I’ve used a number of plugins to backup WP – none of them (the free ones, anyway) have ever really fit the bill as an all-in-one solution. You usually either get the database or the files, and you need both to fully recover from a server failure or hack job.

I’ve been using WP DB-Manager for quite a while for database backups – it seems to work very well except for the annoying nag message that comes up every time you upgrade it. The only  way I’ve determined to get rid of the nag (following the detailed instructions given by many bloggers does not work) is to open up the PHP file and manually comment it out – which only hides the message, but since backups are working correctly I can live with knowing that. This is a pain, though, and it scares those diligent clients who actually do those upgrades when they see the notice.They have no way to remove it.

Today I installed BackWPup, a plugin that was updated in April 2011. BackWPup has a comprehensive interface that seems to do it all. You can set up and schedule different types of jobs: DB backup, file backup, WP XML export and optimize/check the DB tables. You can choose which DB tables or files/folders to exclude from your backup, too.

Lots of options for storing your backup as well – from emailing a zipped copy to yourself, to backup to a WordPress directory or FTP, and other options like Amazon S3, Rackspace Cloud, Dropbox or Sugarsync.

It looks promising and has had many positive reviews – over 55,000 downloads to date with an average rating of 4 1/2 stars. I’m giving it a try and the first backup will occur tomorrow night. Fingers crossed – maybe this will be The One that handles all my WP backup needs.

I found this very useful plugin today for WordPress – it’s an email bot obfuscator.

What does it do? It hides email addresses from bots looking to harvest addresses for spamming purposes. It’s not foolproof, but it’s supposed to help reduce the chances of successful harvest.

It’s just one .php file – you install it in the plugins folder, then it will automatically create encrypted links from any email addresses on your WordPress site. It creates a mailto link for your users, but if you look at this source code it’s a big encrypted mess that bots have a hard time understanding.

Unfortunately it doesn’t work with emails that are already set up as links with a mailto, so now I’m going through pages and undoing links…

I have a long quote form on my website. Lately, just in the past week, I’ve received about 5 emails from this form with nothing filled in except a big list of porn links or other obnoxiousness in the comments box. I’m running this on FormMail and do have required fields set up but apparently that’s very easy to get around.

I’m in the process of improving my JavaScript knowledge and had recently done a tutorial about form validation, so I applied that knowledge this morning.

In my quote form I inserted this into the <head> section of my php page:

I made my form name ‘form1’ and added this to the <form> tag:

onsubmit="return validate();"

I uploaded it and tested it. Now when someone fails to fill in one of the fields listed above they get a popup box and it doesn’t let them continue.

I know this might not be effective (what happens if they have popups turned off?) but it might enough to dissuade a casual form saboteur, maybe? If it continues to happen I’ll take further action and keep you posted.