A provider can honestly say “we take daily backups” while leaving the owner unable to recover. The copy may include files but not the database, remain inside the disabled hosting account, omit DNS and email routing, expire before a slow corruption is noticed, or require a technician whose contact information is outdated. Backup claims become useful only when scope, independence, retention, access, and restoration are defined.

Recovery is also a business decision. A brochure site, appointment system, membership portal, and online store have different change rates and customer consequences. The owner should define which functions matter first and how much recent data can be recreated, instead of copying another company’s schedule or assuming every page must return at the same time.

Separate backup, restore, and recovery

Backup questionRecovery question
ScopeWhich files, databases, records, and settings were copied?Which customer and business functions can those items re-create?
TimeWhen was the last successful copy?How much data loss is tolerable and how long can each function be unavailable?
LocationWhere are the copies stored?Can an authorized person reach them if the primary host, identity account, or provider is unavailable?
IntegrityDid a job report success?Can the selected version be restored and does the recovered service behave correctly?
ResponsibilityWhich tool creates and retains the copy?Who declares recovery, contacts vendors, chooses the version, validates it, and communicates?
SecurityIs the copy protected from unauthorized access or change?Can recovery avoid restoring compromised code, exposed secrets, or an unsafe configuration?

NIST SP 800-34 describes contingency planning as a coordinated strategy involving plans, procedures, and technical measures and includes business impact analysis, contingency strategies, plan development, testing, training, and maintenance. It was written for federal information systems, so a small business should adapt the concepts proportionally rather than claim federal compliance from a website checklist.

Inventory what the website depends on

The recovery package extends beyond what a browser displays.

Asset or dependencyPossible recovery sourceQuestion to answer
Code, theme, templates, and build configurationVersion-control repository, platform export, deployment artifact, or verified file backupCan the exact supported version be built or redeployed without the original developer’s computer?
Database and CMS contentDatabase dump, platform backup, CMS export, or provider snapshotDoes the copy preserve relationships, authors, settings, URLs, and current data formats?
Media and downloadable filesObject storage copy, media export, or file-system backupAre original files present, not merely generated thumbnails or broken external links?
Forms, orders, members, and customer recordsApproved application export or system-of-record backupWhich data is necessary, sensitive, retained lawfully, and recoverable in the correct system?
DNS and domain configurationExport, recorded zone, registrar inventory, and screenshots as secondary evidenceCan the business identify the registrar, authoritative DNS, records, contacts, locks, and renewal state?
Redirects, canonical logic, and SEO configurationApplication rules, server configuration, CMS export, and crawl inventoryWill existing public URLs and search signals still reach the intended content?
Integrations and secretsDocumented connection inventory and approved secrets managerWhich systems need new credentials rather than restoring an exposed key from a backup?
Accounts, billing, and vendor supportBusiness-owned access register and contract recordsWho can authenticate, pay, escalate, transfer, and recover each service if the usual administrator is unavailable?

Platform backups have platform-specific boundaries. Webflow’s backup documentation, for example, describes site backups and restoration within Webflow; WordPress documentation describes files and database components. Neither should be generalized to a different stack. Read the current provider’s documentation for included data, retention, export, restore behavior, plan limits, and what happens after cancellation.

Create a recovery inventory without exposing secrets

01

Draw the customer path

Follow domain and DNS through hosting, CDN, application, forms, payment or booking, email, CRM, analytics, and staff response. Mark which systems are authoritative for each record.

02

Assign an owner to each asset

Name a business role and technical provider for backup configuration, monitoring, retention, restore, credential rotation, and validation. Avoid relying on one person’s memory.

03

Record recovery evidence

Keep provider names, account owners, support routes, configuration exports, version identifiers, and restore instructions in a protected location. Reference secrets rather than copying passwords or private keys into the plan.

04

Classify data appropriately

Identify sensitive, regulated, contractual, operational, and public information so encryption, access, retention, deletion, and restoration follow the organization’s approved requirements.

05

Identify missing exports

If a hosted tool cannot provide a complete export, document the limitation, alternate records, migration path, and business decision. Do not discover platform lock-in during an outage.

Set frequency and retention from business impact

Recovery point objective, or RPO, expresses the maximum targeted period of data loss for a disruption. Recovery time objective, or RTO, expresses the targeted time to restore a function. They are planning targets, not guarantees. A site updated monthly may tolerate an older content copy, while orders or reservations change continuously and may require a different system, replication, or reconciliation process.

Connect the schedule to the rate and consequence of change.

Content or functionChange pattern to examineRecovery decision
Static marketing pagesPlanned releases and occasional editsBack up at meaningful change points and on a schedule that covers unnoticed errors
Blog or CMS libraryEditor publishing and revisionsChoose frequency and version retention based on publishing pace and correction needs
Leads and form submissionsUnpredictable customer activityPrefer a dependable system of record and export or recovery path; do not assume a website snapshot includes delivered leads
Orders, bookings, or accountsContinuous transactions and state changesUse the application provider’s supported continuity and reconciliation capabilities; a nightly page backup may be irrelevant
Code and configurationDeployments, plugin updates, infrastructure and integration changesCreate versioned change records and known-good recovery points before risky releases
Domain and DNSInfrequent but high-impact changesRecord and protect the current state, then capture every authorized change and account handoff
  • Keep enough versions to recover from an error or compromise discovered later, not only the most recent state.
  • Protect at least one recovery path from deletion or encryption through the same credentials and system as production.
  • Use offline, immutable, or otherwise separated copies when the risk and platform support justify them, and test the actual controls.
  • Encrypt backups according to data sensitivity and protect the keys and recovery access separately.
  • Monitor failed, partial, unusually small, or stale backups and route alerts to a current owner and backup owner.
  • Define secure expiration and disposal so old customer data does not persist indefinitely merely because storage is inexpensive.

The familiar “3-2-1” approach—multiple copies, different media or systems, and an offsite copy—can start a conversation, but it is not proof of recoverability. Cloud copies controlled by one compromised identity may fail together. A separated copy without credentials or documentation may be unreachable. Design from likely failures and test the boundaries.

VISUAL CHECKPOINT · TechnologyA successful backup job is not a successful restore

Logs can show that data moved without proving that every dependency is present, the copy is usable, credentials are available, or the restored site passes business tests. Schedule restore exercises before an emergency.

Protect backups as sensitive production assets

Fragile backup arrangementResilient recovery arrangement
IdentityThe same shared administrator can delete production and every copyNamed accounts, least privilege, strong MFA, separated recovery authority, and logged changes where supported
ProviderAll backups exist only inside the hosting accountA supported independent recovery path covers provider or account loss according to the risk
SecretsPasswords and private keys are copied into every archive and runbookSecrets follow an approved management and rotation process; the plan references how authorized people retrieve them
RetentionEach new copy immediately replaces the previous oneVersioned retention covers both rapid rollback and delayed discovery within approved data limits
TestingA green dashboard is treated as proofRepresentative restores and business validation are scheduled, documented, and corrected

CISA’s business and ransomware guidance recommends protected backups and restoration testing among broader resilience measures. A backup repository is valuable to attackers because it can contain code, credentials, customer data, configuration, and a path to erase recovery. Restrict and monitor access according to its sensitivity; do not expose it through a public file link or a former vendor’s account.

Test a restore before calling the plan complete

Run a safe restoration exercise

01

Choose a scenario and target

Restore one deleted page, a known site version, or the full service according to the exercise. Use an isolated environment or provider-supported method that cannot overwrite production accidentally.

02

Start with the on-call materials

Have the designated person use the current access register, instructions, support routes, and backups without relying on the original builder’s undocumented knowledge.

03

Record elapsed and blocked time

Measure waiting for access, downloads, imports, DNS, vendor support, credential reset, build, and validation separately. Compare the result with the stated recovery targets.

04

Validate the business path

Check representative URLs, navigation, media, forms, email, booking or purchase in an approved test mode, integrations, redirects, authentication, accessibility, performance, analytics, and staff handoff.

05

Prove data boundaries

Confirm the restored version and expected missing interval, verify that sensitive data and access are appropriate, and reconcile transactions that occurred outside the recovered copy.

06

Update the plan

Correct instructions, ownership, retention, export gaps, alerting, and targets. Record the exercise date and outcome rather than changing a review date without testing.

Write the recovery playbook around decisions

A short usable plan is better than a long document nobody can activate.

DecisionNamed informationApproval
Declare and classify the eventSymptoms, affected functions, evidence, recent changes, and escalation thresholdIncident owner and alternate
Contain or fail overSystems or access to isolate, temporary page or customer route, and evidence-preservation stepsTechnical and business authority
Select a recovery pointAvailable versions, integrity evidence, known incident window, and accepted data-loss intervalSystem owner and data owner
Restore in priority orderDomain, DNS, certificate, hosting, application, data, integrations, email, and customer functionsRecovery coordinator
Validate and returnTechnical checks, business transactions, accessibility, security, data reconciliation, monitoring, and rollback criteriaNamed production-release authority
CommunicateInternal contacts, vendors, customers, insurers, counsel, and authorities as applicable to the factsAuthorized communications and legal roles
ReviewRoot cause, control changes, missed records, costs, owner actions, and next exerciseBusiness leadership and responsible providers

Provider loss belongs in the plan even when no technical incident occurs. The guide for when a web designer disappears explains how to recover domain, DNS, platform, billing, analytics, and records calmly. A good backup reduces dependency, but business-owned access and exportability are what make the copy usable.

Web Respawn’s website care plans can define ongoing backup, monitoring, update, and recovery responsibilities for the website layer. The platforms, hosting, and ownership hub connects continuity planning with domains, hosting, security, maintenance, and provider handoff.

How often should a small-business website be backed up?

Base frequency on how quickly each asset changes and how much loss the business can tolerate. Static pages, code releases, CMS content, leads, orders, and bookings may need different mechanisms. Also back up before risky changes and retain enough versions for delayed discovery.

Does my hosting provider’s backup mean I am covered?

Not until you verify scope, frequency, retention, account dependence, restore process, plan limits, cancellation behavior, and a real test. A provider snapshot may be useful but omit external DNS, email, leads, SaaS data, repositories, credentials, or an independent path after account loss.

Should website backups be stored offsite?

A recovery path separated from the primary failure is often valuable. “Offsite” alone is not enough: consider identity, provider, region, mutability, encryption, keys, retention, export format, and access during an incident. Choose separation according to the system’s risk and test it.

Can I restore a backup after a website is hacked?

Possibly, but do not assume the newest copy is clean or that restoration removes the original access path. Qualified responders should determine the incident window, preserve evidence, select and validate a recovery point, rotate affected credentials, patch the cause, reconcile data, and monitor the recovered service.