Website backups: 4 ways to protect your investment

howsecure

Your website is the culmination of many years hard work and toil. You’ve invested time and money in building and promoting your site. And the site is your store front on the internet. But imagine if, overnight or almost instantaneously, all of this goes to waste and your website data is lost? Unfortunately I see this happen on an almost daily basis, says guest author Matt Russell, CEO of WebHostingBuzz.

At WebHostingBuzz, we regularly highlight the importance of good data security (ie, backups!) to both our clients and anyone reading our blog or following our social media channels (we’re on Twitter and on Facebook).

Sadly, this advice often falls on deaf ears. So we’re releasing a range of guides/advice on partner blogs to try and encourage better backup practices.

First, let’s take a look at the reasons why data loss can happen. The most common causes are:

  • Hacking. Hackers are constantly looking for new ways to exploit and gain access to websites. Once a hacker has access to your website, you can be sure he isn’t trying to optimize your HTML code for SEO. Hackers will often deface websites, install Trojans or poison them with malware. WordPress and Joomla are particularly vulnerable, just because they are so popular. New exploits come into the wild on an almost daily basis that can harm or kill your website.
  • Hardware issues. A good hosting company will have RAID-protected hard drives in their servers, giving redundancy if any one hard disk is to fail. But there are plenty of not-so-good web hosts who skimp on hardware, use older hard drives and may not use RAID at all. Even the good web hosts that use RAID carry some risk; although it is unlikely, a RAID card can go bad and corrupt data on all of the hard drives.
  • User error. We’re humans and mistakes can be made. It’s possibly to delete or over-write important areas of your website causing the website to break, and giving you a lot of stress!

Unfortunately, I witness the above all too often. While my goal of this post isn’t to talk about us, I’m going to use us as an example to highlight the risks.

We give users a range of tools to protect and backup their website. We also employ the best firewalls in the business and have a huge collective of experience in maintaining and securing our servers. But if a user sets a username of “Joe” and a password of “111” or even “password”, you can bet your bottom dollar, pound or euro that it doesn’t take much of a brute force script to gain access to his growing WordPress blog.

So I’ve written the following advice in easy-to-follow format, designed to help you improve your website data security.

  1. Choose a web hosting provider that invests in it servers. I suggest you choose one that has a minimum of RAID10, preferably hardware and with a BBU (battery backup unit). This means if a hard disk is to fail in the host’s server, the server can remain online and in a functional state while the disk is replaced.
  2. Create multiple backups of your own website. Store some of these locally, and free services like Dropbox let you store this information on the cloud so you don’t suffer if your local computer dies. You can never backup too often and if you are using popular FTP clients and backing up pure site data, you can easily use the scheduling functions to do this automatically.
  3. Use the tools that your hosting provider gives you. In cPanel, it’s easy to create and download full website backups (that you can store locally and also on Dropbox). At WebHostingBuzz, we’re partnered with CodeGuard, a unique but simple way to incrementally backup your site. This adds an extra level of protection and means our users can backup/restore their site in seconds.
    If your hosting provider doesn’t integrate with CodeGuard, you can still sign up with them directly and supply CodeGuard with your FTP details so they can backup your website data.
  4. Practice good password security. Use long and hard to guess passwords. The likes of LastPass and Roboform mean you don’t need to remember these; you can store them securely with either of these password managers.
    Don’t share your password. Create separate user logins for your webmasters or agencies involved in publishing your website. Always login on a secure connection (https, sftp) when you’re accessing your control panel, WordPress admin or FTPing to your site. Your hosting company will probably provide you with a shared SSL certificate but even if they don’t, you can grab a cheap SSL certificate for under $10 from the likes of CheapSSLs.com.

Matt Russell is CEO of WebHostingBuzz, a global web hosting company that operates in the US and in Europe. WebHostingBuzz serves clients in 146 countries from its 6 data centres around the world. Matt has been in the hosting industry for over 10 years and enjoys writing about hosting, security, web marketing and more. Connect with Matt on Twitter: @mattdrussell. [Disclosure: WebHostingBuzz is a sponsor of NevilleHobson.com.]