What is the 3-2-1 backup strategy and how do I implement it for web hosting?
The 3-2-1 backup rule is the industry standard for data protection: maintain 3 copies of data, on 2 different storage media types, with 1 copy offsite. For web hosting this means: local cPanel backup + remote VPS or cloud storage copy + tested restoration procedure.
DETAILED EXPLANATION:
Why 3-2-1 works:
- 3 copies: Original + local backup + offsite backup
- 2 media types: Server disk + external cloud storage
- 1 offsite: Protection against datacenter fire, flood, ransomware
Backup scope for complete website:
1. Files: /home/user/public_html (themes, plugins, uploads)
2. Databases: All MySQL databases (content, orders, users)
3. Email: /home/user/mail (if hosting email on same server)
4. Config: /etc/nginx, /etc/php, /etc/mysql configs
5. SSL: /etc/letsencrypt certificates
Frequency guidelines:
- Database: Daily (changes every time someone posts, orders, comments)
- Files: Daily or weekly (changes with WordPress updates)
- Full server: Weekly
- Before any major update: Immediate on-demand backup
Backup storage options by cost:
- Backblaze B2: $0.006/GB/month (~Rs 0.5/GB) - cheapest S3-compatible
- Wasabi: $0.0059/GB/month, no egress fees
- AWS S3 ap-south-1: $0.025/GB/month, very reliable
- Local second disk: Free but not offsite
WHEN TO USE:
- Every production website without exception
- Before WordPress core/plugin updates
- Before server migrations or configuration changes
- Before experiment with server settings
STEP-BY-STEP - Automated restic backup to Backblaze B2:
1. Create Backblaze B2 account at backblaze.com
Create bucket: mysite-backups
Create application key with read/write access to that bucket
2. Install restic:
apt install restic
3. Initialize repository:
export B2_ACCOUNT_ID="your_account_id"
export B2_ACCOUNT_KEY="your_application_key"
export RESTIC_PASSWORD="strong_backup_encryption_password"
restic -r b2:mysite-backups:server1 init
4. Create /usr/local/bin/backup.sh:
#!/bin/bash
export B2_ACCOUNT_ID="your_account_id"
export B2_ACCOUNT_KEY="your_application_key"
export RESTIC_PASSWORD="strong_backup_encryption_password"
REPO="b2:mysite-backups:server1"
# Backup website files
restic -r $REPO backup /var/www/html /home \
--exclude="*.log" --exclude="*/cache/*"
# Backup all MySQL databases
mysqldump --all-databases -u root -pyourpassword | \
gzip > /tmp/mysql_backup.sql.gz
restic -r $REPO backup /tmp/mysql_backup.sql.gz
rm /tmp/mysql_backup.sql.gz
# Backup server configs
restic -r $REPO backup /etc/nginx /etc/php /etc/mysql /etc/letsencrypt
# Keep 7 daily, 4 weekly, 6 monthly backups
restic -r $REPO forget --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune
# Verify repository integrity monthly
restic -r $REPO check
chmod +x /usr/local/bin/backup.sh
5. Schedule daily at 2 AM (low traffic time):
echo "0 2 * * * root /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1" > /etc/cron.d/backup
6. TEST your restore (critical - do this quarterly):
mkdir /tmp/restore-test
restic -r $REPO restore latest --target /tmp/restore-test
ls /tmp/restore-test/var/www/html/
# Confirm your website files are there
REAL EXAMPLES:
Restic backup stats:
Files: 24,521 | Size: 4.5 GB | Compressed to: 2.3 GB
Deduplication: 3.4x ratio (backups after first are tiny - only changes)
Cost: 4.5 GB x Rs 0.5/GB/month = Rs 2.25/month for complete backup!
Recovery scenario:
Server hacked, files deleted at 3am:
1. Provision new Connect Quest VPS (10 minutes)
2. restic -r $REPO restore latest --target /var/www
3. Import database from backup
4. Update DNS to new server IP
5. Site fully restored in under 1 hour
FLOW:
2 AM cron -> mysqldump all databases -> gzip -> restic backup
-> deduplicate (only new/changed files sent) -> AES-256 encrypt -> upload to B2
-> prune old snapshots -> integrity check -> log result
KEY POINTS:
- Backblaze B2 costs ~Rs 5/month for 10GB - cheaper than losing your site
- Test restore quarterly - discover broken backups before disaster strikes
- restic encrypts with AES-256 by default - even Backblaze cannot read your data
- Connect Quest cPanel plans include automated backup via JetBackup
COMMON MISTAKES:
- Backing up to same disk as data (disk failure = data AND backup lost)
- Never testing restore (discover failure only during actual disaster)
- Not backing up MySQL separately (files are useless without matching database)
QUICK FIX:
Emergency restore needed:
restic -r $REPO snapshots (list available restore points)
restic -r $REPO restore SNAPSHOT_ID --target /tmp/emergency-restore
Contact Connect Quest at +91 2269711150 for emergency assistance
DIFFICULTY: Intermediate
RELATED: VPS Hosting, Dedicated Hosting, cPanel, Disaster Recovery
DETAILED EXPLANATION:
Why 3-2-1 works:
- 3 copies: Original + local backup + offsite backup
- 2 media types: Server disk + external cloud storage
- 1 offsite: Protection against datacenter fire, flood, ransomware
Backup scope for complete website:
1. Files: /home/user/public_html (themes, plugins, uploads)
2. Databases: All MySQL databases (content, orders, users)
3. Email: /home/user/mail (if hosting email on same server)
4. Config: /etc/nginx, /etc/php, /etc/mysql configs
5. SSL: /etc/letsencrypt certificates
Frequency guidelines:
- Database: Daily (changes every time someone posts, orders, comments)
- Files: Daily or weekly (changes with WordPress updates)
- Full server: Weekly
- Before any major update: Immediate on-demand backup
Backup storage options by cost:
- Backblaze B2: $0.006/GB/month (~Rs 0.5/GB) - cheapest S3-compatible
- Wasabi: $0.0059/GB/month, no egress fees
- AWS S3 ap-south-1: $0.025/GB/month, very reliable
- Local second disk: Free but not offsite
WHEN TO USE:
- Every production website without exception
- Before WordPress core/plugin updates
- Before server migrations or configuration changes
- Before experiment with server settings
STEP-BY-STEP - Automated restic backup to Backblaze B2:
1. Create Backblaze B2 account at backblaze.com
Create bucket: mysite-backups
Create application key with read/write access to that bucket
2. Install restic:
apt install restic
3. Initialize repository:
export B2_ACCOUNT_ID="your_account_id"
export B2_ACCOUNT_KEY="your_application_key"
export RESTIC_PASSWORD="strong_backup_encryption_password"
restic -r b2:mysite-backups:server1 init
4. Create /usr/local/bin/backup.sh:
#!/bin/bash
export B2_ACCOUNT_ID="your_account_id"
export B2_ACCOUNT_KEY="your_application_key"
export RESTIC_PASSWORD="strong_backup_encryption_password"
REPO="b2:mysite-backups:server1"
# Backup website files
restic -r $REPO backup /var/www/html /home \
--exclude="*.log" --exclude="*/cache/*"
# Backup all MySQL databases
mysqldump --all-databases -u root -pyourpassword | \
gzip > /tmp/mysql_backup.sql.gz
restic -r $REPO backup /tmp/mysql_backup.sql.gz
rm /tmp/mysql_backup.sql.gz
# Backup server configs
restic -r $REPO backup /etc/nginx /etc/php /etc/mysql /etc/letsencrypt
# Keep 7 daily, 4 weekly, 6 monthly backups
restic -r $REPO forget --keep-daily 7 --keep-weekly 4 --keep-monthly 6 --prune
# Verify repository integrity monthly
restic -r $REPO check
chmod +x /usr/local/bin/backup.sh
5. Schedule daily at 2 AM (low traffic time):
echo "0 2 * * * root /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1" > /etc/cron.d/backup
6. TEST your restore (critical - do this quarterly):
mkdir /tmp/restore-test
restic -r $REPO restore latest --target /tmp/restore-test
ls /tmp/restore-test/var/www/html/
# Confirm your website files are there
REAL EXAMPLES:
Restic backup stats:
Files: 24,521 | Size: 4.5 GB | Compressed to: 2.3 GB
Deduplication: 3.4x ratio (backups after first are tiny - only changes)
Cost: 4.5 GB x Rs 0.5/GB/month = Rs 2.25/month for complete backup!
Recovery scenario:
Server hacked, files deleted at 3am:
1. Provision new Connect Quest VPS (10 minutes)
2. restic -r $REPO restore latest --target /var/www
3. Import database from backup
4. Update DNS to new server IP
5. Site fully restored in under 1 hour
FLOW:
2 AM cron -> mysqldump all databases -> gzip -> restic backup
-> deduplicate (only new/changed files sent) -> AES-256 encrypt -> upload to B2
-> prune old snapshots -> integrity check -> log result
KEY POINTS:
- Backblaze B2 costs ~Rs 5/month for 10GB - cheaper than losing your site
- Test restore quarterly - discover broken backups before disaster strikes
- restic encrypts with AES-256 by default - even Backblaze cannot read your data
- Connect Quest cPanel plans include automated backup via JetBackup
COMMON MISTAKES:
- Backing up to same disk as data (disk failure = data AND backup lost)
- Never testing restore (discover failure only during actual disaster)
- Not backing up MySQL separately (files are useless without matching database)
QUICK FIX:
Emergency restore needed:
restic -r $REPO snapshots (list available restore points)
restic -r $REPO restore SNAPSHOT_ID --target /tmp/emergency-restore
Contact Connect Quest at +91 2269711150 for emergency assistance
DIFFICULTY: Intermediate
RELATED: VPS Hosting, Dedicated Hosting, cPanel, Disaster Recovery