Let’s Talk About The Backup Strategy

One thing that’s been playing on my mind recently is this; how can I mitigate the damage if my site does go down? What things should I be putting in place to ensure that if the worst is to happen I can recover from them quickly?

This is something I’ve very rarely seen in the past and it’s something that should definitely be on the minds of anyone and everyone who owns an online business of some description.

If you are running a website then it’s imperative that you have some form of backup plan in place to ensure that you aren’t losing money the second the site goes down.

The Backstory

When I was just getting started in web development and managing my own sites I thought nothing could go wrong, I’d spent countless hours building my personal site into something that was making me a decent bit of pocket money. From the various reviews of gaming peripherals I’d done I was able to rack up a 3 digit cheque every month, this definitely wasn’t bad for someone who was still in highschool at the time.

Unfortunately though, disaster struck and I was hacked by someone from the middle east. Some person or group had absolutely ruined the year of hard work I’d spent building my own personal site and there wasn’t a thing I could do to fix it. I’d lost most of the content and in the blink of an eye my $$$ cheque disappeared never to return.

As you can imagine, I was gutted. Without a second thought, someone had entered my life and ravaged my small enterprise and looking back, I’m glad they did.

What it did was give me an appreciation for just how easily a site can get hacked and it gave me a deeper understanding into how I could secure my site and ensure that this wouldn’t happen as easily again. It also gave me an appreciation for just how important a backup plan is.

Protecting Your Site — What Are The Options?

  1. Take Regular Backups — Seriously, this is THE most important thing you can do. There are loads of different tools that will automatically do this for you and I implore you to look at these and start doing daily/weekly/monthly backups depending on how often things are updated on your site. Packages like https://github.com/spatie/laravel-backup for Laravel sites are excellent at streamlining this process for more complex sites.
  2. Test your backup strategy during quiet times. If you go through the motions and practice doing a full recovery of your site then it’ll be simple if and when the time does come that you have to do the real thing. Cover the worst possible scenarios, what would happen if you lost the server? Do you have a secondary server sitting there set up and waiting?
  3. Can you automate the deployment process? Have you got a jenkins server or continuous integration strategy in place that would be able to completely redeploy your site for you? This could be a potential lifesaver, if you’ve got a complex site, then defining a job that does everything for you can save you hours of debugging potential bugs. If you’ve not heard the news Jenkins 2.0 was just recently released so I recommend you check it out: https://jenkins.io/2.0/
  4. Store your backups in an off-site data center. Seriously, if you store a backup on the same server as your site and you lose the entire server then you’ve just lost everything. Protect yourself by getting several layers of redundancy. Store it in google drive, in private github repos, subversion repos, off-site hard drives, secondary servers or anything you can to ensure that if one site is destroyed, you’ve still got 2–3 backups. It’s highly unlikely you’ll lose more than 1 site at a time but it does happen so I suggest having 3 backups at a very minimum.
  5. Micro-service your site. If you’ve got a huge website that’s currently serving millions of people every day then it could be an idea to turn your site into a series of micro-services. If you haven’t read up on this style of architecture then I’d encourage you to do so. Netflix currently employs this style of architecture for their backend and as server demand increases on their site, they spin up more instances of their microservices. With this style of architecture they are far more resilient to things failing as they’ll always have x other instances of a service running at all times. These guys have actually built a Chaos Army which basically goes around their site and tries to cause as much damage as possible in order to test their resiliency. They’ve got an excellent write up about their chaos army here: http://techblog.netflix.com/2014/09/introducing-chaos-engineering.html
Chaos Monkeys at Netflix Purposefully Damage the Site.

Amazon S3 : https://aws.amazon.com/s3/ — This is probably one of the best options you have when it comes to safely storing backups of your site. If you have a simple wordpress site then I know that Backup Buddy will automatically take care of sending your backups into S3.

Don’t Let Your Livelihood Die

Seriously, don’t be like me, don’t lose your pride and joy and have no possible backup strategies. If you haven’t already looked into and implemented a concrete backup strategy then do it now. It could be the most important decision you make today.