Website Backup

As a computer user, you are undoubtedly aware of the importance of backing up your files, to protect against accidental deletion or computer theft or house fire or any other possible danger. But if you have a website, then you might not realize that the same is true of the files that constitute that site. They too are vulnerable to accidental erasure, theft of the web servers, and fire or flooding of the host company's building. In addition, that hosting company may go out of business and provide little or no time for their (already distressed) customers to download their website files and databases, in order to rebuild their websites on alternate hosting platforms. Even more commonly, if the hosting company is not keeping their server software and firewalls up-to-date with the latest security patches, or your FTP credentials are somehow compromised, then your site's files could become infected with malware.

Fortunately, most web hosting companies nowadays have in place robust and audited measures for creating regular backups of the websites and databases residing on their machines. However, that is evidently not true for all of them. For instance, one of my clients owned several legacy websites that had been neglected for some time. They were hosted by a small European firm that apparently hadn't bothered to create any backups or to send archive copies of the site's files to my client. I learned of the existence of these sites only when my client asked me to bid on the project of building new versions of at least one of the sites. It turns out that the sites' PHP files had become completely infected with malware and deemed beyond repair by the hosting company, which then tried to"solve" the problem by deleting all of the files, without even consulting my client or anyone else. Consequently, the websites were lost and had to be re-created, all because neither the client nor the hosting company had bothered to establish a sensible backup strategy.

In cases like this, the website owner will scramble to contact the original developer of the site, in the (usually vain) hope that the developer happens to have kept a copy of the site files. Unfortunately, even if the developer has those files and even a copy of the database as well, the latter and perhaps the former will be woefully out of date for any site that has undergone significant modification since its initial release or is a dynamic site that stores changing product and customer information. The owner, now desperate to get at least some sort of site available to the public, will likely search for a new designer/developer. Once the replacement has earned the trust of the owner, and builds a competent site, then the issue of backups may again be neglected amidst the never-ending pressure of business, and thus the risky cycle of inadequate backups may continue.

Just as it is important for you to consider how you would respond if you were to lose your web developer, you should do the same for the possibility of losing your website. Find out what the hosting company and your developer are doing to mitigate all these possible risks. Are they taking and saving database snapshots as well as backing up the site files? How frequently? Are any backups saved off-site, and if so, are they encrypted (to protect any confidential information should the backups be stolen) and how frequently are those backups made? What measures are the hosting company and your developer doing to prevent intrusion by attackers, both external and internal (e.g., a disgruntled employee)? Does the hosting company utilize the services of white-hat hackers and other intrusion specialists to test the strength of the existing security measures? As the website owner — especially if you are not technically proficient — what exactly are the steps that you would take in order to restore your site as quickly as possible to its most recent archived state?

One sign of an excellent web developer is that he or she will make regular backups of the site files and database even if the hosting company is purportedly doing the same, and will happily send them to you if you request them. Seek answers to these questions — as well as any others you can think of — now, while you still have a working website, and not after some unexpected disaster. Do not be concerned that your developer might misconstrue your questioning as distrust. (In fact, if that's the case, then you will have learned that it is time to replace that developer as soon as possible.) Any hurt feelings on their part are far less important than the critical value of your website to the future of your business. If you have made the mistake of allowing any part of your website to be proprietarily controlled by the developer or anyone else, then insist upon all of the source code and instructions for rebuilding the site to be deposited with a source code escrow company, which will send you those files upon the death or other incapacitation of the developer. Should that occur, it likely would take time and effort to rebuild your website, but at least your new developer should have a firm basis upon which to re-create the site, instead of starting with a blank slate.

Any website worth building is worth protecting against catastrophic loss, and that requires some sort of contingency plan. Even if disaster never strikes, at least you will have the peace of mind of knowing that you are in a much safer position regardless of what happens and you will be able to minimize any possible disruption to your customers and other site users.

Copyright © 2024 Michael J. Ross. All rights reserved.
bad bots block