An online shop without a tested backup strategy is a business without a safety net. 60 percent of all small and medium enterprises that suffer severe data loss close within six months (National Cyber Security Alliance, 2025). The question is not whether data loss will occur, but when -- through hardware failure, ransomware, faulty updates or human error. The key metrics of every backup strategy are RPO (Recovery Point Objective: How much data can be lost at most?) and RTO (Recovery Time Objective: How quickly must the shop be running again?). This guide shows how to optimize both values for your online shop.
Understanding and Defining RPO and RTO
The Recovery Point Objective (RPO) defines the maximum acceptable data loss, measured in time. An RPO of 4 hours means: in the worst case, data from the last 4 hours is lost. For an online shop averaging 50 orders per hour, an RPO of 4 hours means potentially 200 lost orders -- with all consequences for customer satisfaction and revenue. The lower the RPO, the more frequently backups must be created.
The Recovery Time Objective (RTO) defines the maximum acceptable downtime from the incident to full restoration. An RTO of 1 hour means the shop must be operational again within 60 minutes of data loss. RTO is determined by backup infrastructure, data volume and the complexity of the recovery process. According to Gartner (2025), one hour of e-commerce downtime costs mid-market companies an average of 5,600 euros -- significantly more for large shops.
Defining RPO and RTO is not a purely technical decision but a business trade-off between cost and risk. An RPO of 15 minutes requires more frequent backups and more storage than an RPO of 24 hours. An RTO of 15 minutes requires hot-standby systems, while an RTO of 4 hours is achievable with simpler infrastructure. Maintenance consulting helps find the right values for your business model.
Database Snapshots
Hourly snapshots of the shop database for minimal data loss. Point-in-time recovery enables restoration to the exact second.
Full Backups
Weekly complete backup of all files, databases and configurations. Compressed and encrypted for maximum security.
Incremental Backups
Daily incremental backup captures only changes since the last backup. Fast, space-efficient and effective.
Off-Site Storage
Geo-redundant storage at an external location. Protection against physical risks like fire, water damage or theft.
Restore Tests
Monthly recovery tests verify the integrity and functionality of every backup under real conditions.
Retention Policy
Defined retention rules: daily backups 30 days, weekly 90 days, monthly 12 months.
The 3-2-1 Backup Rule for Online Shops
The 3-2-1 rule is the gold standard of data protection: at least 3 copies of data, on at least 2 different media, with at least 1 off-site. For an online shop this means: the original data on the server, a local backup on a separate storage system and an encrypted backup at an external location. If the server fails, the local backup is ready. If the data center burns, the off-site backup takes over.
The extended 3-2-1-1 rule adds an additional requirement: at least 1 offline backup not accessible via the network. This aspect has gained importance due to increasing ransomware attacks. Modern ransomware encrypts not only production data but also all reachable backups. An offline backup -- such as a regularly rotated external medium -- is immune to this attack vector.
For practical implementation in an online shop environment, we recommend: local snapshots for fast recovery (RTO optimization), daily encrypted transfers to an external storage location (3-2-1 compliance) and weekly offline backups to non-permanently connected storage (ransomware protection). The cost of this three-tier strategy is manageable -- especially compared to the cost of irrecoverable data loss.
Full, Incremental and Differential Backups
The three backup types differ in scope, speed and recovery effort. A full backup saves all data completely -- it is the simplest form of recovery but also the most time-consuming to create. For a Shopware store with 50 GB of media data and a 5 GB database, a full backup takes 30 to 90 minutes depending on infrastructure.
An incremental backup saves only changes since the last backup (whether full or incremental). It is fast and space-efficient but requires the last full backup plus all subsequent incrementals for recovery. A differential backup saves all changes since the last full backup -- it is larger than an incremental but recovery requires only the full backup plus the last differential.
The optimal strategy for online shops combines all three types: weekly full backup on Sunday during low-traffic hours, daily incremental backups for filesystem changes and hourly database snapshots for transaction-critical data like orders, customers and inventory. This combination achieves an RPO of 1 hour with manageable storage requirements and acceptable server load.
Database Backups: The Heart of Data Protection
An online shop's database contains the most business-critical data: orders, customer data, product information, prices and configurations. Losing the database is more severe than losing media files -- product images can be re-uploaded, but lost order data is irrecoverable. That is why database backup deserves special attention.
MySQL and MariaDB offer several backup methods: mysqldump produces a SQL export that is simple to handle and portable but can be slow for large databases. Binary Log Replication enables point-in-time recovery by logging all transactions -- RPO drops to seconds instead of hours. Physical backups with tools like Percona XtraBackup copy database files directly and are the fastest method for large databases.
For online shops, we recommend a combination: hourly logical dumps (mysqldump) for simple recovery and continuous binary log archiving for second-accurate point-in-time recovery during critical incidents. This combination achieves an effective RPO of just seconds -- included as standard in a maintenance contract.
Off-Site Storage and Encryption
Online Shop Backup Components
Backups stored on the same server or in the same data center as production data do not protect against physical risks: hardware failures, data center fire, natural disasters or ransomware spreading across the network. Off-site storage at a geographically separate location is therefore an indispensable part of any professional backup strategy.
Backup encryption is mandatory -- both during transfer (TLS 1.3) and at rest (AES-256). Backups contain an online shop's most sensitive data: customer names, addresses, email addresses and potentially payment information. An unencrypted backup falling into the wrong hands is a GDPR incident with notification requirements and potentially significant fines.
The choice of off-site storage location should be GDPR-compliant: for European online shops, we recommend storage locations within the EU. The retention policy defines how long backups are kept: daily backups for 30 days, weekly for 90 days and monthly for 12 months. This tiered retention also enables recovery of older data sets, for instance when a compromise is only discovered weeks later.
Restore Tests: A Backup Without Testing Is No Backup
The most common cause of failed recoveries is not missing backups but never-tested backups. According to a study by Veeam (2025), 58 percent of all backup restorations are unsuccessful on the first attempt. Reasons include corrupt backup files, incompatible versions, missing dependencies or incomplete backup configurations. Anyone testing their backup for the first time during an emergency discovers problems at the worst possible moment.
We recommend monthly restore tests in an isolated environment. The test includes full restoration of filesystem and database, shop functionality verification (homepage, categories, checkout, customer account) and comparison of order numbers and customer data with the production system. Results are documented: recovery duration, problems encountered and their solutions.
Restore tests provide dual value: they verify backup integrity and they train the recovery process. In an emergency, every minute counts -- a team that performs the process monthly works far more confidently under pressure than a team reading the documentation for the first time. The restore test is the most important part of the entire backup strategy -- without it, everything else is just insurance whose policy nobody has reviewed.
Media and File Backups: Often Forgotten Content
While database backups feature prominently in most backup strategies, filesystem backups are frequently neglected. Product images, PDF catalogs, configuration files and uploaded media reside outside the database and are not restored with a database-only restore. An online shop with ten thousand products and an average of five images per product has fifty thousand media files -- their loss means weeks of manual rework.
The backup strategy for media differs from the database strategy: media files rarely change but new ones are regularly added. An incremental backup that only captures changed and new files is more efficient here than a full backup. The initial full backup forms the base, daily increments capture changes. Critical is the inclusion of all relevant directories: beyond the obvious media folder, theme customizations, configuration files and server settings belong in the backup scope. A professional backup strategy explicitly documents all paths to be backed up and checks completeness during every restore test.
Disaster Recovery Plan: From Backup to Restoration
A backup alone is useless without a documented Disaster Recovery Plan (DRP). The DRP defines the complete recovery process step by step: who is notified? Who has access to backup systems? In what order are components restored? How are restored data verified? Without a DRP, technicians make decisions under time pressure and stress in an emergency -- a recipe for errors and unnecessary delays.
The typical recovery sequence for an online shop: 1. Restore web server and operating system from image, 2. Import database from the most recent snapshot, 3. Apply filesystem backup (media, uploads, configuration), 4. Verify SSL certificates and DNS, 5. Run functional tests (homepage, product pages, checkout, payment processing), 6. Activate monitoring and observe order intake. This process must be documented, tested and accessible to every responsible person -- ideally as a runbook that is understandable even at 3 AM.
Automation and Monitoring of Backup Processes
Manual backups are unreliable -- they are forgotten, misconfigured or incompletely executed. Every backup process should be fully automated: scheduled execution, automatic encryption, automatic transfer to off-site storage and automatic deletion of expired backups per the retention policy. Automation ensures backups are created reliably and consistently -- regardless of vacation, illness or workload.
Equally important is backup monitoring: an automated system that monitors successful completion of every backup, checks backup size for sudden changes (an unusually small backup may indicate missing data) and alerts immediately on failures. Integration into existing monitoring ensures a failed backup does not go unnoticed for days.
A professional backup strategy is not a one-time setup but a living process. As the shop grows -- more products, more customers, more media -- backup times, storage requirements and recovery times must be regularly reassessed. A shop that had 10 GB two years ago and now encompasses 100 GB needs an adapted strategy. Quarterly review of the backup strategy is therefore a fixed component of professional shop maintenance and ensures RPO and RTO are maintained even with growing data volumes.
Sources and Studies