How do you establish a backup strategy for your website?

What is a backup?

Definition

Backing up is the process of creating a copy of your data. When you copy and paste your holiday photos from your camera to your computer or USB stick, it’s a bit like that.

A backup is a snapshot of your website taken at a point in time. A backup allows you to restore your website as it was at that moment in the past.

Why back up your website?

After all, if your server is secure, what would be the point of making a copy?

Making a backup of a website requires resources, disk space, and something else to manage …

And yet it’s absolutely essential.

This is an essential asset in the event of:

• piracy
• bug
• false manipulation
• human error (you have permanently deleted an article by mistake)
• problem with updates
• web server failure
• a natural disaster, such as a fire, flood or earthquake

A backup also allows you to easily migrate your website to another server.

In short, having a good backup policy in place is a bit like having good insurance. You hope you’ll never need it, but when you do, you’ll be glad you did the right thing.

The different types of backup

There are several types of backup, each with its own advantages and disadvantages.

Full backup

As the name suggests, this backup copies all the data on your site to the destination of your choice. All the files and the database are cloned.

• advantages: this backup alone can be used to restore your entire site, migrate it – in short, it contains everything you need!
• disadvantages: this backup can be very heavy and require significant server resources when it is run.

Incremental backup

This backup will only record changes that have taken place since the last backup, whether full or incremental. For example, if you made a full backup on Monday and run an incremental backup on Tuesday, the incremental backup will only contain the changes you have made in the last 24 hours.

• advantages: much lighter and quicker to install
• Disadvantages: slightly more complex to set up, and requires the last full backup and all intermediate incremental backups to be restored.

Differential backup

This backup uses the same principle as the incremental backup, but only backs up changes that have taken place since the last full backup. The first differential backup will therefore be similar to an incremental backup, but subsequent backups will continue to refer to the full backup, as if no intermediate backup had been made.

• advantages: simpler to set up than incremental backup, and less cumbersome than full backup
• disadvantages: heavier than incremental backup

The importance of data redundancy

Now that we understand the importance ofback-ups, let’s look at the importance of redundancy.

Definition

Data redundancy is a key concept in information management, aimed at guaranteeing the availability and security of data by creating additional copies. In the context of website backup, redundancy plays a crucial role in minimising the risk of data loss and ensuring rapid recovery in the event of a problem.

Two types of redundancy

There are two types of redundancy:

Local redundancy

The backup is simply carried out at the same physical location. Typically, some hosting providers offer regular backups as part of their packages, but these are sometimes stored in the same data centre.

When you back up your holiday photos on a USB stick that you slip into your desk drawer, it’s a bit the same thing.

You quickly realise the risk with this type of redundancy: if the data centre burns down (as unfortunately happened to OVH a few years ago), you lose everything.

Geographical redundancy

As you may have guessed, this time we’re going to make sure that the data is stored elsewhere. This avoids problems in the event of fire, flood or other disaster.

Of course, setting up a remote backup requires a little more configuration, but it is essential.

How many copies should I keep?

As we have seen, without a backup, you will lose all your data in the event of an irreparable problem.

With a backup, whether local or remote, you are 90% sure of being able to recover your data.

Why 90% and not 100%?

Because, as we said, the machine that stores your backup could also have a problem: natural disaster, hardware failure, cyber attack …. But also because the process of creating a backup is not infallible. This is known as a corrupted backup.

As we don’t want to find ourselves in the remaining 10%, we’re going to make one more backup. That way, you have a 99% chance of being able to restore your website in the event of a major disaster.

And if, like me, you think that 1% is still too much, you can clone your backups once again in another geographical location in order to increase your peace of mind to 99.9% 🙂

Yes, because the probability that your website will be hacked, that the server for the first backup will burn down, that the server for the second backup will be devastated by a tsunami, and that the third backup will be corrupted? All in the same day, is very, very low.

How often should I back up my website?

The frequency of backups is an important factor to consider when setting up your website backup strategy. A backup that is too old may not be sufficient to solve your problem, and could even create new ones.

Needs assessment

Ask yourself the right questions about the nature of your website. A showcase website that doesn’t change very often won’t have the same needs as an ecommerce site where transactions are carried out every hour.

Also ask yourself what you will incur in the event of data loss. For a site that doesn’t change much, the losses will be small if you have to restore your site to its version from a week ago, compared with an e-learning site where members need to know where they are in their daily progress.

Frequency recommendations

Monthly backup

For sites that change infrequently, typically “showcase” sites. You can set up a monthly full backup with automated daily incremental backups to ensure that nothing is lost in the event of a restore.

Weekly backup

For sites that are going to change a little more often, for example sites with blog functionality. Switching to a full backup every week allows you to have more regular checkpoints.

Daily backup

For very active blogs, sites with member zones, online sales sites, e-learning platforms, etc. In short, for sites that change every day. In short, for sites that change every day. A full daily backup is necessary.

Hourly backup

This is a very advanced level of backup, but one that makes sense for ecommerce. In this case, in addition to the daily backup, we’ll add an incremental backup every hour.

What about the RGPD?

The data in your backups may contain highly sensitive information, such as personal data about your users.

The General Data Protection Regulation (GDPR) is a European law designed to protect the privacy and personal data of European Union citizens.

Implications for website backups

The RGPD requires you to obtain the consent of your users⋅trices to retrieve the personal data stored in your backups. Normally, you already have this consent in place as it is the same data as that stored on the server that hosts your website.

Another constraint is to keep only the data you need for your activities.

Finally, the data must be secure, so as to limit the leakage of sensitive data as much as possible. So you can’t make copies and store them in the cloud for free access. It sounds obvious, but it’s worth pointing out that it’s also a question of the general security of your website.

Right to erasure

An important criterion to be respected in the GDPR is the right of users to delete their online data. For sites with a members’ area, it is essential to offer an option for deleting the account and personal data in the members’ area. If this option is not available, your privacy policy should specify how you can be contacted (by email, for example) to make this request.

This also applies to backups, of course. If you ignore this and restore your site from a backup made to delete an account, the account will reappear … A bit of a problem, isn’t it?

Does deleting a particular account from a backup seem too complex? Simply create a new full backup after deleting the account in question and discard the old ones, which are no longer usable.

Choosing your storage space

If you choose to back up your website to a server located, for example, in the United States and belonging to Alphabet (Google’s parent company), in other words if you use Google Drive, you are not making it easier to comply with the GDPR.

The data is stored in the clear, outside Europe, and is subject to the conditions of use that you fully accepted when you created your Google Account.

This solution is therefore not a good choice in terms of GDPR. The same applies to many popular online storage solutions.

Prefer servers located in Europe with a good data confidentiality policy, encrypted and secure.

My website backup strategy

I would now like to present the typical strategy that I put in place for all my clients whose websites I manage on a daily basis.

Daily full back-ups

I automatically make full backups every day, with 30 retention backups.

These are full back-ups, carried out on a server based in Europe and powered by 100% renewable energy.

Additional backup

I automate a new backup in addition to the previous one, depending on the needs of the site. For a site that doesn’t change much, a weekly backup will be sufficient, for example.

I use incremental backups as soon as more frequent changes are made. They have the advantage of taking up very little space and keeping only what is strictly necessary. As far as the database is concerned, it is systematically backed up in its entirety every time.

This second backup is sent to my encrypted Nextcloud instance, which is also powered by renewable energy.

The retention of this new backup depends on its frequency, but it allows you to restore a site even further back in time.

The final layer

In addition to the two previous copies, I’m making a final one.

My Nextcloud instance is synchronised with my work computer, which is also powered by renewable energy from EnerCoop, and is also root-encrypted to prevent any possibility of data leakage in the event of theft.

I therefore have 3 copies to guarantee my customers the closest possible restoration if necessary.

My customers can access their back-up files on request via a secure link.

Backup restoration is included in my web management packages, so they don’t have to deal with all the technical aspects!

Rollbacks

Finally, during WordPress updates, I carry out what are known as rollbacks. These are simple backups of the state of an extension (or a version of WordPress or a theme) just before it is updated. This makes it easy to go back in time without having to restore an entire website, in the event of problems following an update.

Conclusion

Together we have seen the essential points to consider when setting up a backup policy for a website.

We’ve seen why this is a serious subject that shouldn’t be neglected, and why a poor backup strategy can be very, very costly to a company if something goes wrong.

I hope that these points have helped you to better understand this complex subject.

Don’t hesitate to contact me if you’d like to talk things over, or take a look at my web outsourcing offers if you’re looking for a professional to delegate the security of your business website to.