Backups, Monitoring & Security

Backups + monitoring + security

Backups, monitoring and security — so a failure does not stop your sales

A server failure, a botched update, a malware or ransomware attack, or deleted data can halt your sales, your company website or the system your whole team relies on. That is why we configure backups, monitoring and security so that your company does not learn about a problem from a customer.

It is not just about the backup. It is about being able to get back up and running quickly when something goes wrong: where the copies are, how often they run, who responds to alerts and how long it can take to restore the store.

3-2-1 strategy + off-site backup
AES-256 encryption
24/7 monitoring + alerts
Firewall + Fail2Ban + WAF
Test restore + runbook
Backblaze B2, AWS S3, restic, borg

Ask about backups and monitoring See the packages

Backups and monitoring for

e-commerce stores where downtime means lost orders
service businesses for which the site generates enquiries
WordPress and WooCommerce owners
companies after a failure, break-in or data loss
teams using a VPS, dedicated servers or NAS
agencies maintaining clients’ websites
companies with customer data, orders or form submissions
owners of systems that have to be available every day

The worst moment to start looking for a backup

A backup no one has tested is just hope

Many companies assume they have backups, because the hosting shows a “backup” option in the panel. The problem only appears when you actually need to restore something. A backup on the same server, a missing database, a copy from several months ago, no procedure — these are real situations. That is why the implementation covers not only creating copies, but also the strategy, monitoring, a test restore and an emergency procedure.

What do you gain from the implementation?

Six benefits — mostly operational and sales-related, not technical.

Lower risk of data loss

Your data is not stored in just one place. An off-site backup protects you from a situation where a server failure, an admin error or a break-in destroys the site and its copy at the same time.

Faster response to a failure

Monitoring lets you detect a problem sooner. You do not have to wait for a customer to tell you the store is down or the form is not sending enquiries.

A clear course of action

You know what to do in case of a failure. A runbook reduces chaos and random decisions, especially outside standard working hours.

Greater site and server security

A firewall, Fail2ban, updates and a WAF do not guarantee full resilience, but they significantly reduce the risk of typical problems and automated attacks.

Peace of mind during updates

Before bigger changes you can make a copy and know how to roll back to the previous state. This is especially important for WordPress, WooCommerce and applications with a database.

Better sales continuity

For e-commerce, every hour of downtime means lost orders, abandoned carts and reduced trust. Backups and monitoring are not a cost — they are protection for your sales.

What can we implement?

Five areas of protection — from backups and monitoring, through server and WordPress security, to documentation and procedures.

Backups and data recovery

analysis of current backups
3-2-1 backup strategy
daily incremental backups
weekly full backups
backup of files / databases / configuration
off-site backup (Backblaze B2 / AWS S3)
AES-256 encryption
setting the retention
data restore test
restore procedure documentation

Benefit: A backup that can really be restored — within a known timeframe.

Monitoring and alerts

site availability monitoring
server monitoring (CPU/RAM/disk)
service monitoring (web, database, mail)
application error monitoring
SSL certificate monitoring
email / SMS / Slack alerts
escalation when there is no response
problem reporting

Benefit: Failures detected early, not from customers calling the helpline.

Server security

firewall (iptables / nftables)
SSH hardening
Fail2Ban
restricting administrative access
security updates
service control
recommendations on passwords and access
HTTPS only

Benefit: Lower risk of simple automated and brute-force attacks.

Application and WordPress protection

control of WordPress updates
control of plugins and themes
limiting typical attack vectors
WAF configuration (Cloudflare / ModSecurity)
error log analysis
detecting unusual behaviour
recommendations on vulnerable plugins

Benefit: WordPress / WooCommerce becomes harder to compromise and an incident is easier to detect.

Documentation and procedures

emergency runbook
list of monitored services
description of backup locations
list of contact persons
data restore procedure
failure response procedure
recommendations for further care

Benefit: In a failure, everyone knows what to do — it does not start with a frantic search for access details.

What problems do we solve?

Five typical situations — each with a concrete technical answer and a business effect.

Problem	What we do	Effect
The company does not know whether the backups really work	Audit of current backups, configuration of off-site copies, schedules and a test restore.	You know what is protected, where the copies are and whether they can be restored.
You find out about a failure from a customer	Monitoring of availability, services and resources + email/SMS/Slack alerts.	A response within hours, not weeks — often before the customer notices the problem.
Brute-force attacks and malware put a strain on the site	Firewall, Fail2ban, login restrictions, updates, WAF.	Lower server load and a lower risk of the WordPress admin panel being taken over.
There is no emergency procedure	A runbook: what to check, who to notify, where the access details are, how to restore data and how to escalate the problem.	A failure does not turn into a multi-hour organisational crisis.
There is a backup, but the restore takes too long	A test restore on a real environment + documentation of the recovery time.	You know how long it will actually take to get back up and running — and whether that is acceptable for the business.

What exactly does the package include?

Fourteen elements — from an audit of the current situation to an emergency runbook and monthly reports.

Element	What we do	What it gives the company
Audit of the current situation	we check what is protected and whether the backups work	a starting point based on facts
3-2-1 strategy	3 copies, 2 media, 1 off-site	a server failure does not wipe out the site and the backup at the same time
Incremental and full backups	daily incremental, weekly full	a short window of potential data loss
Off-site backup	Backblaze B2, AWS S3 or your own location	a copy outside the main environment
AES-256 encryption	copies encrypted before they are sent	data unreadable to unauthorised people
Backup retention	e.g. 7 days / 4 weeks / 6 months	the ability to roll back weeks, not just 24 h
Test restore	a trial restore with the recovery time documented	you know the backup works — you do not just assume it
Availability monitoring	UptimeRobot / Netdata / our own tools	failures detected earlier
Server monitoring	CPU, RAM, disk, services	a problem detected before the store starts returning errors
Alerts + escalation	email / SMS / Slack + a procedure	a response, not just a notification
Firewall + Fail2Ban	iptables/nftables, login protection	limiting typical automated attacks
WAF	Cloudflare or ModSecurity	an extra layer of application protection
Emergency runbook	a step-by-step procedure	less chaos during a failure
Monthly reports	what was done, what was detected, what to improve	you know what you are paying for and what comes next

How does the implementation work?

Seven stages — from the audit to the emergency runbook.

Audit of the current situation

We check where the site/server/store is hosted, which data is critical, what backups currently exist and whether the monitoring really works.

Effect: A starting point based on facts, not assumptions.

Defining the strategy

We decide what needs protecting: files, databases, server configuration, email, user directories, company systems or applications. We set the frequency and retention.

Effect: A plan matched to the real business risk.

Backup configuration

We implement automatic backups with an off-site location. We set the schedule, retention, encryption and integrity checks.

Effect: A real 3-2-1 strategy — not just a “backup from the hosting”.

Monitoring configuration

We set up monitoring of availability, services, resources and selected application elements. We configure alerts and the people responsible for responding.

Effect: Failures detected early, not from customers.

Test restore

We perform a trial data restore to check whether the backups are complete and how long recovery actually takes.

Effect: You know the backup works — and how long it will take to get back to selling.

Security hardening

We configure the firewall, Fail2ban, WAF, security updates and basic protection of administrative access.

Effect: Lower risk of simple attacks, break-ins and the panel being taken over.

Documentation and runbook

We hand over the emergency procedure: where the copies are, how to restore them, who responds, where the alerts go and what to do in a serious failure.

Effect: The company has a plan of action in case of a crisis — it does not improvise.

The most common scenarios

Five typical situations — what companies most often come to us with.

A WooCommerce store after a failure

The store stopped working after an update, a database problem or a server error. The company wants to make sure it does not happen again.

Effect: Backups, monitoring and a procedure reduce the risk that the next update halts sales.

A company unsure whether the backups work

The client has hosting, a panel and information about backups, but no one has ever run a restore test.

Effect: An audit + a test restore + the configuration of a more reliable off-site solution.

An agency maintaining clients’ sites

The agency runs many WordPress sites and needs to reduce the risk that one site’s failure turns into a support crisis.

Effect: A consistent backup and monitoring strategy across all projects.

A VPS with no procedures

The company has a VPS, but backups, monitoring and security were configured “a bit at a time”.

Effect: Order: backups, alerts, firewall, access and documentation in one place.

A site after a malware infection

After an infection it is not enough to remove the malicious code. You need to work out where the problem came from, how to restore a clean version and how to reduce the risk of a repeat.

Effect: The site comes back from a clean backup + security measures are implemented to limit a repeat.

Backup, monitoring and security packages

Three levels of scope — from basic site protection, through a WooCommerce store, to business-critical projects.

Basic

Essential site protection

from PLN 990 net

For companies that want to stop relying solely on a hosting backup and need basic protection for a site or a small store.

Who it is for

a company website
a small WordPress site
a small store
first deliberate backups

Scope

analysis of current backups
daily off-site backups (Backblaze B2 / S3)
basic backup retention
site availability monitoring
a basic firewall
basic access protection
short configuration documentation

What you gainA hosting backup replaced with a real strategy — with an off-site copy and availability monitoring.

Example: A service website, a company blog, a small WooCommerce store with up to 200 products.

For business-critical projects

from PLN 4,990 net

For companies that need more advanced protection, application-level monitoring and a procedure for responding to serious failures.

Who it is for

a larger e-commerce site
a company with its own VPS / cluster
a business-critical web application
an agency maintaining clients’ sites

Scope

everything in the Pro package
a security audit
application-level monitoring
log analysis
alert escalation
an emergency workshop for the team
procedure documentation
access policy recommendations
a serious-failure response plan
support with restore testing

What you gainA complete protection and response plan — with procedures and application-level monitoring, not just server-level.

Example: A larger WooCommerce store, a SaaS application, the infrastructure of an agency serving many clients.

Prices are net — 23% VAT must be added. The cost of backup cloud storage (Backblaze B2, AWS S3) is billed separately according to the provider’s pricing. Administrative care from PLN 290 / month.

A hosting backup or a 3-2-1 strategy?

The “backup in the hosting panel” option alone is not enough in a serious failure. The comparison shows the differences across 7 areas.

Area	Hosting backup	3-2-1 strategy
Copy location	Often the same provider or server	A copy also kept outside the main environment (off-site)
Control	Limited	A defined frequency, retention and scope
Restore test	Often missing	A test restore as part of the service
Protection against server failure	Limited	Greater resilience thanks to off-site + 3-2-1
Documentation	Usually basic	A runbook and an emergency procedure
Alerts	Often missing	Monitoring and notifications (email/SMS/Slack)
Accountability	Not always clear	A clearly defined response process + SLA

Frequently asked questions

Is a backup from my hosting enough?

Sometimes yes, but not always. It is worth checking where the backup is stored, how often it runs, what exactly it covers and whether it can be restored quickly. If the copy is on the same server or has never been tested, the risk is still high.

What is the 3-2-1 backup strategy?

Three copies of your data, on two different media or locations, with one copy kept outside your main environment. For example: the site on the server, one copy locally and a second one in external cloud storage (Backblaze B2, AWS S3).

Is a test restore really necessary?

Yes. Only a restore test shows whether the backup is complete and how long recovery actually takes. Without a test, a company is merely assuming that the backup works.

Does the backup also include the database?

It should. For WordPress, WooCommerce and web applications, a copy of the files alone is not enough. The database is just as important — that is where the content, products, orders, settings and users live.

Are the backups encrypted?

Yes. We encrypt off-site backups with AES-256. The data is not readable by unauthorised people — even if a copy ends up in the wrong hands.

Does the monitoring run 24/7?

Yes, monitoring runs all the time. What matters, though, is who receives the alert and what happens after it arrives. Without a response procedure, an alert alone will not solve the problem.

Do the security measures guarantee there will be no break-in?

No. No security measures give a 100% guarantee. Their goal is to reduce risk, limit typical attacks, detect problems faster and make it possible to restore operations.

Can the service cover several sites?

Yes. Backups and monitoring can be implemented for a single site, a store, several WordPress installations, a VPS, a web application or an entire agency infrastructure.

What happens if a backup does not run?

That is exactly why backup monitoring is needed. The system notifies you when a copy fails to run, takes up too much space or an error occurs.

How long can it take to restore a site from a backup?

A small site (up to ~5 GB): usually 1–3 h. A medium WooCommerce store: 3–8 h. A large e-commerce site with a database of several dozen GB: 8–24 h. We confirm the exact time with a restore test for your specific environment.

Check whether your backups really work

Tell us what your site / store / application runs on, where the backups are and what you already monitor. We will check whether your current protection is real — and what is worth improving before the first serious failure.

You are not just paying for backups. You are paying for the ability to get back up and running quickly when something goes wrong.

Ask about backups and monitoring See administrative care