Backups Explained (Beginner)
> Backup success is not “I have a backup file.” Backup success is “I restored it and it worked.”
1) What a backup is (simple definition)
A backup is a copy of important data that lets you recover after mistakes, hacks, updates gone wrong, or hardware failure.
2) The 3 questions you must answer
- **What** are we backing up?
- **How often** (and how far back) do we need to recover?
- **Where** are backups stored (and who can access them)?
3) What to back up (beginner checklist)
For a typical website/app server:
- Website files (uploads, `httpdocs`, static assets).
- Databases (MySQL/PostgreSQL) and credentials.
- App configuration (environment variables, `.env` equivalents, config files).
- Server configuration (Nginx/Apache configs, SSL cert locations if not auto-managed).
- DNS records inventory (especially email auth: SPF/DKIM/DMARC).
4) RPO and RTO (two terms worth learning)
- **RPO** (Recovery Point Objective): how much data you can afford to lose (e.g., 24h, 1h).
- **RTO** (Recovery Time Objective): how fast you must be back online (e.g., 30 min, 4h).
5) Common backup types
- **File backup**: copies files and folders (good for websites and uploads).
- **Database dump**: exports DB data (portable, reliable).
- **Server snapshot**: fast rollback of a whole VM (good, but don't rely on it alone).
6) The 3-2-1 rule (recommended)
- Keep **3 copies** of your data.
- Store on **2 different media/locations**.
- Keep **1 copy off-site** (different provider/region/account).
7) Scheduling (simple starter policy)
- Daily backups for most small sites.
- Hourly backups if you accept orders, receive frequent form submissions, or update content often.
- Retention suggestion: 7 daily + 4 weekly + 3 monthly (adjust to budget).
8) Restore testing (non-negotiable)
At least once per month:
1. Restore to a **staging** domain/server.
2. Verify the site loads and the database is consistent.
3. Confirm logins work and key flows (checkout/login/contact forms).
9) Plesk: where backups usually live (conceptual)
In Plesk you typically configure:
- a schedule (daily/weekly),
- what to include (files + database),
- and a remote storage target (recommended) like S3/FTP storage.
10) Common mistakes (and why they hurt)
- Backups stored only on the same server → ransomware or disk failure wipes both.
- No restore tests → you discover corruption only during an incident.
- Backing up the DB but not uploads → “site works” but images/files are missing.
- Backups not protected (weak credentials) → attackers delete or encrypt them.
11) Quick checklist (print this)
- [ ] Backups run automatically and send alerts on failure
- [ ] At least one off-site copy exists
- [ ] Restore tested within the last 30 days
- [ ] Retention matches your RPO/RTO needs
What to learn next
Page changelog
Last updated
- 2026-01-18—Initial or baseline update for this page.
Related articles
Security
SSL/TLS Certificates (HTTPS Basics)
What HTTPS really does, what certificates are, and how to get one (including Let's Encrypt).
Security
Troubleshooting — Fast Checks and Fixes
A practical checklist for diagnosing deploy failures, 502s, TLS issues, disk pressure, and performance problems.
Security
Hardening Docker Container Environments
Best practices for securing Docker daemon, images, and runtime environments in production.
Security
Setting Up a WireGuard VPN
A modern, high-performance VPN tunnel to secure your connection or access private networks.
Was this page helpful?