Menu
Backups without pain: how to set up website backups and lose nothing

Backups without pain: how to set up website backups and lose nothing

Backups are business insurance. A disk failure, a buggy plugin update, an accidental DROP TABLE or a breach can bring your site down. A solid backup plan lets you roll back to a working state in minutes or hours instead of suffering prolonged downtime. The key to “painless” backups is a simple, automated strategy tied to clear RPO/RTO targets, regular restore tests and clear ownership. This article provides a practical Unihost checklist from the 3‑2‑1 strategy to scheduling, encryption and health monitoring.

What exactly to back up

  • Application files: themes, plugins, uploads, static assets.
  • Databases: MySQL/MariaDB (mysqldump/Percona XtraBackup), PostgreSQL (pg_dump/pg_basebackup).
  • Configurations: web server (Nginx/Apache), PHP pools, CMS configs, environment variables.
  • Secrets/keys: .env, integration tokens — store separately and encrypt.
  • Infrastructure: IaC (Terraform/Ansible), Docker compose, image/container versions.
  • Runbooks: who does what, where copies live, credentials/keys.

RPO and RTO in plain English

RPO (Recovery Point Objective) — how much data you can afford to lose, e.g., 30 minutes.

RTO (Recovery Time Objective) — how fast you must recover, e.g., 1 hour. Your backup strategy must meet these targets via snapshot frequency, DB logs, deployment scripts and DNS/load‑balancer switchover procedures.

The 3‑2‑1 (and 3‑2‑1‑1‑0) rule

Keep 3 copies, on 2 different media, with 1 copy off‑site. Extend with 1 immutable copy and a goal of 0 errors during periodic restore drills.

Backup types

  • Full — simple but heavy on storage and time.
  • Incremental — only changes since the last backup; efficient but longer chains.
  • Differential — changes since the last full; a balance of speed and size.
  • Common pattern: weekly full, daily incrementals; for databases, add transaction logs and volume snapshots.

Where to store: local, off‑site, object storage

  • Local — fastest rollbacks but single point of failure.
  • Off‑site — another server/DC; protects against site‑wide incidents.
  • Object storage (S3‑compatible) — economical, versioned and lifecycle‑managed. Use dedicated access keys with least privilege.

Tools and approaches

  • Hosting panels (cPanel/DirectAdmin/ISPmanager) — scheduled backups of files and DBs with remote targets (SFTP/S3).
  • Snapshots (hypervisor/LVM/ZFS) — great for point‑in‑time, not a replacement for file‑level backups.
  • Rsync/Rclone — incremental copies over SSH and to S3.
  • Borg/Restic — deduplication, encryption, integrity checks; supports S3/SFTP/local.
  • Databases: mysqldump/XtraBackup, pg_dump/pg_basebackup; ensure consistency and lock strategy.
  • CMS plugins: fine for WordPress/Drupal, but pair with external storage and system‑level backups.

Encryption and access control

Encrypt backups, especially off‑site ones. Use built‑in encryption in borg/restic or strong ciphers in archive tools. Create service accounts with minimal privileges, store keys/secrets in a secret manager, and enable 2FA where possible.

Scheduling and retention (GFS example)

Example policy: daily incrementals, weekly fulls; DB snapshots every 30 minutes; retention 14/60/90 days (daily/weekly/monthly). In object storage, enable versioning and immutable policies for 7–30 days to defend against ransomware and accidental deletion.

Verification and restore testing

A backup you can’t restore isn’t a backup. Run monthly DR drills: rebuild a staging environment from backups, measure RTO, document steps. Automate integrity checks (hash verification), and perform targeted test restores of files and database dumps.

Monitoring and alerts

The backup system must talk to you: failed dumps, out‑of‑space, unreachable bucket, expired keys. Send reports to email/ChatOps, keep logs and set an SLA on response time.

Unihost checklist: step‑by‑step

  1. Define RPO/RTO.
  2. Choose 3‑2‑1 (or 3‑2‑1‑1‑0).
  3. Configure tools.
  4. Set schedule and retention.
  5. Enable encryption/least privilege.
  6. Add monitoring/alerts.
  7. Perform a first restore test.
  8. Before major releases, take an extra full backup.
  9. Quarterly DR drills.
  10. Train the team.

Edge cases and tips

  • E‑commerce/CRM: ensure transactional consistency — hot backups or short lock windows.
  • Large media: move to CDN/S3 and back up metadata/indexes separately.
  • Custom code/plugins: snapshot and full backup before upgrades; maintain a CHANGELOG.
  • Multi‑tenant: isolate backups by prefixes and IAM policies.
  • Logs/compliance: back up only what regulations require; align retention with policy.

FAQ and conclusion

Q: How long to keep backups?
A: Commonly 14/60/90 days plus offline release archives; adjust for compliance and budget.

Q: Is replication the same as backup?
A: No — replication can copy mistakes; backups are point‑in‑time snapshots.

Q: What about infected backups?
A: Versioning and immutable policies help roll back to a clean point.

Q: What to do if there is not enough space?
A: Enable deduplication/compression (borg/restic), review retention, move to object storage.

Q: Who is responsible for backups?
A: Assign a process owner and duty officers.

Conclusion and next step

The pain of data loss is immeasurably more expensive than setting up copies. Implement a simple 3-2-1 scheme, automate file and DB backups, enable encryption, monitoring and regular recovery tests. The Unihost team will help you select the infrastructure, set up a schedule and storage policies, and test the recovery so that in the event of any failure you will return to work within the declared RPO/RTO.