamiliar usernames, especially with admin privileges and delete or downgrade them. Document any changes you make and do the same with other accounts associated with your site, like hosting, FTP, email, CDN, and third-party tool credentials.

7. Change all passwords

Next up, lock down the accounts you’ll keep by changing their passwords. On your site, you can reset passwords for all users and enforce strong passwords with plugins like Emergency Password Reset and Password Policy Manager.

Another step is to implement multi-factor authentication, so users have to confirm their login with a code sent to their email address or mobile phone. Again, do the same for other accounts associated with your site.

If you want to go a step further, reset your database username and password as well. Don’t forget to update wp-config.php to reflect the new values; otherwise, your site won’t work.

Lastly, replace the SALTs in wp-config.php. These are security keys used to encrypt login sessions and cookies, and look like this:

define( 'AUTH_KEY',     'put your unique phrase here' );

define( 'SECURE_AUTH_KEY',  'put your unique phrase here' );

define( 'LOGGED_IN_KEY', 'put your unique phrase here' );

define( 'NONCE_KEY',    'put your unique phrase here' );

define( 'AUTH_SALT',    'put your unique phrase here' );

define( 'SECURE_AUTH_SALT', 'put your unique phrase here' );

define( 'LOGGED_IN_SALT',   'put your unique phrase here' );

define( 'NONCE_SALT',   'put your unique phrase here' );

Visit the official SALTs generator and copy a new set over the existing ones in your file, then save and re-upload it. This will force all users (including hackers) to be logged out immediately. The aforementioned Emergency Password Reset plugin can also do this for you.

8. Update all software

Your website hack might have happened via outdated and vulnerable files. Besides that, hackers like to modify core files to make reinfection easier.

That’s why an important step to fix your website after it’s been hacked is to update all its software to the latest version. This means WordPress core and all plugins and themes.

If you can’t access the admin dashboard or the automatic update isn’t working, download the files from WordPress.org and install them manually via FTP.

Be sure to preserve the wp-content folder and don’t overwrite wp-config.php. In addition, remove any unused, outdated, or unsupported plugins and themes, and consider updating server software like Apache or your PHP version.

By the way, WordPress.com keeps your WordPress version updated automatically, and you can activate the same for plugins and themes.

Phase 4: Remove hidden threats

This phase is about digging deeper to find hidden code snippets and backdoors. These are entry points hackers like to leave behind so they can regain access to your site even after you cleaned it up.

9. Check your website files

Hackers can include malicious code in many parts of your website. One common hiding place is the wp-content folder. It doesn’t get replaced during updates, so files added to it stay safe unless removed manually. Check it for hidden PHP files, especially in the uploads folder, child themes, inactive themes, and plugins. If you can’t access your site at all, try renaming folders, like the plugins directory.

In addition, examine your current theme’s files for unfamiliar code. Download a clean copy of your theme from the WordPress directory or your vendor (make sure to get the same version as your site) and use a tool like Diffchecker to see if there are any differences between files.

You can also do file comparisons via SSH.

Malicious code frequently appears at the top or bottom of files, often encoded or obfuscated using functions like:

• base64_decode()
• eval()
• gzinflate()
• preg_replace()
• str_rot13()

You can use tools like Base64 Decode, UnPHP, or UnPacker to decode it.

Especially pay attention to files such as:

• functions.php
• header.php
• footer.php
• index.php
• wp-config.php
• wp-load.php

In addition, look for oddly named or slightly misspelled files like wp-logon.php or wp-config1.php.

Additionally, open the .htaccess file and look for suspicious code and redirect rules that don’t belong there. Besides that, check for additional .htaccess files in wp-content and its subdirectories. You may also want to check your file permissions.

If this seems to be outside of your skill set, get professional help or use a security plugin or malware scanner like Jetpack, WordFence, MalCare, or Sucuri Security.

10. Clean up the database

The WordPress database is another place you need to examine after a website hack. Cleaning it up manually is a painstaking process, especially if your database is very large. Therefore, the easiest way is usually to scan it with a plugin like those mentioned above.

You can also access your database with the aforementioned phpMyAdmin or a similar tool and look for problems by hand, such as:

• Hidden spam content in the wp_posts table.
• Keywords like eval, base64, gzinflate, preg_replace, or assert.
• Common spam terms like “gambling.”

Be sure to always back up your database before making any manual edits. If unsure, export it and compare the database to a clean version from a backup.

Phase 5: Recover and relaunch

After fixing your hacked website, it’s time to bring it back online.

11. Reupload clean site files

Upload your files and database from your local install or staging site (skip this part if you did the repairs on your live site).

Test your site’s main features: navigation, forms, checkout, login, etc. See if any content, including images, is missing. Visit your website in an incognito window to confirm it displays correctly for visitors.

Disable maintenance mode if it’s still active. Clear your site cache to ensure no cached malware or outdated pages are loading.

To be completely on the safe side, rescan your live site files and database tables for remaining threats. Use a malware scanner both from inside WordPress and outside.

12. Deal with the aftermath

Once the immediate problem is resolved, you need to deal with its fallout:

• Communicate with your customers: If the hack affected your users through downtime, strange behavior, or a potential data breach, be transparent. Let them know what happened, what you’ve done to fix it, and what steps you’re taking to prevent the problem from occurring again.
• Submit requests to remove your website from Google’s blocklist: If Google Search Console flagged your site as dangerous, request a review via Security & Manual Actions → Security issues after the cleanup is complete. This helps restore search visibility and remove browser warnings. Do the same for other blocklists you may have appeared on.
• Restore any lost content from backups: If pages, images, or posts were damaged or deleted, recover them using your most recent clean backup. Double-check everything before re-publishing to ensure you don’t reintroduce malicious code.
• Analyze the hack: Document what happened, how your site was compromised, what actions you took, and what you plan to do going forward to strengthen future security.
• Keep monitoring: Set up ongoing monitoring tools, such as an activity log to track user logins, site changes, and system events. Monitor changes to files, regularly scan your site for malware, and keep an eye out for any of the signs of a website hack we discussed earlier.

Prevent website hacks before you have to fix them

The final step is to make sure you never have to be in this situation again. First, follow security best practices:

• Use strong passwords, change them regularly.
• Implement multi-factor authentication for all relevant accounts.
• Set up user roles with the minimum necessary privileges.

In addition, take steps to harden your website security:

• Use SSL encryption.
• Keep WordPress Core, plugins, and themes updated.
• Put a backup solution in place.
• Set up automatic malware scans, brute force, and DDoS protection.
• Add a firewall to your site.

On WordPress.com, all of the above is included with every plan, together with additional security features. So, if you want a simplified and effective way to prevent being hacked, move your site to WordPress.com.

 [#item_full_content]

Schema markup gives you a way to enhance how your website and its content are displayed in the search engine results pages (SERPS).

Examples of these enhancements include star ratings, event info, product pricing, and FAQs. When implemented correctly, they’re an effective way to make your content stand out in the SERPs and increase click-through rates. 

Adding schema markup to your WordPress site also helps search engines to understand your content better, increasing the chances of it being displayed where your target audience will find it.

By the end of this guide, you’ll better understand schema markup for WordPress and how to add it to your site.

What is schema markup?

Schema markup, sometimes called structured data, is code you add to your website. Its purpose is to help search engines understand your content better, such as its meaning and context. 

Similar to categories and tags in WordPress, schema markup can be used to add labels to your content that explain what each piece of content is about and its format. Some examples of these labels include products, recipes, reviews, and events.

Adding schema markup is also a way to enable rich results or rich snippets for your site and its content. 

You’ve probably seen rich results in the SERPs before. They include extra details about a page in the results, such as business information, star and average ratings, product details, FAQ, recipe information, and more. 

This additional information makes rich results-enabled content stand out and helps search engine users decide which result to click on.

Common Types of Schema Markup

Here are some widely used schema markup types and how they can generate rich results:

• Review and Rating: Can display star rating and number of reviews in the SERPs.
• Articles: Includes headline, author, publication date, and a thumbnail image. 
• Product: Price, availability, and rating can be displayed. 
• FAQ: Collapsible questions and answers are displayed.
• Recipe: Cooking time, ingredients, and ratings can be displayed.
• Local Business: Name, address, phone, and business hours can be included.
• Event: The event’s date, location, and ticket availability can be displayed. 

Not everything that can be displayed in a rich result is displayed. Many factors control how and when they’re displayed, such as site settings, the user’s search term, and the search engine algorithm. 

However, adding schema markup is essential for enabling rich results for your site. 

While there are hundreds of types of schema, you must use the types supported by Google if you want your content to feature rich snippets when displayed in their search results. 

Benefits of adding schema markup to your WordPress site

One of the main benefits of adding schema markup to your WordPress site is that it can increase your content’s click-through rate when it’s displayed in the SERPS. 

For example, one study found that 58% of search engine users clicked on results enhanced with rich results while only 41% of users clicked on regular (non-rich) results.

This makes sense as rich results not only stand out but they also provide search engine users with more information when deciding which result to click on. 

For example, if a user is searching for a recipe, seeing the cooking time and user rating displayed in the SERPs demonstrates that the content is informative and whether or not it meets their requirements. 

The other main benefit is that search engines can use schema markup to better understand your content. This helps the search engines to know when to display your content in their results, sending more relevant traffic to your site. 

A further benefit of using schema markup is that it increases the chances of your content being displayed in more places in the SERPs. This includes the People Also Ask boxes and recipe carousels.

Key benefits of adding schema markup:

To summarise, the main benefits you could potentially unlock by adding schema markup to your WordPress site include: 

• Increased visibility in the SERPs by enabling rich results.
• Improved click-through rates in the SERPs by making your content stand out.
• Increased traffic to your site without needing to improve your ranking. 
• Help search engines understand your content and know where to display it.
• Make your content eligible for display in People Also Ask boxes and elsewhere on the results pages.

As we’re about to cover, adding schema markup to WordPress is relatively straightforward, making it something all site owners should consider. 

How to add schema markup to WordPress

You can add schema markup to your site manually, but this is another area where WordPress plugins can be used to simplify the task. 

Here are some recommended plugins as well as a guide to adding structured data to WordPress using one of the options. 

Schema markup WordPress plugins

There are lots of plugins that can add schema markup and structured data to WordPress. Some of these plugins include other useful functionality, such as search engine optimization features, while others are focused solely on implementing schema markup. 

Not all schema markup plugins for WordPress cover all the available schema types, so you must choose a plugin that supports the ones you need. For example, if you’re creating a food blog with WordPress, you could select a recipe-specific plugin that adds the relevant schema markup, such as WP Recipe Maker.

Just ensure that any plugin you’re considering supports the schema markup you want to use.

Rank Math SEO

Rank Math SEO is a popular and user-friendly option for adding schema markup to WordPress.

The free version of the plugin lets you add 13 schema types, making it suitable for most projects. The paid version supports six more types. 

Thanks to its broad range of SEO features, Rank Math SEO can also be used as your WordPress SEO plugin. 

The paid version has more schema-related features, including adding multiple schema types to a single page. This would let you add the Product Schema and Review Schema to an eCommerce product page to display pricing and rating information in the rich results.  

The paid version also includes a schema generator to help you choose the correct schema for each piece of content and a tool for importing schema markup from other websites so you can see how others are using structured data. However, the free version of Rank Math SEO can add a good range of schema markup to WordPress. 

Rank Math SEO is an excellent option if you’re looking for a powerful SEO and schema plugin that’s easy to use.

Yoast SEO

Like Rank Manth SEO, Yoast SEO is an SEO plugin for WordPress that can add schema markup to your site. It’s also one of the most popular plugins on WordPress.com. 

Like the other options covered here, you can set a default schema markup type for your site so you don’t have to select one each time you publish a new piece of content. This can be overridden at the post and page level if needed. 

Yoast SEO integrates with other schema markup plugins, including WP Recipe Maker, giving you more options for adding structured data to your site while maintaining access to the rest of the plugin’s features. 

Choose Yoast SEO if you want to install the most widely used SEO plugin for WordPress and add schema markup with the same plugin.

Schema & Structured Data for WP & AMP

Schema & Structured Data for WP & AMP was built specifically for adding schema markup to WordPress rather than also being an SEO plugin. The free version supports an impressive 46 schema types.

The developers claim that users can request additional schema types, and they will add them to the plugin. This makes Schema & Structured Data for WP & AMP ideal for anyone creating content types not covered by other plugins. 

Schema & Structured Data for WP & AMP isn’t quite as user-friendly as the other plugins covered here. However, I’ve included it as it supports many schema types, making it a good option if it covers the schema types you want to use that other plugins don’t. It’s also a suitable option if you’re already using an SEO plugin you’re happy with and are looking for a schema markup plugin to use alongside it.

Using Rank Math SEO to add schema markup to WordPress 

Here’s a walkthrough of using the Rank Math SEO plugin to demonstrate how you can add schema markup to WordPress.

You’ll need the Business plan or above if WordPress.com hosts your site and you want to install this plugin. 

Rank Math SEO is a good option as it has a user-friendly setup wizard to help you optimize your site for search engines and add structured data to WordPress. 

To get started, go to Plugins → Add New in WP Admin.

Next, search for “Rank Math SEO” and click the “Install Now” and then Activate buttons. 

The optional setup wizard will launch after activating the plugin. The wizard walks you through setting up the SEO features of the plugin and gives you the option of importing the settings from an SEO plugin you might already be using on your site.

To configure the schema markup capabilities of the plugin, go to Rank Math SEO → Titles & Meta from the WP Admin sidebar menu.

Then, click on Posts under Post Types on the Rank Math SEO panel. 

Now you can set the default schema markup type for all posts. Choose Article from the Schema Type dropdown menu if you’re primarily creating blog posts.

You can override the default settings from the WordPress editor when you’re creating a piece of content that will use a different schema markup type.

To do so, click on Schema Generator from the Rank Math panel in the WordPress editor.

One instance where this would be necessary is if you’re publishing a recipe where the default schema type for the site was set to Article. 

You can then add the additional information for the schema type you’ve selected. 

For example, if you selected the recipe type, you can add the preparation time, cooking time, and other details that will be displayed in the rich results in the SERPs.

Click the “Save for this Post” button when you’ve finished.

You can then repeat the above to add structured data to any new and existing content on your site. 

The Titles & Meta section of the Rank Math SEO documentation has the full details on adding structured data to WordPress with this plugin. 

Testing your schema markup

Once you’ve added the schema markup via your choice for plugin, rich results should be displayed for your content in search engines. 

However, it’s recommended that you test your site to ensure that everything is working as expected. While the best schema markup plugins for WordPress do an effective job of adding structured data to your site, checking and testing can highlight any issues, such as missing required fields.

There are a few tools you can use to test your site’s schema markup, including:

• Schema.org Validator: Enter the URL of a page to find out if the structured data has been added correctly. Any errors will be highlighted to help you resolve them. 
• Google Rich Results Test: Validate your schema markup to check which rich results can be generated by its structured data. 

Correctly adding schema markup to your site is no guarantee that search engines like Google will display rich results for your content. 

However, by using a reliable plugin or correctly adding the structured data manually, you will have done all you can to activate rich results for your site. 

Ready to add schema markup to WordPress?

Adding schema markup to WordPress makes it possible for your site to start benefiting from rich results, such as improved click-through rates from the SERPs and more traffic.

The easiest and most convenient way to add structured data to WordPress is to use a schema markup plugin. 

Before you choose a plugin, ensure it supports the type of schema markup you’d like to use on your site. 

Plugins like Rank Math SEO and Yoast SEO are easy to use and include many useful features. However, they don’t cover all the schema markup types, so be sure to choose the right plugin for your goals. 

If WordPress.com hosts your site or you’d like it to, you can install plugins on the Business and Commerce plans and benefit from fast load times, enhanced security, and many other valuable features. 

 [#item_full_content]

The WordPress Foundation is pleased to announce the return of the Kim Parsell Memorial Scholarship for WordCamp US 2025. Applications are being accepted until July 25, 2025.

Remembering Kim Parsell

Kim Parsell was a dedicated contributor and a beloved member of the WordPress community. Her passion for open source and her welcoming spirit inspired many, both online and in person. Each year at WordCamp US, the WordPress Foundation celebrates Kim’s legacy by supporting contributors who share her commitment and enthusiasm. The Kim Parsell Memorial Scholarship aims to make it easier for deserving community members to attend WordCamp US, reflecting Kim’s belief in making WordPress accessible and inclusive for all.

If you’re unfamiliar with Kim’s story or her invaluable role in the community, we encourage you to read these heartfelt tributes collected from friends and colleagues.

Scholarship Eligibility

This year, a single scholarship will be awarded. To qualify, applicants must:

• Identify as a woman
• Be actively involved as a contributor to WordPress
• Have never attended WordCamp US before
• Demonstrate a need for financial support to attend the event

If you meet these qualifications, we invite you to apply before the July 25 deadline. All applicants will be notified of the decision by August 7, 2025.

For additional information, visit the Kim Parsell Memorial Scholarship page hosted by the WordPress Foundation.

Join the Celebration

• Tickets for WordCamp US 2025 are now available—secure yours soon!
• Volunteer applications are open until July 11, 2025
• Interested in supporting the event? Explore our sponsorship opportunities

Help us spread the word about this opportunity and make WordCamp US 2025 even more special.

 [#item_full_content]

Picture this: You’re working on a client’s website, fine-tuning a new theme you’ve been developing for weeks in WordPress Studio. The design is perfect in your local environment, and you’re ready to push it live using Studio’s sync feature.

But there’s a catch. You only want to deploy the theme. You don’t want to overwrite the plugins already running smoothly in production, and you definitely don’t want your local test content affecting the live database.

If that sounds familiar, you’re not alone. Until now, Studio’s sync feature was all or nothing; you could easily push or pull entire sites between your local environment and WordPress.com or Pressable, but there was no way to sync just part of a site, like a single theme.

That changes today with the release of Selective Sync in WordPress Studio 1.5.5.

Adding granular control

Selective Sync gives you precise control over what gets transferred between WordPress Studio and any connected production or staging sites. You can now choose exactly what to sync, whether it’s a single theme, a specific plugin, only the database, or the entire wp-content folder. 

The reality of WordPress development is that production sites are constantly changing. While you’re working on new features locally, your live site continues to serve visitors, process orders, and collect user data. A full sync in either direction could result in lost changes or disruptions for active users.

Here are a few scenarios where Selective Sync really shines:

• Plugin development: When building a new plugin feature, you often work with test data that shouldn’t make its way into production. Selective Sync lets you push only the plugin files, keeping your local database separate. Your live site’s data stays intact, and your new feature goes live without disruption.
• Theme updates: Theme developers face similar challenges. You might spend days fine-tuning layouts and testing block patterns with sample content. When it’s time to deploy, you want to push only the theme files, not placeholder posts or demo images. Selective Sync makes that easy.
• Privacy and scale: If you’re working with a WooCommerce store that has hundreds of products and thousands of customers, cloning the full site locally can be risky or unnecessary. Selective Sync allows you to pull down only the code you need to work on, such as the theme or a specific plugin, without syncing sensitive customer data to your local environment.
• Focused environments: Some developers prefer to separate concerns by using different local Studio sites for different types of work. You might maintain one environment for plugin development and another for theme design. With Selective Sync, each can connect to the same production site and push changes independently, without affecting unrelated parts of the project.

Since full-site sync launched in January 2025, developers, designers, and site builders have asked for more flexibility. Selective Sync was built in direct response, making it easier to adapt Studio to the needs of real-world projects.

How Selective Sync works

If you’re new to WordPress Studio, this is a great time to explore what the tool offers beyond its new syncing features. Studio is free, open source, and built to make building WordPress plugins, themes, and full sites more efficient and enjoyable.

Already using Studio? Selective Sync is available now. Just update to the latest version when prompted in the app, then follow the steps below to get started.

TIP: Keep in mind that while WordPress Studio is free to use, the sync feature requires a WordPress.com site on a Business or Commerce plan, or a Pressable site with the Jetpack Security plugin active. For more information, check the official documentation.

Connect a live site

The first step is to connect a local Studio site to an existing production or staging site on WordPress.com or Pressable. You can also create a new site on WordPress.com from the Studio interface:

1. Select the site you wish to connect from the Studio sidebar.
2. Open the Sync tab.
3. Log in to WordPress.com if you haven’t already.
4. Click the “Connect site” button to see available sites. 
5. Select the site you want to connect to and confirm by clicking the Connect button.
6. (Optional) Create a new site by clicking “Create a new WordPress.com site.”

Pull content into Studio

Once your live site is connected in Studio, you can either pull content from the connected site into Studio or push content from your local environment back to the connected site.

Let’s start with pulling content:

1. Open the Sync tab for the site you want to synchronize (if you’re not already there).
2. Locate the connected WordPress.com or Pressable site you want to pull content from.
3. Click Pull to open the sync modal.

4. Choose to sync “All files and folders” or “Specific files and folders,” then use the checkboxes to select what you want to include.
5. Decide whether to include the Database in the sync.
6. Click Pull to confirm and begin syncing.

The process may take some time, as a full backup of your live site will be created. Once complete, you’ll be ready to start working locally in Studio.

Push content to a live site

Pushing content from Studio to a connected site follows a similar process to pulling, but with more control. You can choose individual plugins, themes, and other files to sync.

1. Open the Sync tab for the site you want to synchronize (if you’re not already there).
2. Locate the connected WordPress.com or Pressable site you want to pull content from.
3. Click Push to open the sync modal.

4. Choose to sync “All files and folders” or “Specific files and folders,” then use the checkboxes to select what you want to include. You can expand the plugins, themes, and uploads folders to select individual items.
5. Decide whether to include the Database in the sync.
6. Click Push to confirm and begin syncing.

As with pulling content, the process may take some time. A full backup of the connected site will be created before your local changes are applied. Once the sync is complete, you’ll receive an email confirmation with a summary of what was transferred.

Pro tips for using Selective Sync

Selective Sync is built to streamline development, but there are a few key details to understand before getting started.

When pushing from Studio to a production or staging site, development-only files such as .git directories and node_modules folders are automatically excluded. These files remain local, keeping your live site clean and efficient.

As noted earlier, when pulling content into Studio, you can sync entire folders, such as all themes or all plugins, rather than selecting individual items. In contrast, when pushing to a live site, you can choose specific themes and plugins. We found this setup reflects the needs of most workflows, but we’re always listening to feedback for future enhancements.

While Selective Sync covers many common scenarios, some projects may still require a more advanced deployment workflow. For those cases, GitHub Deployments on WordPress.com offers more control and works well alongside Studio for complex setups.

What’s next for Studio?

Selective Sync is part of a broader effort to support the variety of workflows developers use every day. That work continues, especially within WordPress Playground, the foundation that powers Studio. 

Upcoming enhancements include:

• XDebug support: One of the most requested additions, this will bring professional debugging capabilities to WordPress Studio. Follow along on GitHub.
• Performance improvements: Upcoming enhancements in WordPress Playground will make Studio even faster and more responsive.

Community feedback drives these priorities. The WordPress Studio GitHub repository is the central place to suggest features, report bugs, and contribute directly to the project. Every issue, comment, and pull request helps shape the future of Studio.

If this is your first time exploring WordPress Studio, or if it has been a while since you last tried it, now is a great time to take another look. Alongside Selective Sync, dozens of improvements have rolled out this year, with more still to come.

 [#item_full_content]

​A giant gas planet comparable in size to Saturn exists around a small red dwarf star. The discovery is beyond the scope of conventional astronomy theory, and is making experts reconsider conventional notions of planet formation. 

​Read More

 Science, Science / Space, Space Science, Science / Space, Space

​Get better posture, fewer back aches, and an ergonomic desk setup, thanks to these top laptop stands, mats, and risers. 

​Read More

 Gear, Gear / Buying Guides, Gear / Products / Accessories, Gear / Products / Computers, Straighten Up Gear, Gear / Buying Guides, Gear / Products / Accessories, Gear / Products / Computers, Straighten Up

Keeping your WordPress site backed up is essential. Imagine how you’d feel if your website was gone one day and there was no way to get it back.

While there are many ways to back up your WordPress site, choosing the right one can be difficult. Each option has its own features and user experience. 

This guide covers the important features to look for in a backup tool. It also looks at some of the best backup tools available and includes a quick walkthrough of how to back up a WordPress site. 

What are WordPress backups?

 A WordPress backup is a copy of your website’s files and database. The backup lets you restore the whole site if something goes wrong. There are two types of backups:

• A full backup restores the entire site to the state it was in when the backup file was created.
• An incremental backup only restores new or recently modified items, such as updated pages, new plugin settings, or altered media files.

While the WordPress editor autosaves your posts and pages, giving you a way to restore earlier versions of your content, this isn’t the same as backing up an entire WordPress site, including its files and database.

• A database backup includes your site’s content, such as all posts and pages, the site settings, user information, and comments.
• A file backup typically includes the themes, plugins, media uploads, and core WordPress files of your site.
• A partial backup only includes some files or parts of the database and its tables.

Partial backups

If you want to restore the site’s content, without overwriting any changes you’ve made to the site’s files since the backup was created, you can make a partial backup.

For example, maybe you want to restore a deleted blog post, but you’ve changed your site’s theme since the post was deleted. Restoring just the database will restore the post (and other database contents) without affecting the site’s files.

Manual vs. automatic backups

Backups can be created manually or automatically, depending on the features of your backup tool.

Basic WordPress backup solutions often don’t back up your site in real time, necessitating a manual backup prior to changing your site. While a manual backup offers more control, the downsides include:

• Not always knowing when to make a backup
• Having to remember when you should make a backup
• Role-based restrictions on who can make the backup

Automatic backups happen on a regular schedule, such as once per day, or as changes are made to your site. Due to the importance of having a recent backup, it’s a good idea to choose a solution that automatically creates backups. 

Why WordPress backups are important

Reasons you might need to use a backup to restore your site include:

• Hacking or malware: Although WordPress is a secure platform, a clean backup allows you to quickly recover your site if it gets hacked or infected.
• Server crashes or hosting failures: If your host loses data or has a server error, a backup can help you get your site online again quickly.
• Accidental data loss or deletion: We all make mistakes, and whether you’ve accidentally edited a blog post, deleted an image file, or changed a key setting, a recent backup lets you undo those changes.
• Plugin or theme conflicts: Installing or updating a plugin or theme may introduce errors to your site or cause a conflict. A backup enables you to return your site to how it was before the issue arose.
• WordPress software updates: New WordPress releases are thoroughly tested, but you might need to roll back to a previous version due to a conflict or introduction of a new feature you’re not ready for.

To mitigate against the above situations, backups must have been recently created, safely stored, and be easy to restore. 

Some websites need more robust backup solutions than others. For example, if you have a site that rarely changes, making a manual backup on a daily or weekly cadence should suffice. 

However, you’ll need a more feature-rich, automatic backup solution if you’re regularly making changes to your site, such as frequently publishing new blog posts, or you often receive comments or messages via your site’s forms. 

Those selling items or subscriptions through their WordPress site will also need robust backup solutions to prevent the loss of orders and other key data.

Additionally, if you have multiple users working on your site, there’s a higher chance of mistakes being made. This means you’ll need to create backups more frequently than once daily.

What to look for in a WordPress backup tool

Your main options as a WordPress site owner are using the backup service provided by your web host or a plugin.

The quality of the available plugins and options provided by hosts vary considerably. Some solutions are very robust, feature-rich, and comprehensive, while others are basic and challenging to use.

Some key points to consider when choosing a way to back up your WordPress site include:

• Automation: Can backups be automatically created on a set schedule, such as daily, or in real-time whenever a change is made?
• Frequency: How often are automatic backups created, and can backups be created manually on demand?
• Breadth: Is your entire site backed up, including the files, database, and email provision? 
• Restoration options: Can you restore part of the backup, such as the database or a specific post, or do you have to restore and overwrite your entire site each time?
• E-commerce-friendly: Is the solution compatible with online stores and does it give you the option of keeping order details while restoring other parts of your store?
• Storage: Are the backups stored separately from your website, such as on another server or in your cloud storage? Can you download the backups to your computer? Are multiple copies of the backup files created for redundancy, and how long are they available?
• Security features: Are the backups encrypted and stored securely?
• Ease of use: How easy is it to access and restore the backups? Is the interface user-friendly?. 

Use your host’s backup solution

Most web hosts provide a backup solution. However, the functionality of the system varies significantly between hosts. Some might have a powerful in-house tool, while others rely on the cPanel backup functionality.

If your host provides a backup solution, try it out and see how easy it is to restore your site. Check its features and how useful they’d be if there’s a problem. If your host’s backup solution isn’t good enough, you should be able to switch to a plugin.

Use a WordPress backup plugin

There are many backup plugins for WordPress. The best options automatically back up your site on a custom schedule or in real time. 

Make sure you closely check out the features and test any plugin you install to see if it works as expected, especially the free options. 

Top WordPress backup plugins

Here’s a quick overview of some popular free and paid plugins you can use to back up your WordPress site:

Jetpack VaultPress Backup

Jetpack VaultPress Backup is a paid service available as a stand-alone WordPress plugin or as part of the WordPress.com Business and Commerce hosting plans, at no extra cost. 

The service includes key backup-related features such as real-time backups, full and partial restoration, and an activity log that makes it easy to undo site changes. 

Jetpack VaultPress Backup has good support for WooCommerce, so you can safely restore your site to any past state while keeping all order and product data.

UpdraftPlus

UpdraftPlus is a very popular plugin available in free and paid options. 

The free version covers all the essentials, including automatically creating backups, saving them to cloud storage, and the ability to easily restore them. However, incremental backups, automatic backup creation before installing WordPress updates, and database encryption are paid features.

Using UpdraftPlus is straightforward, but like most other WordPress backup plugins, it lacks the useful Activity Log feature of Jetpack VaultPress Backup.

BackWPup

BackWPup is another popular plugin with free and paid versions. 

The free version lets you choose exactly what parts of your site to back up. Backups can be automatically created as frequently as every hour. Saving backups to a selection of cloud storage services is another free feature. 

However, restoring backups with the free version isn’t as user-friendly as UpdraftPlus and JetPack VaultPress Backup.

BlogVault WordPress Backup Plugin

The BlogVault WordPress Backup Plugin connects your site to the BlogVault backup service rather than integrating a backup tool into your WordPress dashboard. 

Once set up, all backup and restore actions take place in your account area on the BlogVault website. 

The free version allows you to create backups, but you can only restore them with the relatively expensive paid plans.

Which WordPress backup plugin should you choose?

Out of the above options, the free version of UpdraftPlus is an excellent choice. Frequent automatic backups are included, and you can restore them without upgrading to a paid plan. 

If you’d like a more robust backup solution and don’t mind paying for it, the ease of use and Activity Log feature of Jetpack VaultPress Backup make it an appealing option. 

Whichever one you choose, be sure to thoroughly test the backup and restore functionality now, rather than waiting until it’s needed.

How WordPress.com handles backups

If you host your site with WordPress.com and choose the Business or Commerce plan, you have access to real-time backups powered by Jetpack VaultPress Backup.

Once you’ve signed up for either the Business or Commerce plan, Jetpack VaultPress Backup automatically starts backing up your site in real time. Manually creating a backup at any time is possible, too. 

Backups are available for up to six months while you’re subscribed to an eligible plan. They’re also kept for 30 days after your subscription expires. 

Let’s walk through how to use Jetpack VaultPress Backup with WordPress.com hosting.

Accessing your backups

You can view your backups from your WordPress dashboard. 

Once logged in, go to Jetpack → VaultPress via the sidebar menu.

The last time a backup was created is shown on the Jetpack VaultPress Backup page.

Restoring a WordPress backup

You can restore a backup from your WordPress dashboard or download the file for safekeeping.

You can also view and restore the individual components of the backup, for example if you need to restore an image file that was accidentally deleted.

You can also use the staging site feature available on the Business and Commerce plans to handle more complicated restoration of a backup. 

This is handy if, for instance, you created many blog posts after your last backup, and don’t want to lose those blog posts. You can restore the backup to the staging site, then restore the specific content to the live site.

Although the above is an advanced aspect of Jetpack VaultPress Backup, you never know when you might need it.

Using the Jetpack Activity Log

The Jetpack Activity Log is another way to access your backups. The log displays a detailed list of activities on your site from the past 30 days.

You can undo a change or restore your site to a specific point in the log, if needed.

Jetpack also has a mobile app so you can easily access the Activity Log and restore backups on the go.

As you can see, backing up and restoring your WordPress site can be very straightforward, depending on the tool you choose. 

WordPress site backup best practices

To get the most out of your WordPress site backups, consider the following:

• Frequency: Set a frequency that covers the important changes to your site, such as form submissions, content publication, and customer orders. Even better, opt for real-time backups.
• Storage: Make sure the backups are securely stored and not on the same server as your website. 
• Retention: Ensure enough backups are retained for long enough that you can recover a specific version of your site, rather than only being able to restore to when it was last backed up.
• Test restoring backups: Test your backups occasionally to ensure they are easy to restore when needed. 

If you follow the above advice, you’ll never have to lose sleep over whether or not your WordPress site is backed up sufficiently.

Is your WordPress site backed up?

You don’t want to wait until you need a backup to find out whether or not your site is backed up. 

If your site is being backed up, make sure everything is functioning as expected and that you can successfully restore a backup. If you’re not backing up your site, now is the time to choose a solution.

If you don’t yet have a website, WordPress.com’s managed hosting makes it easy to start one. Depending on your chosen plan, you get access to feature-rich backups, premium themes, and a fast, secure hosting environment. Ready to bring your site home? Start your site migration to WordPress.com here.

 [#item_full_content]

​Like a lot of Breville’s best devices, the Luxe Brewer combines technical sophistication with easy single-button operation. 

​Read More

 Gear, Gear / Reviews, Gear / Products / Kitchen, Hot and Cold Gear, Gear / Reviews, Gear / Products / Kitchen, Hot and Cold