Making a website recovery plan

How to make a website recovery plan before disaster strikes

Alex Johnson
Owner & Designer

Just as your life can often be unpredictable, so can the life of your website. You never know when disaster will strike. Your site could break, it could get hacked, and hosting companies can fail. There are so many things that can go wrong.

Your website is the face of your business online. Is it worth leaving that face to chance? A hacked website can take time to recover from and leave people thinking your website and by extension, your business is not safe to work with. Your credibility can suffer.

Taking a little time today to create a website recovery plan will enable you to be prepared before disaster strikes. But what should you have in your plan? This article will walk you through step by step in creating a plan for your website.


Backups are one of the most important parts of your recovery plan. If you don’t have complete backups, it can be hard to recover from anything.

But a complete backup is not often as easy as it sounds. Many hosting companies offer backup services, but many of these services are incomplete in my opinion. You see, most hosting companies store your website backups on the same server. Should the unthinkable happen to the hosting company, or that server, your data could be lost despite backups.

I recommend having two forms of backup, one at the server level and one at a remote non-related provider. This ensures you will have a backup somewhere else should something go wrong with your hosting. Multiple backups open doors if you want to move your website somewhere else without hassle.

It never hurts to have more backups than you need. A backup is cheap insurance when compared to the costs of having to rebuild your website from scratch.

Want to see how we handle backups? Check out this article.

Action Step

Set up at least two forms of backups for your website, and test the backups from time to time.


A well-maintained site is a great defense from many attacks. Plugins and core site components are often updated to fix security loopholes that are found in the code. If your site is running outdated code, it creates the perfect attack vector for hackers.

Your website needs maintenance just like your car
Your website needs maintenance just like your car

If you are on your site regularly, you will likely spot problems before they become larger as well. For example, a recent update to a common plugin had a minor issue on one of our client’s sites. It all seemed ok, and the update was completed successfully. But the mobile menu was no longer accessible. That was a huge problem for anyone using the site from a phone.

By going into the site and checking it over regularly and especially after updates, we detected the problem and fix it before the client even knew there was a problem.

Would you rather hear from a customer that your site is broken, or know you took the steps to ensure your site is in good working order?

Action Step

Schedule time to review any updates and complete them on your website. Take a few minutes to browse your website after the updates to ensure everything works. Do this using an incognito browser to avoid caching issues that could make it seem like everything is fine when it’s not. You should do this at least once a month.

Content Updates

Is your website stale? If you are not going in and updating the content on your website regularly, the content or photos may be out of date. This happens easily when it comes to changing staff members, services, products, or pricing.

At the time of this writing in early 2023, there are still websites with banners indicating they are observing special hours or requirements due to Covid shutdowns in places that have no such restrictions anymore. The site owner was quick to add a banner so guests could know what was going on with the business during the height of Covid but forgot to change it back after things started to return to normal.

If you ignore the design of many websites and judged them on content alone, I hazard a guess that at least 50% of the websites operating today have not had their content updated in at least a year. Many are much worse than that. Do you want your website to fall into that stale category?

If you don’t update it, you could be telling people pricing from years ago or pointing them to resources that don’t exist anymore.

Action Step

Take time at least once every six months to review all the text and photos on your website. See if all the information you are providing is correct and if the content still resonates with your ideal audience. Update anything that needs changing. Check outbound links to ensure the link resource is still available.

Uptime Monitoring

Unless you want to be the last to know when your website is down, it is good practice to add a monitoring service to your website recovery plan. This is even more important when your website is your sales portal.

Proactively monitor your website
Proactively monitor your website

With uptime monitoring services, you can find out if your website is down before anyone else and act quickly. Downtime can be caused by several reasons, from site glitches to hosting failures. Even accidentally forgetting to renew a service such as the domain or hosting. I know I can’t be the only one who has ever forgotten to pay a bill, only to remember after it was due.

If your website is your primary sales vector, how would a day of no sales look? What if it could be avoided by simply getting notified in advance that there was a problem so you could proactively fix it? Uptime monitoring gives you that power.

Action Step

Services such as Uptime Robot allow you to monitor your website as often as every 5 minutes for free. My favorite way to monitor a website is to have it search for a keyword, which I set as the header logo URL. This way if the site technically loads, but fails to have the proper header, I get notified.


Something simple to overlook, but critical when you need them are passwords. It’s easy to set your website password to something like Password2023 and continue with your life. But it’s just as easy for hackers to set up a computer and guess that password.

Passwords for anything you use on the web should be complex, containing letters, numbers, and symbols. They should also be longer if possible. The longer the password, often stronger the password.

The only time this fails is when you use common words thinking it’s stronger, for example using kid’s or pet’s initials and names, with birthdays, such as Tim03Sarah05 or TS@0305 or MyDog2005. These examples are a false sense of security as they use information related to you and could be easily found.

Store your passwords securely. Everyone has different thoughts on what security is and given the recent breaches of major password storage services, the landscape is changing rapidly. Given the choice, I prefer to store passwords using a local secure file, such as KeePass, but there are plenty of online services you can use as well. For online tools, I recommend 1Password at this time.

And given the breaches, some that use a notebook on their desk might even feel safer. You won’t find me saying this often but if your home and notebook are safe from prying eyes, and you are prepared to change everything should someone steal your little book, this option might be ok too.

Action Step

If you have not changed your passwords to key services connected to your website and the site itself in the last year, I recommend changing the password to ensure they are secure. Use a different password for each service so that if one is breached, you don’t have to worry about other services failing the victim too. Audit your passwords at least once every year and update them as needed.

Contact Details

No one can contact you if they don’t have your information. The same goes for those you do business with. Just as you update the contact information for your website, you should keep a complete list of the contact information for any service or plugin related to your website.

Keep details for your website handy
Keep details for your website handy

For example, you should keep track of who your hosting company is and how to reach them. It’s a good idea to include basic billing and plan details here as well. So, if you host on a small plan for $10 per month and the plan includes unlimited storage, include those details in your list.

By keeping an update to date list, if you need to move your site, you will know what options to look for in a new host, and what services to move, such as email and site hosting.

It’s often best to practice keeping your domain, email, and site hosting with separate companies to balance downtime should it occur.

I see this come back and bite businesses when they need to move their website to a new host during an outage, but the old host has the email, and the new host wants to send an email verification. The business is stuck in limbo because all its services are in one place. The adage applies, don’t put all your eggs in one basket.

Action Steps

Go through each service, theme, and plugin to make a complete list of what your site needs to operate. Write these down, along with the costs and plan options. Split critical services such as email and hosting apart to further disaster-proof your online presence. Complete this action as needed and review it yearly.


A little time spent today will help you to be prepared should disaster strike. Set up a plan using these action steps and follow through with it.

One of the worst feelings is waking up one morning to a hacked website and realizing you have not prepared. Or worse having a customer complain because your site is spreading malware. It’s easy to avoid embarrassing apologies when you keep up with your site.

Don’t let the online face of your business be neglected.


Are you keeping your WordPress website protected?

Download our free guide to understand how to keep your website safe and learn about the regular maintenance your website needs to stay secure.
Five essentials for keeping your wordpress website safe

Related Posts: