Website Backups – 9 Critical Best Practices

Safety net

Stop everything you’re doing on your website right now and ask yourself this question: Is everything backed up? If the unthinkable happened in the form of a compromise to your site, could you restore from a reasonably recent website backup? If not, you’re looking at the difference between a half-hour inconvenience and the potential of days of headaches. You might end up restoring an entire site from scratch or, at best, bits and pieces of previously saved work. Some tough love: many people think they don’t need website backups. They’re wrong.

Why are website backups critical?

Cleaning up your website after a compromise is a pain, especially when you don’t have the original files. In most cases, it’s difficult to determine how or when a compromise happened. Attackers can deface websites in a variety of ways, such as replacing an index page, injecting malicious code in files, or adding a lot of junk data to a database. Depending on the compromise, you might not detect it right away — did it happen yesterday or 18 months ago?

All of those scenarios have two things in common: they require a lot of time to resolve, and they could be prevented with good backups. Often, it’s easier to not obsess about cleaning up the content but, rather, to restore from a known good point. Then re-introduce clean content to bring your website back up to date.

Best practices for strong website backups

Good backups have a number of key attributes and strategies that should not be overlooked:

1. You should always start from a baseline, or a full website backup of everything from a known good point. While nothing is perfect, do your best to ensure your baseline is clean and complete. In the worst case, restoring a website from a baseline should be something you can do and not have to worry that you’re not getting a solid, clean restore.

Often, the best time to create a baseline backup is right after provisioning a new website — sometimes even before you start work customizing it.

2. Only replace your baseline with care. Some people backup a site weekly, some people do it monthly, or even quarterly. However often you do it, if you’re removing old baseline backups in favor of new ones, ensure you’re comfortable that you always have a clean, confident baseline. Establishing a new baseline every time you make a major milestone in your website’s development is a great idea. As long as you’re confident that you’re doing so deliberately and cleanly.

3. Archiving older baselines is also a great idea. Yes, this sounds like “backups of backups,” but it gives you the ability to restore from milestones.

4. Between baselines, do either incremental or “snapshot” backups. Snapshots are much like a baseline, though they often do not include content that doesn’t change, like graphical components of your site. If you find a compromise, you might be going back over these, one at a time, to reconstruct a history of changes to determine when your compromise happened.

5. Be aware of changes and have a way to be able to tell the difference between website backups so you can see what changed between incremental backups as well as the differences between your last backup and your current site.

6. Keep your website backups someplace safe. Often this is handled for you by your Web host, but there’s also no reason you can’t download your backups and keep them on your local machine.

Remember the adage, “a little paranoia never hurt anyone.”

7. Practice restoring. This might seem silly, but in the case of a compromise, if you had to restore your website, could you? Are you prepared and confident that you could actually make use of your website backups? If not, why not practice? Provision a new site and restore one of your backups to it and make sure it works. Do it on a different domain, of course — don’t nuke and restore your actual site just for the fun of it.

8. Be liberal in what you back up. Be conservative in what you delete. Much is made of having to clean up after a compromise. However, if we’re being honest, sometimes a restore is required because of simple human error. Such as deleting a key directory by mistake. Relax, it happens. Be prepared for it.

9. Ask for help! Einstein is said to have remarked that many things seem impossible until you know how to do them, at which point they’re trivial. Make backing up and restoring trivial by getting help from either a knowledgeable friend or your helpful GoDaddy support representative. Protect your website from the unexpected with GoDaddy’s Website Backup service, featuring automatic daily backups and one-click restore.