Backup and Restore WP Ghost Security Settings

Save your WP Ghost security configuration as a backup file and restore it on the same site or any other WordPress installation. The Backup and Restore feature exports every WP Ghost setting, including custom paths, firewall rules, brute force configuration, 2FA settings, and all toggle states, into a single downloadable file. Import that file on another site and your entire security setup is replicated instantly. Perfect for agencies managing dozens of client sites or anyone who wants a safety net before making changes. This is a free feature.

What Is Backup and Restore?

Why Use the Backup and Restore Feature

Backup and Restore is part of your overall hack prevention strategy because it ensures your security configuration is never lost:

Safety net before changes. About to update WordPress, switch hosting, or troubleshoot a compatibility issue? Back up first. If anything goes wrong, restore your exact configuration in seconds instead of reconfiguring dozens of settings manually.

Replicate across client sites. If you manage multiple WordPress sites with the same security requirements, configure WP Ghost once, export the backup, and import it on every other site. Same configuration, no manual repetition. This works for 5 sites or 500.

Version your security configuration. Create dated backups after major configuration changes. If a future update introduces an issue, you can restore to any previous configuration state rather than guessing which settings changed.

How to Back Up Your Settings

1. Go to WP Ghost > Backup/Restore.
2. Click the Backup button.
3. WP Ghost saves all current security configurations into a file.
4. The backup file downloads to your computer automatically.

Store the file safely. Keep backup files in a secure location, not on the WordPress server itself. A password manager, cloud storage folder, or local encrypted drive all work. Name the file with the site URL and date for easy identification (e.g., wpghost-mysite-2026-04-09.json).

How to Restore Your Settings

1. Go to WP Ghost > Backup/Restore.
2. Click the Restore button to open the restore popup.
3. Browse and select the backup file you previously saved.
4. Click Restore Backup to confirm. Your settings are applied instantly.

Important: Restoring a backup overwrites all current WP Ghost settings on the site. If you want to keep the current configuration as a fallback, create a backup of the current settings before restoring the old one.

Replicate Settings Across Multiple Sites

For agencies or developers managing multiple sites, the backup file is your deployment tool:

1. On your first site, configure WP Ghost to your security requirements. Follow the Best Practice guide for a recommended configuration.
2. Create a backup and download the file.
3. On each new site, install WP Ghost, go to Backup/Restore, upload the backup file, and click Restore Backup.
4. Verify the configuration by running a Security Check on the new site.

The same backup file can be applied to as many sites as needed. Each site gets the identical security configuration in seconds.

Custom paths after restore: If you use unique custom paths per site (recommended for maximum security), update the paths on each site after restoring. The backup imports the exact paths from the source site. Having the same custom paths across all sites is less secure than unique paths per site.

Troubleshooting

Site breaks after restoring a backup from a different site

The backup may contain custom paths or firewall rules that conflict with the target site’s configuration (different plugins, different server type). Use the emergency disable guide, the rollback settings, or add a constant in wp-config.php to disable WP Ghost temporarily. Then restore more carefully, or reconfigure manually using the Best Practice guide.

Backup file won’t upload

Check that the file is the original WP Ghost backup file and hasn’t been modified or renamed to an unsupported extension. The file must be a valid WP Ghost export. If your server has a low upload file size limit, check your PHP upload_max_filesize setting in your hosting panel.

Frequently Asked Questions

What is included in the backup file?

Everything in WP Ghost: custom paths, firewall settings, brute force configuration, 2FA settings, security headers, disable options, text mapping rules, URL mapping, and all toggle states. The backup captures the complete plugin configuration.

Can I restore a backup on a site running a different WordPress version?

Yes. WP Ghost settings are independent of the WordPress version. The backup file contains only WP Ghost configuration data, not WordPress core settings. It works across WordPress versions as long as the WP Ghost plugin version is compatible.

Can I restore a backup from Apache on an Nginx server?

Yes, but verify the configuration after restoring. Some WP Ghost features (like .htaccess-based rules) work differently on Nginx. Run a Security Check after restoring to confirm everything works on the target server.

Is this a free feature?

Yes. Backup and Restore is available in the free version of WP Ghost.

Does WP Ghost modify WordPress core files?

No. Backup and Restore reads and writes WP Ghost’s own configuration data stored in the WordPress options table. No core files are modified during backup or restore.

Related Tutorials

Manage and recover your WP Ghost configuration:

• WP Ghost Settings Best Practice – The recommended configuration to use as your backup baseline.
• Rollback Settings – Reset WP Ghost to default without a backup file.
• Emergency Disable – Disable WP Ghost if you can’t access the dashboard.
• WP Ghost Constants in wp-config.php – Override settings via code when dashboard access is unavailable.
• Website Security Check – Verify your configuration after restoring a backup on a new site.