Imagine you have a website that receives a good supply of traffic, converts a decent percentage of those visitors to customers and provides your bank account with a healthy stream of income. Now imagine that the website, its domain name, and all the email accounts connected to the site disappear in an instant and you cannot restore it.
No website to trade from, no visitors converted to customers, no way to contact your customers, no income.
A Real Catastrophy
During the last couple of weeks this nighmare has been happening to a number of businesses. All due to two facts. The website was hosted with a company that is capable of huge errors and, most importantly, the website owners had no backup to use to restore their websites.
On 16th April the hosting company 123-Reg started a clean up process on its servers. This included their virtual private servers. These have many of the features of the more expensive dedicated private servers, where only your websites are stored and no on else’s. Storing your website this way makes it more secure from being influenced by other websites, but it can be very expensive.
A cheaper alternative is a virtual private server (VPS). This hosts hundreds of websites while mimicking the functionality of a private server. Unfortunately the script used in the clean up process included some code that identified some live VPSs as empty and therefore effectively deleted them.
A total of 67 servers were affected. There has been no statement about how many websites have been affected, though the company has been emphasising it’s a small proportion of the 1.7 million UK sites that they host. To make things worse 123-Reg does not keep backups of customer data.
As you can imagine there has been scathing criticism of 123-Reg on social media. While some businesess have effectively disappeared, 123-Reg has suffered a colossal drop in customer and industry confidence.
The catastrophy seems to be down to a combination of human error, poor processes in auditing scripts, and insufficient hardware capacity.
So, could you have coped if this had happened to your hosting company, or would your online business have disappeared without a trace?
The key to being protected from such events is having a good disaster recovery strategy and maintaining separate personal backups.
Backup Best Practices
The idea is simple. In order to make sure your data is safe, you make a copy of it. If something happens to the original copy you can always use your backup copy. Any damage can be easily undone by replacing or restoring from your backups.
Any backup solution should have the following four features:
You shouldn’t consider data as backed up unless there are at least two copies of it. You should store these copies separately. Ideally you should have one copy stored completely offline, on something like a Smart Card, portable hard drive or compact disc. However be aware that this hardware will need to be replaced regularly as each has a finite accurate data retention lifespan. With data stored offline there is a minimum risk of malware infection and you can be sure that it is truly disconnected from your online copy.
- Secure locations
Don’t store backups on the web server. Apart from the possibility of some calamity occuring with your web host the backups could contain old software that is vulnerable, and because they are in a publicly-accessible location, they could be exploited.
Backups should be stored offsite and, as the 123-Reg disaster shows, not on the same server as your website. Other scenarios that make a server based backup useless include infection from malware and malicious attack. If you are using a WordPress plugin to make backups make sure you download a copy of each backup to your computer immediately. Off-site backups help protect your data from attackers and it also helps protect against hardware failure.
If there is no automation there is no guarantee that backups will be made. Without an automated system many people tend to forget or become lazy when it comes to making backups, especially if the website has been problem free for some time. Decide how often your data should be backed up and make sure the automated schedule is good enough. There may be some critical data that needs to be backed up more regularly than your site’s static data.
It’s no use having backups if you can’t use the data to recover from a potential disaster. You need to regularly test that you have a practical solution by doing a test run. Using a test domain and only the files from the backup make sure you can get your website online.
This won’t necessarily mean a full restore. If an error occurs in one file that affects your whole website you can recover by simply replacing the single file that contains the error. This is much quicker than a full site restore. So make sure you know how to replace as well as restore, or that you have easy and quick access to someone who does.
Some website owners who lost their sites in the 123-Reg disaster were back online within hours of realising the extent of the hosting error. That was because they had a practical disaster recovery strategy that included secure, up to date backups. If you are serious about your online business but you could not have been one of those who recovered quickly, it’s time to take a close look at your backup strategy.