Backup & Recovery

Backups you’ll actually need to use.

Most backup setups are never tested until the day they’re needed — and that is the day the gaps are discovered. Our work is the test-restore drill that proves your backups are real, complete, and ready before they are required.

Get a free SEO report → See what’s included

Sub-techniques covered · Daily Snapshots · Weekly Archives · Off-Site Replication · UpdraftPlus · Server Snapshots · DB Dumps · Restore Drills · RPO/RTO Planning

01 — What’s Included

Eight components.
One tested recovery plan.

A backup is not the file in your storage bucket. A backup is the successful restoration of that file onto a working server, in time, before customers notice. Anything short of a tested restore is an assumption dressed up as a safety net.

We treat backup work as recovery work. Every component below exists to answer one question — when something goes wrong, can we put your business back together quickly enough that it doesn’t matter? The answer should never depend on luck.

N° 01

Daily Snapshots

Foundational

Automated daily backups of files and database, captured during low-traffic windows so they don’t compete with real visitors. We configure the schedule, set the retention rolling-window (typically 30 days), and verify each night’s snapshot completes successfully — not by trusting the dashboard’s green tick, but by sampling the archive and confirming it actually holds what it claims to. For WordPress sites we use UpdraftPlus configured against an off-site target; for VPS hosts we use the provider’s snapshot APIs. Either way, the cadence is daily, the verification is automatic, and a missed snapshot raises an alert.

N° 02

Weekly Archives

Long-tail recovery

A daily-only retention strategy fails the moment a problem is discovered weeks after it happened — a slow-draining database corruption, a malware injection that bedded in quietly, an accidentally deleted product page nobody noticed for a fortnight. Weekly archives give you a longer recovery horizon: typically twelve weeks of weekly restore points kept alongside the rolling daily window. Storage is inexpensive; the regret of not having last month’s clean version is not.

N° 03

Off-Site Replication

Geographic separation

Backups stored on the same server they were taken from are not backups — they are a single point of failure waiting to fail in unison. We replicate every snapshot to off-site storage in a different provider and a different region: Backblaze B2, Wasabi, AWS S3, or your preferred object storage. The hosting provider can suffer a regional outage, the entire account can be locked, ransomware can encrypt the primary disk; the off-site copy remains untouched and immediately recoverable.

N° 04

Database Dumps

Atomic recovery

A whole-site snapshot is the right tool for catastrophic recovery, but it is the wrong tool when you need to roll back a corrupted product table or recover a single accidentally deleted user. We configure separate, frequent database dumps — every six to twelve hours for transactional sites — alongside the full snapshots. The dumps are smaller, faster to ship off-site, faster to import, and small enough to keep at higher cadences than full backups would economically allow.

N° 05

Server Snapshots

Whole-machine recovery

Application-level backups capture the site’s data; server snapshots capture the entire machine — operating system, configuration, installed packages, certificates, cron jobs, and the small undocumented changes that have accumulated over time. We schedule provider-level snapshots (DigitalOcean, Linode, AWS, Vultr) on a weekly cadence so that, in the worst case, the entire VPS can be redeployed from a known-good state in minutes rather than rebuilt from scratch over a stressful afternoon.

N° 06

Test-Restore Drills

Verification

This is the work that turns a configured backup into a real one. Every quarter we restore your most recent snapshot to a clean staging environment, run the site, and confirm — visually, functionally, and at the database level — that the restored copy matches the live site. The drill catches the silent failures: backups that completed but excluded the uploads directory, database dumps that ran but never finished writing, archive files that downloaded but cannot be unpacked. We document each drill, log the recovery time, and report any gap in the procedure to you in plain English.

N° 07

RPO & RTO Planning

Recovery objectives

Recovery Point Objective (RPO) is the most data you can afford to lose, measured in time — fifteen minutes, six hours, twenty-four hours? Recovery Time Objective (RTO) is the longest you can afford the site to be down before the cost outruns the cure. We work through both with you against your real business reality, then design the backup cadence, retention, and restore procedure to meet those numbers. RPO and RTO are not vanity metrics; they are the contract that tells the rest of the system how to behave on the worst day.

N° 08

Documented Restore Procedure

Under pressure

A restore procedure that lives in someone’s head is a procedure that fails when that person is unreachable. We write a step-by-step runbook covering every recovery scenario your site is realistically exposed to — single-file recovery, database rollback, full-site restore, server rebuild — with exact commands, credential locations, and verification checkpoints. The runbook is stored alongside your infrastructure documentation, kept current as the stack evolves, and is written so that any competent technician can execute it under pressure without needing to improvise.

02 — Our Approach

Configure. Replicate.
Restore. Verify.

Backup work fails along predictable lines: someone configures a backup that runs but does not capture everything, someone ships archives off-site that nobody ever opens, someone trusts the green dashboard tick. Our process is built to make each of those failure modes visible long before they matter.

Restore is the test, not the backup

We do not call a backup configured until we have restored it once, in full, to a clean environment, and confirmed the restoration is functionally identical to the original. Configuration without verified restoration is a leap of faith dressed up as engineering. Every initial setup ends with a recorded test restore, so the first time anyone restores your site is not the day it has actually broken.

Three copies, two media, one off-site

The 3-2-1 rule remains the floor for serious backup work: at least three copies of the data, on at least two different storage media, with at least one off-site. We design every backup architecture against this baseline and document where each copy lives, how it is refreshed, and who has access to it. If a single failure — a provider outage, a compromised account, a corrupted disk — can take all your copies down, the architecture is wrong.

iii

Tested every quarter

We schedule a restore drill every quarter and we run it whether or not anything looks worrying. A backup that has been sitting untouched for months is not known to work; it is suspected to work. The quarterly drill is how we move it from suspected to known. We log restore time, identify any gap that has crept in, and tighten the procedure before the next cycle. Backups erode quietly — the drill is what catches the erosion.

Plain-English runbook

Every backup configuration is paired with a written restore procedure that any competent technician — not just us — can execute. Step-by-step commands, where credentials live, what counts as a successful verification, what to escalate. The runbook does not assume you’ll have us on call when you need it; it assumes the worst-case scenario where someone else has to do the work, and it makes that someone’s job survivable.

03 — Who It’s For

Sites where downtime
costs more than storage.

Backup and recovery is the kind of work that justifies its retainer cost on the first incident — and is invisible until then. It is most valuable for businesses where a lost day, a corrupted database, or a ransomware event would directly cost revenue, customer trust, or compliance standing.

A few recurring profiles where the test-restore work pays for itself the first time it is needed.

i Businesses relying on a host’s free backup tierThe host’s own backup is configured and visible in the dashboard — but nobody on the team has ever tested a restore. The default tier is usually retained for seven days, lives on the same provider, and excludes media uploads.
ii WooCommerce stores where every order mattersAn hour of corrupted database costs orders, customer trust, and reconciliation work for weeks. Frequent database dumps, off-site replication, and a tested rollback procedure are not optional at this stage.
iii Professional firms with sensitive intake dataLegal, healthcare, financial — anywhere a form collects information you have a duty to protect. Backups need to live outside the primary environment, retention needs to match your regulatory obligations, and the restore procedure needs to actually have been rehearsed.
iv WordPress sites that have never been auditedYou inherited a site, the previous developer set up “backups”, and nobody has looked at them since. The audit usually surfaces at least one of: an expired plugin licence, a full storage bucket, an exclusion list that quietly skips uploads, or a target that has been failing for months.
v Teams preparing for a major changeMigration, redesign, plugin overhaul, theme rebuild. A verified restore point taken the day before the work starts is the safety net that lets the team be bold rather than cautious. We schedule and verify it as part of every change-window engagement.

Backup and recovery is also the unglamorous prerequisite for every other piece of infrastructure work we do. Server hardening, SSL certificate renewals, plugin updates, theme migrations — all of it carries non-zero risk, and all of it becomes far easier to attempt when there is a tested restore point sitting one command away. We don’t sell backup as an add-on; we treat it as the floor that the rest of the practice stands on.

04 — A complimentary report

Curious how Google sees your site?

Send us your URL. We’ll send back a Premium SEO Report, prepared by hand, within 48 hours — domain authority, keyword rankings, backlinks, competitor gap, and the quick wins worth chasing first.

No sales call required.

“

A backup that has never been restored is a story you tell yourself. The restore drill is what makes it true.

— The Aureole Practice —

05 — Frequently Asked

Questions we get
about recovery.

If a question is missing here, the contact link at the foot of the page goes straight to the person who would answer it. No ticket queues, no funnels.

i Our hosting already includes backups — why pay for more?

Host-included backups are useful and we are glad when they exist. They are also rarely sufficient on their own. The default tier is typically retained for seven days, stored on the same provider as the live site, excludes some directories (uploads, custom plugin data) by default, and has almost certainly never been restore-tested by anyone on your team. If the provider has an outage that takes both the live site and the backup target offline simultaneously — and it does happen — your recovery options narrow to whatever you have stored elsewhere. We supplement the host backup with off-site replication, longer retention, and quarterly test restores so the host’s backup becomes one layer of three rather than the only line of defence.

ii How often should backups actually be tested?

For most growing businesses, a full test restore every quarter is a sensible cadence. Anything more frequent and the cost-benefit thins; anything less frequent and the backup quietly diverges from a working restore as the site evolves underneath it. Plugin updates, schema changes, server upgrades, and configuration drift all chip away at restore reliability over time. The quarterly drill is the rhythm that keeps the gap between what you have and what you can actually restore from getting wider. After any major change — a migration, a redesign, a host switch — we run an additional out-of-cycle restore to confirm the new configuration still recovers cleanly.

iii What is RPO and RTO, and why do I need to think about them?

RPO — Recovery Point Objective — is the most data you can afford to lose. If your last backup was four hours ago and you would lose four hours of orders, that is your RPO. RTO — Recovery Time Objective — is how long the site can be down before the cost of being down outruns the cost of preventing it. A brochure site might be comfortable with a 24-hour RPO and a 4-hour RTO; a busy e-commerce store might need a 1-hour RPO and a 30-minute RTO. The numbers determine the architecture: how often backups run, how they are stored, how the restore is rehearsed. Without them, a backup setup is decorative — a number out of context. We work through both with you in plain English before we touch any configuration.

iv Can you take over a backup setup someone else built?

Yes, and this is one of the most common starting points. The first deliverable is an audit: we open the existing backup target, inspect the most recent archive, attempt a test restore, and document what we find. Most inherited setups have at least one of: silent exclusions (uploads, custom tables), expired off-site credentials, retention windows that are shorter than the team assumes, or a backup that completed but cannot actually be unpacked. Once we know the real state, we either tighten the existing system or rebuild it — always with the goal of leaving the documentation good enough that any competent technician could maintain it without us.

v What happens if the site is hit by ransomware?

A clean off-site backup is the antidote, which is why off-site replication is non-negotiable in every architecture we design. Modern ransomware actively targets backup systems on the assumption that operators will pay to recover. If your backups live on the same server, the same hosting account, or even the same cloud-provider account as the live site, they are exposed to the same compromise. Off-site, separately authenticated, ideally immutable storage breaks that chain. When ransomware hits, the recovery path is straightforward: rebuild the server from a clean snapshot, restore the most recent verified backup taken before the compromise, and bring the site back up. Painful, but survivable — provided the prior work is in place.

vi How long does the initial setup take?

For a standard WordPress or VPS environment, the initial backup architecture goes live in the first week. Day one is the audit of any existing setup. Days two and three are configuration — daily snapshots, weekly archives, off-site replication, database dumps, server snapshot scheduling, monitoring of the backup jobs themselves. Day four is the first end-to-end test restore. Day five is the documented runbook and a handover walkthrough. From there it becomes a low-touch retainer: monitoring runs continuously, drills run quarterly, and the architecture is reviewed annually or whenever the stack changes materially.

06 — Connected Practice

Where backup fits in
the wider practice.

Backup and recovery is one layer of the IT services practice — the floor that lets the rest of the work move quickly without losing nerve. The link below returns to the parent service; the pills extend laterally to the sister sub-disciplines that compound with restore-tested infrastructure.

Parent service

Sister sub-disciplines

Hosting & Cloud → DNS & Domain → Email Setup → Cloudflare & CDN → SSL & Security → Server Monitoring →

Adjacent services

SEO → Web Design & Development → AI Search Optimisation → Content & Copywriting →

The Invitation

Ready to find out
if your backups work?

Tell us where the site lives and what is currently configured. We’ll audit the existing setup, run a real test restore, and report back in plain English on what is solid and what needs tightening — before the day you actually need to use it.

Get in touch → Or request a free SEO report

Mon–Fri · 9–6 PT support@aureoleintelligence.com Reply within 1 business day