You have to backup your website. As a business owner, it is the hub of your brand. Every component of your website is the result of your decisions and way of thinking. There are a lot of security measures you should take seriously including:
- Antivirus (AV) scanning
- Security awareness training
- Proactive password management
- Web application firewall (WAF) configuration
No matter how hard you work on any of these cybersecurity best practices, you’re still vulnerable to cyber attacks. This isn’t fear mongering to con you into purchasing a product. It’s a fact. Along with that fact, there’s one thing that gives legitimate peace of mind in the worst case scenario: recent, validated backups.
A backup is a copy of any original files. A conventional backup is a compressed zip, tar, 7z, or brotli archive of files from which you can extract individual files. A snapshot is a proprietary type of backup that can only be created and fully restored.
Backups should include everything you’d want to restore if that web server becomes inaccessible: files, email, databases, and even logs if you’ve implemented security information and event management (SIEM).
If your website data is infected, or lost due to issues with the hosting provider, the last thing you want is to have to rebuild the site from scratch. This could take weeks. Meanwhile, your sales, search engine optimization (SEO) rankings, and branding will suffer.
Below we’ll dive into why you should backup your website:
- It’s Your Responsibility
- Disaster Recovery and Cyber Attacks
- Test Changes in a Staging Environment
- It’s Easy
- Reassurance and Peace of Mind
- How Should You Backup Your Website?
- How Often Should You Create Backups?
- Where Should You Keep Backups?
It’s Your Responsibility
Yeah, we’re going there first. We all know we should read Terms of Service (ToS), especially policies covering data liability and personally identifiable information (PII). Sometimes, we don’t. For major corporations with ToS too complex for the average reader, there are websites like tl;drLegal to simplify things. Our backup liability policy is straight-forward:
While InMotion Hosting maintains the backups for clients choosing to subscribe to Backup Manager, InMotion Hosting assumes no liability as to the availability or completeness of client data backups. Each client is expected and encouraged to maintain backup copies of their own data.
Regardless of what a web hosting or cybersecurity vendor ToS states, it’s your data. Even when you delegate responsibility for maintaining your data to a third party, known as risk transfer, it’s still ultimately your responsibility. However you manage backups, download them to a local, physical storage device in your possession.
Disaster Recovery and Cyber Attacks
In 2013, Amazon.com went down for just a matter of minutes “due to unspecified technical difficulties” and their estimated loss was just under two million dollars. That’s a major organization with a large dedicated IT support department. How long would it take you to detect an issue within your eCommerce site that’s preventing customers from making purchases and resolve it? Without an uptime monitor and consistent user experience (UX) auditing, it might take much longer than you realize.
Let’s summarize some more relatable situations. Website defacement, the act of a cyber criminal altering your website appearance to show it was hacked, requires you to:
- Restore a working website as soon as possible
- Figure out how the hacker got access to make the changes
- Take steps to mitigate cyber risk in the future
Let’s apply this to the most popular LAMP stack content management system (CMS) today: WordPress. If your website is vandalized, that could mean unknown changes to your WordPress database, configuration files, and PHP code. There could be spyware or other malware deep in obfuscated code. Would you rather gather server logs before restoring a full cPanel backup or manually analyze each database table and WordPress file?
Ransomware on cloud servers and PCs is becoming more popular because, well, people pay the ransom. Usually, the people paying it are the ones without backups. That implies hoping that an anonymous hacker will honor his word after receiving your untraceable bitcoin payment. The best solution: restore a backup and be done with it.
Business owners should have at least some familiarity with security incident response procedures.
Test Changes in a Staging Environment
Let’s say you want to try a new third party integration (plugin, module, addon, etc.), but you don’t want to interrupt your live (production) site. Maybe you just installed PHP 8 on your web server and want to assess compatibility issues. Instead of cowboy coding on a live site, where anything can go wrong, restore the backup on a non-public server space or offline system as a staging (development) environment. Once you’ve finished documenting your fixes in the staging setup, you can quickly make necessary changes on the live site.
Backup management isn’t hard. You can open backups in free software (e.g. 7zip and Engrampa). The best backup solution for you depends on your hosting plan and individual web applications.
- WordPress, Drupal, and other CMSs have user-friendly backup features or integrations
- cPanel has Backup Wizard and automated Backup Configuration on managed VPS and dedicated server hosting
- Linux systems include zip, tar, and cron command-line interface (CLI) programs to schedule backups in the terminal
- Web applications and server administration software may have ways to easily connect to various cloud storage services
- Web hosting providers may offer an automated backup solution similar to our Backup Manager cPanel plugin
Reassurance and Peace of Mind
It’s ultimately your responsibility to maintain website backups for when you need to recover from a cyber attack or work in a staging setup. Having at least a monthly backup is better than nothing. The how depends on personal preferences and what you do.
How Should You Backup Your Website?
The easiest option is to create a full server backup and a snapshot. This way you can restore any individual file or an entire snapshot depending on the circumstances. If you only maintain a web application, look for an integration to backup raw files and databases specific to that app. Email users can copy emails to a local folder from a desktop email client like Thunderbird.
How Often Should You Create Backups?
How often do you update your website? If it’s less than monthly, maybe backup the website before every change. If it’s more often, weekly may be better. If it’s closer to daily, you may want to look into a more advanced backup solution that handles differential and incremental backups.
- A Differential backup includes data that changed since the last full backup
- An incremental backup includes data that has changed since the last backup, full or incremental
Where Should You Keep Backups?
Not on the same server. Download the backups, make sure they work, and store them in multiple locations: an external drive (hard disk, SSD, NVMe, tape, doesn’t matter) and/or cloud storage provider (e.g. Dropbox, Google Workspace).
How Long Should You Keep Backups?
This primarily depends on the storage capacity available to you. If you can’t store more than 3 full backups, consider keeping the most recent backups or a recent backup along with one from the beginning of the month.
Learn more about what you can do with cPanel-managed VPS Hosting.