Protect your monitoring configuration with exports, strong passwords and two-factor authentication. This guide covers backup/restore, SmartXHosting’s server-level daily backups, password hygiene, 2FA setup and API key management.
Why back up • Exporting your configuration • Importing a backup • SmartXHosting automatic backups • Strong passwords • Two-factor authentication • Managing API keys • Security mistakes to avoid • FAQ
Every HTTP monitor, every notification channel, every carefully tuned status page and every colour-coded tag represents hours of thoughtful configuration work. If something goes wrong — accidental deletion, a misconfigured import, a cascading settings change — you could lose it all in an instant.
Regular JSON exports give you a safety net. Combined with the daily server-level backups SmartXHosting takes, your monitoring setup is doubly protected.
Uptime Kuma provides a built-in export tool that saves your entire configuration as a single JSON file:
Tip: the JSON export does not include historical uptime data. That’s stored in the SQLite database, which SmartXHosting backs up daily as part of your plan.
Best practice: export before major changes — adding a batch of new monitors, restructuring notification channels, editing status pages. Keep at least one local copy per month.
Warning: Overwrite replaces your entire current configuration. Any monitors created since the backup was taken will be lost. Always export your current configuration first.
After importing, test notification channels. Monitor IDs may change during import, which can affect external integrations or badge URLs that reference specific IDs.
As a SmartXHosting Uptime Kuma Hosting customer, your entire instance is backed up automatically every day at the server level. These daily backups include:
You don’t need to manage server-level backups yourself. But we still recommend exporting your own JSON backup periodically — a local copy gives you instant access without contacting support and provides an additional layer of protection you control directly.
Your Uptime Kuma dashboard contains sensitive information — URLs of every service you monitor, notification channel credentials, infrastructure structure. Protect it with a strong password.
Choose 14+ characters mixing uppercase, lowercase, numbers and symbols. Avoid dictionary words, common phrases, sequences like 123456 or password. Use a password manager (1Password, Bitwarden) to generate and store a unique password.
Change via Settings › Security: enter current password, new password, confirm.
2FA adds a second layer by requiring a TOTP code in addition to your password. Even if someone obtains your password, they can’t access your dashboard without the code.
From now on, every sign-in requires password + 6-digit code.
For programmatic access (integrations, automation scripts), use API keys rather than sharing login credentials:
Authorization: Bearer YOUR_API_KEYTreat API keys like passwords. Don’t share in plain text, don’t commit to source code repositories, revoke keys that may be compromised. Disable or delete from Settings › API Keys.
Secure monitoring on UK infrastructure
SmartXHosting Uptime Kuma Hosting — daily backups, TLS 1.3 SSL, managed updates and UK-based support for account recovery when you need it.
View Uptime Kuma HostingQ: How do I back up monitors and settings?
A: Settings › Backup › Export. Downloads JSON file with monitors, notifications, status pages, maintenance windows, tags.
Q: Does JSON export include historical data?
A: No. Only configuration. Historical response times and uptime events are in SQLite, backed up daily by SmartXHosting.
Q: How do I enable 2FA?
A: Settings › Security › Two-Factor Authentication › Enable 2FA › scan QR with Google Authenticator or Authy › enter code › save backup codes.
Q: Will importing overwrite my config?
A: Depends. Overwrite replaces everything. Skip Existing only imports new items. Always export first.
Q: What if I lose my 2FA device?
A: Use a backup code (one-time use each). If no codes remaining, contact SmartXHosting support via the Customer Dashboard for recovery.
Q: Can I restrict API key permissions?
A: Current Uptime Kuma API keys grant full access. For read-only monitoring, use the public status page JSON endpoints rather than an API key.