How to Create Disaster Plans for Websites

    Jeff Smith


    This article is part of a series created in partnership with SiteGround. Thank you for supporting the partners who make SitePoint possible.

    When business managers, team leaders, and others plan for business continuity, they’re being forward thinkers. Plans are created to ensure that the business continues to operate under a variety of stressful situations – natural disasters, deaths, malicious actions, and more. Businesses create disaster plans for websites, buildings, human resources, financial transactions, relocation of assets, replacement of equipment – anything and everything.

    When considering disaster plans for websites, you have to consider a lot of those things, but you also have to consider things like hacking, user errors, and dependency failures (Looking to learn how to better manage dependencies? Take a look at the Managing Dependencies course on SitePoint Premium).

    The key elements of these business continuity and disaster plans are often the processes. These detail the steps that all of the company’s employees, whether there is only one employee, dozens, or even thousands, will take in these types of situations to ensure that the business can still function as close to normally as possible. If the business cannot weather such storms, they may not have a company to return to when the crisis is over.

    For maintainers of websites and web applications, disaster plans can be crucial, but are often overlooked for the same reason that business continuity plans as a whole are – they are only useful when something bad happens, and while normal day-to-day operations occur, they seem like a waste.

    Disaster Plans for Websites

    One of the first things that you should ask yourself (or your team) when considering what you’d like to do about disaster planning for websites that you maintain, is this:

    How long can your website or web application be down?

    How long can you go without customers visiting, interacting, and purchasing things? How much money will you lose per minute or hour that your site is down, or how many leads may be lost? Do you have service level agreements with your customers, and if so, are they guaranteed a certain percentage of uptime? When will you reach that limit?

    Planning for Disasters

    Some disasters for your business are epic and regional or even global in proportion, while others might not even make the local news. Here are a few examples of situations that may need planning and forethought:

    • Natural disasters such as earthquakes, tornados, hurricanes, or fires. What will happen if your datacenter(s) are damaged or destroyed?
    • Shutdown of critical services or products that are integral to your business such as customer relationship management software, accounting software, social media, version control repositories, hosting services, and more.
    • Revoked access to a resource. What if a security issue of some kind, or a human error by someone working at a service used by your website or application prevents your site from accessing that service? If you use a mail-sending service, do you have a fallback if your API requests suddenly start failing? How long will it take to change services or troubleshoot and resolve the issue?
    • Hacking. You hopefully have security measures in place, yes, but do you have a plan for when those measures fail? Backups to revert to, or methods to detect and remove intruders, to patch vulnerabilities quickly, to revoke compromised user credentials?
    • Loss of key personnel (the bus test). Can your website survive the loss of one key engineer, devops person, designer, or support specialist?

    Conducting Exercises

    Once you’ve brainstormed about the above scenarios, and others you can think of, you may also want to bring together key personnel from your various teams (if you have them) and conduct some mental exercises. Put yourselves into the situation. If X happened, and then Y happened, what would we do? Brainstorm. You may come up with more deficiencies in your plan, ideas for new processes that are required.

    Backup Systems

    Backups are a key consideration. Not only backups of data such as files, databases, media, etc, but also of credentials (are they stored somewhere besides the mind of a single user?). Services are another consideration. Do you have backup CDNs, mail services, NPM packages for various purposes? Do they have implementation plans? Licenses for any paid software or services?

    It’s better to consider the backup strategy for your website before you even launch it. Check your hosting company’s backup policies. Some provide extra backup solutions along with their hosting services. Our hosting partner SiteGround offers a powerful in-house tool for daily backups and fast data recovery.

    Developing and Sharing Processes and Access

    Developing processes and sharing them is also a key feature of disaster planning. Creating processes for recovering data from a backup, troubleshooting procedures for responding to an outage, and other similar situations is certainly important, but documenting those processes and sharing them with relevant personnel is the other half of the battle. Moving through troubleshooting or disaster response processes quickly and efficiently can mean the difference between the end of a business and a minor public relations bump in the road.

    Sharing the Disaster Plan

    Non-IT personnel who need to be involved should be aware of the situation and the plan. For instance, HR may have to be involved in hiring key replacement personnel, or consultants may need to step in to assist while the company does that replacing. An accounting department may need to be aware of services that are being paid for recovery purposes, and so on.


    The most important thing is that you and your colleagues create a disaster plan, understand it, and keep it up to date. You should take advantage of the tools offered by your host. SitePoint’s hosting partner, SiteGround, not only offers daily backups, but also monitoring, secure account isolation and expert technical support. Do you have any experiences you’d like to share about disaster planning or about situations in which you’ve faced disaster response? Share them in the comments below!