Estratégia de backup do site: a regra 3-2-1 e por que ela importa

Every website faces threats that can cause data loss: hardware failures, software bugs, human error, cyberattacks, and natural disasters. The question is not whether you will experience a data loss event, but when. According to the National Cyber Security Alliance, 60% of small businesses that lose their data shut down within six months. Even for larger organizations, a significant data loss event can cost tens of thousands of euros in lost revenue, recovery labor, and reputational damage. Backups are the single most cost-effective insurance policy any website owner can invest in.

Despite the clear importance, backup failures remain alarmingly common. A 2025 survey of small business websites found that 38% had no automated backup system in place, and of those that did, 25% had never tested a restore. At GRADAX, we have encountered clients who believed their backups were running for months, only to discover during an emergency that the backup jobs had been silently failing due to disk space issues, expired credentials, or misconfigured schedules. The false sense of security that comes from an untested backup is arguably worse than having no backup at all.

The cost of implementing a reliable backup strategy is trivial compared to the cost of recovery without one. A professional backup and recovery solution typically costs between 10 and 50 euros per month depending on the data volume and retention requirements. Manual recovery from a catastrophic data loss — rebuilding a website from cached pages, screenshots, and memory, can take hundreds of hours and rarely produces a complete restoration. The math is unambiguous: invest in backups before you need them.

The 3-2-1 backup rule is a time-tested framework that provides resilience against virtually every type of data loss scenario. The rule is simple: maintain at least three copies of your data, store them on at least two different types of media, and keep at least one copy offsite. This strategy ensures that no single point of failure, a disk crash, a ransomware attack, a data center fire, can destroy all copies of your data simultaneously.

In the context of website hosting, the three copies typically consist of: the live production data on your web server, a local backup on a separate volume or server within the same data center, and a remote backup stored in a geographically separate location. The two different media types might be NVMe SSD for the local backup and object storage (like S3-compatible storage) for the remote copy. The offsite requirement ensures that even a catastrophic event affecting your primary data center, power failure, flooding, or fire, leaves at least one recoverable copy intact.

We have extended the 3-2-1 rule at GRADAX to what we call 3-2-1-1-0: three copies, two media types, one offsite, one immutable, and zero errors in backup verification. The immutable copy is critical for ransomware defense. Immutable backups cannot be modified or deleted, even by an attacker who gains administrative access to your systems. The zero-error verification means every backup is automatically tested for integrity — we do not assume a backup is good just because the job completed without an error code. This enhanced approach provides comprehensive protection that the basic 3-2-1 rule alone cannot guarantee.

Full backups capture the entire website: database, application files, configuration files, media uploads, SSL certificates, and server settings. They are the most comprehensive but also the most time-consuming and storage-intensive. A full backup of a typical WordPress site with a 5 GB media library takes several minutes to complete and consumes 5 GB or more of backup storage per copy. Full backups are essential as a baseline but running them too frequently wastes resources.

Incremental backups capture only the data that has changed since the last backup, whether full or incremental. They are dramatically faster and smaller than full backups. After an initial full backup, daily incremental backups of a typical website might be only 50 to 200 MB, representing new database transactions, uploaded files, and configuration changes. The trade-off is that restoring from incremental backups requires the last full backup plus every subsequent incremental in sequence, making the restore process more complex and potentially slower.

Differential backups capture everything that has changed since the last full backup, regardless of how many differential backups have been taken in between. They are larger than incremental backups but simpler to restore because you only need the last full backup plus the most recent differential. At GRADAX, we use a hybrid approach: weekly full backups, daily differential backups, and hourly database snapshots. This combination provides rapid point-in-time recovery while keeping storage costs manageable and restore procedures straightforward.

The right backup frequency depends on how much data you can afford to lose, expressed as your Recovery Point Objective (RPO). If your RPO is 24 hours, meaning you can tolerate losing up to one day of data, daily backups suffice. If your RPO is one hour, you need hourly backups or continuous replication. E-commerce sites processing transactions should have an RPO measured in minutes, not hours, because every lost transaction represents lost revenue and potential accounting discrepancies.

For most business websites, we recommend the following baseline: hourly database backups, daily file system backups, and weekly full environment snapshots. The database changes most frequently and is the hardest to recreate, so it deserves the most aggressive backup schedule. File system changes (theme files, plugin updates, media uploads) happen less frequently and can tolerate longer intervals. The weekly full snapshot provides a clean restore point that simplifies recovery and ensures that no configuration drift goes uncaptured.

High-traffic e-commerce sites and SaaS applications with web hosting plans should consider continuous database replication to a standby server in addition to scheduled backups. Continuous replication maintains a near-real-time copy of the database that can be promoted to primary in minutes if the main server fails. This approach reduces the RPO to seconds rather than hours and also provides a read replica that can offload reporting queries from the primary database, improving overall application performance.

A backup that has never been tested is not a backup, it is a hope. The only way to confirm that your backup system works is to perform a complete restoration to a separate environment and verify that the restored site functions correctly. This means importing the database, extracting file archives, configuring the web server, and loading the site in a browser to confirm that pages render, forms submit, and dynamic functionality operates as expected.

We recommend testing backups on a quarterly schedule at minimum, with additional tests after any significant infrastructure change: server migration, major software update, or backup system configuration change. Each test should be documented with the date, the backup used, the restoration time, and any issues encountered. Over time, this documentation builds a reliable estimate of your Recovery Time Objective (RTO), how long it actually takes to restore from backup in a real emergency, not how long you hope it takes.

Automated backup verification reduces the manual effort required for testing. Our platform performs integrity checks on every backup by verifying file checksums, testing database dump imports against a validation instance, and confirming that the backup size falls within expected parameters. If a backup fails any check, an alert is triggered immediately so that the issue can be resolved before the next scheduled backup. This automation ensures that every backup in our retention window is restorable, giving our clients confidence that their backup and recovery system will perform when needed.

Backups are a component of disaster recovery, not a complete strategy. A disaster recovery plan defines the procedures, responsibilities, and resources needed to restore operations after a major disruption. It answers questions that backups alone cannot: Who initiates the recovery process? What is the communication plan for notifying customers? Which services are restored first? What is the acceptable downtime before the business impact becomes critical?

A practical disaster recovery plan for a website should include four elements. First, a prioritized list of services and data, ranked by business impact. The customer-facing website and transaction database are typically highest priority; development environments and analytics data are lower. Second, documented step-by-step procedures for restoring each service, including the location of backups, credentials needed for access, and the expected time for each step. Third, assigned roles and contact information so that the right people are notified and engaged immediately. Fourth, a testing schedule that validates the plan through tabletop exercises or full simulations at least annually.

At GRADAX, disaster recovery planning is included in our website security consulting engagements. We help clients define their RPO and RTO targets, design backup architectures that meet those targets, document recovery procedures, and conduct supervised recovery drills. Clients who have been through a drill recover from real incidents 4x faster on average than those who have not, because the team has practiced the process and identified bottlenecks before the pressure of a real outage.

Manual backups have a single advantage: they require no upfront configuration. You log into the server, run a database dump, compress the files, and download them. For a one-time migration or a quick snapshot before a risky change, this is perfectly adequate. As a long-term backup strategy, however, manual backups are fundamentally unreliable because they depend on a human remembering to perform a routine task consistently, indefinitely. People forget. People leave the company. People assume someone else handled it.

Automated backups eliminate human reliability as a variable. Once configured, they execute on schedule regardless of holidays, sick days, or organizational changes. They produce consistent output because the same script runs every time, reducing the variance that manual processes introduce. They can also integrate with monitoring systems to alert when a backup fails or when storage consumption exceeds thresholds. The upfront investment in configuring automated backups pays for itself the first time it catches a failure that a manual process would have missed.

The most dependable approach combines automated scheduled backups with manual on-demand capabilities. Automated backups handle the daily, weekly, and monthly cycles that ensure continuous protection. Manual backups fill the gaps: a quick snapshot before deploying a major update, an ad-hoc backup before migrating to a new host, or an extra copy before handing off a site to a new developer. Contact us if you need help designing an automated backup strategy that fits your specific requirements and budget.

WordPress sites have the widest range of backup options thanks to the platform's plugin ecosystem. Solutions like UpdraftPlus, BlogVault, and Jetpack Backup offer automated scheduling, remote storage integration, and one-click restoration. However, plugin-based backups have limitations: they run within PHP, which means they compete with your site for server resources and are subject to PHP execution time limits. Large sites with extensive media libraries may experience timeout failures during backup. Server-level backups, which operate outside of WordPress, avoid these constraints entirely and are more reliable for sites with more than 5 GB of data.

For Node.js, Python, and custom application stacks, backup strategies center on two components: the database and the deployment artifacts. Database backups use native tools like pg_dump for PostgreSQL, mongodump for MongoDB, or mysqldump for MySQL, scheduled via cron or a task runner and shipped to remote storage. Application code typically lives in version control (Git), which serves as a form of backup for the codebase itself. The remaining concern is environment-specific data: uploaded files, configuration files, environment variables, and SSL certificates. These should be captured in the file system backup.

Regardless of the platform, we recommend that backup storage be separate from the production infrastructure. If your site runs on a cloud server, do not store backups on the same server or even the same cloud account if ransomware defense is a concern. Use a separate storage provider, a different cloud region, or ideally both. Our backup solutions store encrypted copies in two geographically separate regions with immutable retention policies, ensuring that even a complete compromise of the production environment cannot affect backup integrity. This architecture provides the peace of mind that your data is truly protected against every realistic threat scenario.