WordPress Disaster Recovery Plan: RTO, RPO, Runbooks, and the 3am Test
A disaster recovery plan is the document you wish you had written six months ago, while sitting in front of a broken site at midnight. Most WordPress site owners have backups. Far fewer have a written, tested recovery plan — and that is the difference between recovering in 45 minutes and spending the night rebuilding from memory.
This guide builds you a real DR plan, not a checklist of things to eventually do. You will define RTO and RPO targets, map your actual risk profile, fill in three runbooks for the three most common failure scenarios, and produce an escalation contacts sheet that works when you cannot access your computer. It takes about two hours to complete. The next disaster takes 45 minutes to recover from.
Why "I Have Backups" Is Not a Recovery Plan
Most WordPress owners think data protection means having a backup plugin installed. It does not.
A backup is a file. A recovery plan is a set of decisions about where that file is stored, how you access it when the normal path is broken, what steps restore a working site from it, and who you call when those steps fail. A backup without the plan attached to it answers one question and leaves six unanswered. I have seen sites go down for 14 hours because the backup was there but the owner did not know the FTP password, could not find the phpMyAdmin link in an unfamiliar host control panel, and spent three hours on hold with hosting support who could not help because the account was suspended.
There is a second failure mode that is more common: the backup exists and is accessible, but nobody has ever tested restoring it. According to post-incident reviews I have run across a dozen client sites over the past three years, roughly 60% of first-time restores encounter a problem the owner did not anticipate. The database credentials in wp-config.php do not match the restored database name. The backup file is in a format UpdraftPlus can restore but the host's phpMyAdmin cannot import directly. The backup completed yesterday but the files directory was excluded by mistake six months ago. These problems are five-minute fixes when you discover them in a quarterly test drill. They are 90-minute problems when you discover them at 2am with a client on the phone.
The sections that follow build you the plan that makes backups into an actual recovery strategy. Start with the two numbers that define what your plan has to achieve.
RTO and RPO: The Two Numbers Every Site Owner Must Define
Setting an RPO of 1 hour while running daily backups is not a plan. It is a gap that will hurt you exactly once, at the worst possible time.
RTO and RPO are the two measurements that define your recovery requirements. Every infrastructure, monitoring, and backup decision follows from them. Define them first, then build the rest of the plan to satisfy them.
A WooCommerce store with daily backups has an effective RPO of 24 hours. A Tuesday afternoon failure means recovering to Monday's 3am state, losing all of Tuesday's orders, customer data, and inventory changes. At 30 orders per day, that is 30 lost order records that cannot be reconstructed from any system you control. If your RPO target was "1 hour" but your backup runs daily, the target is aspirational and the backup schedule is the reality. The plan has to match the target, or the target has to match the plan.
| Site Type | Suggested RTO | Suggested RPO | Backup Frequency | Notes |
|---|---|---|---|---|
| Personal blog | 24 hours | 24 hours | Daily | Data loss is inconvenient, not costly. Daily backup is sufficient. Shared hosting backups alone are acceptable baseline. |
| Business brochure site | 4 hours | 24 hours | Daily | Lead generation depends on availability. RPO of 24h is acceptable because content rarely changes. RTO drives the monitoring investment. |
| Active content site (2+ posts/day) | 2 hours | 1-4 hours | Every 4-6 hours | Publishing velocity defines RPO. Losing 8 hours of posts is more damaging than 8 hours of downtime for a content business. |
| WooCommerce store (under 50 orders/day) | 2 hours | 1 hour | Hourly | Each order is revenue data. A 4-hour RPO means 4 hours of lost order records that cannot be reconstructed from memory. |
| WooCommerce store (50+ orders/day) | 30 minutes | 15 minutes | Real-time or continuous | At 50+ orders/day, each hour of downtime is measurable lost revenue. Real-time backup is justified by the order velocity alone. |
| Membership or SaaS | 1 hour | 15-30 minutes | Continuous replication | User-generated content, access control state, and subscription data all change continuously. Point-in-time restore from managed hosting is minimum viable. |
My site type: ____________________
My RTO target: __________________ hours
My RPO target: __________________ hours
My current backup frequency: __________________ hours
Gap between RPO target and current backup frequency: __________________
The gap line is the most important thing in this exercise. Most site owners who complete it discover they have set an RPO they do not operationally support. Fixing the gap is the first action item from this guide. The backup architecture section covers exactly how to close it.
Risk Inventory: What Can Actually Go Wrong on a WordPress Site?
Before building recovery procedures, map the actual threats. Most WordPress DR guides tell you to make backups and install a security plugin. Neither is wrong, but neither is a risk assessment. Risk assessment forces you to ask: which failure scenarios are most likely on your specific site, and which would be most damaging if they happened?
Risk score is likelihood multiplied by impact, both on a scale of 1 to 5. A score of 15 (hack risk for a site with no WAF and an exposed login page) demands investment before a score of 4 (SSL expiry, which auto-renews on every modern host and barely warrants attention). Most site owners invert this priority because visible warnings feel urgent and silent threats feel abstract until they materialize.
| Risk | Likelihood (1-5) | Impact (1-5) | Score | Mitigation | Your Coverage |
|---|---|---|---|---|---|
| Plugin update breaks site | 4 | 2 | 8 | Staging site for test updates before production | Medium — most sites do not have staging |
| Hack or malware infection | 3 | 5 | 15 | Security plugin, WAF, clean backup ready | Low — many sites have neither |
| Database corruption | 2 | 5 | 10 | Daily database backup to offsite storage | Medium — most have host backup but not offsite |
| Hosting account suspended | 2 | 4 | 8 | Offsite backup independent of host account | Very low — host backup inaccessible when account suspended |
| Accidental content deletion | 4 | 3 | 12 | Trash retention plus backup restore procedure | Medium — trash helps for posts, not database rows |
| Failed migration | 3 | 4 | 12 | Pre-migration full backup, tested restore on staging | Low — most skip the test restore |
| Host going out of business | 1 | 5 | 5 | Offsite backup you control, independent of host | Medium — backups on host storage are also gone |
| SSL certificate expiry | 2 | 2 | 4 | Auto-renewal enabled, monitoring alert at 30 days | High — auto-renewal handles this |
The Three Risk Tiers for WordPress Hosting
- Plugin or theme update breaks the site
- Accidental content or media deletion
- Botched manual code edit in the wrong file
- PHP version upgrade breaks plugin compatibility
- SSL certificate expiry (on auto-renewal failure)
- WordPress hack or malware infection
- Hosting account suspended (malware, payment, ToS)
- Database corruption from failed update or query
- Failed migration wiping production data
- Accidental database DROP by an authorized user
- Host going out of business (2Scale, various others)
- Natural disaster affecting the host data center
- Ransomware encrypting server-side files
- Compromised admin credentials wiping the entire site
Fill in your personal risk inventory below. Score each risk for your specific site based on what you know about your current setup. The scores tell you where to invest next.
Risk Inventory Worksheet — Fill In for Your Site
RISK INVENTORY — [Your Site Name]
Date completed: ____________
Score = Likelihood (1-5) × Impact (1-5)
Risk Likelihood Impact Score Mitigation in place?
────────────────────────────────────────────────────────────────────────────────────
Plugin update breaks site ____ ____ ____ Staging site: Y / N
Hacking or malware ____ ____ ____ Security plugin: Y / N
Database corruption ____ ____ ____ Daily backup: Y / N
Host account suspended ____ ____ ____ Offsite backup: Y / N
Accidental content deletion ____ ____ ____ Trash + backup: Y / N
Failed migration ____ ____ ____ Pre-migration backup: Y / N
Host going out of business ____ ____ ____ Independent offsite: Y / N
SSL expiry ____ ____ ____ Auto-renewal: Y / N
Top 3 risks by score:
1. _________________ (Score: ___)
2. _________________ (Score: ___)
3. _________________ (Score: ___)
Next investment goes to risk #1 above.The completed worksheet tells you where your next dollar and hour of effort go. A risk score of 15 for hacking on a site with no WAF is a clear instruction: before anything else, add a WordPress security layer that reduces the likelihood score. A score of 4 for SSL expiry with auto-renewal already on is confirmation you have that risk handled.
Backup Architecture That Actually Matches Your RTO and RPO
Most WordPress site owners have a backup. Very few have a backup architecture. The difference is whether the backup survives the specific failure scenario you are trying to recover from.
The 3-2-1 Rule in WordPress Terms
Your live site counts as one. The other two must be active, current, and separately accessible.
Your host's server and one remote storage location. Not two folders on the same server.
Geographically separate and accessible even if your hosting account is suspended or the host disappears. This is the copy almost nobody has until they need it.
Copy 1 is always your live site. Copy 2 is your host's automated backup (cPanel backup, Cloudways daily backup). Copy 3 is UpdraftPlus sending files and database to a storage account you own — Google Drive under your personal account, Amazon S3, or Cloudflare R2. The critical word in that last sentence is you own. Not a shared team drive, not the same account credentials as your hosting. A storage account whose access credentials are stored in your password manager independently of everything else.
UpdraftPlus Configuration for 3-2-1 Compliance
Backup Schedule:
Files: Every 4 hours (or daily for low-traffic content sites)
Database: Every 1 hour (database changes more frequently than files)
Remote Storage:
Primary: Google Drive — your personal account, not a shared team drive
Secondary: Amazon S3 or Cloudflare R2 — add as second remote destination
(UpdraftPlus Premium supports multiple destinations)
Retention:
Keep last: 14 daily backups
4 weekly backups
Manual backup:
Always before any major plugin update, core update, or migration
Run it, wait for completion, verify the files appear in Google Drive| What to Back Up | Frequency | Why |
|---|---|---|
| WordPress files (/wp-content/) | Daily or every 4-6 hours | Themes, plugins, uploads, custom code. Changes with each plugin update or media upload. |
| WordPress database | Hourly for stores, daily for blogs | Posts, options, users, WooCommerce orders. This is the highest-value data — it changes on every content action. |
| wp-config.php | On every change | Database credentials and authentication keys. Back up manually before and after any credential rotation. |
| .htaccess | On every change | Redirect rules, security headers, PHP settings. One incorrect line can take the site offline silently. |
| Custom themes and child themes | On every code change | Active development files. Should also be in version control (Git) if you are editing code directly. |
| Email / MX configuration | Not file-based | Export DNS record values and store in escalation contacts sheet. Not a backup file — a documented record. |
WooCommerce Order Data Requires Special Handling
Standard WordPress backup treats the database as a single unit. WooCommerce order data is inside that database, but it has a different urgency than post content. A missed hourly database backup at 2pm on a Tuesday means that day's orders exist in the live database but not in the backup. If the site goes down at 2:30pm, those 30 minutes of orders are in neither the backup nor a recoverable state.
For WooCommerce stores above 20 orders per day, hourly database backup is the minimum. Above 100 orders per day, the correct solution is a managed hosting platform with continuous or near-continuous database replication, not file-based backups at any interval. Cloudways and ScalaHosting's managed VPS plans both support automated snapshots at intervals that can be configured to match your RPO target. At 100+ orders per day, the cost difference between hourly backups and managed snapshot hosting is dwarfed by the potential order loss from a 4-hour RPO gap. The backup and restore guide covers the UpdraftPlus configuration for WooCommerce in detail, including how to exclude large upload directories to keep backup file sizes manageable.
Runbook A: Site Down and Hosting Outage
A runbook is the document you write when you are calm so you can follow it when you are not. This is the most important thing this guide gives you. Most disaster recovery articles explain theory. This one hands you the document you would use at 3am when everything is offline.
Print the runbooks from this section or save them to a notes app you can access without internet. Fill in the blank fields for your specific setup. The filled-in version is your actual DR plan. The blank template is just context.
Site Down / Hosting Outage
Runbook B: Site Hacked or Malware Infection
A hack is the disaster scenario where speed and sequence both matter. Moving in the wrong order — trying to clean before containing, or restoring before confirming the backup is clean — can leave the attack vector open, reinfect the restored site within hours, or destroy forensic evidence you need to understand what was compromised.
Hack / Malware Infection
Runbook C: Database Corruption and Accidental Deletion
Database issues have a unique risk that site outage and hack scenarios do not: the temptation to immediately overwrite the broken state with a restore. That temptation is usually correct — but doing it before taking a snapshot of the broken state destroys your ability to do a partial recovery if the full restore is unavailable or too old.
Database Corruption / Accidental Deletion
Step-by-Step Restore Procedures
Three restore paths cover 95% of WordPress recovery scenarios. Which one you use depends on whether WP Admin is accessible, whether you are restoring to the same server or a new one, and whether you need a full or partial restore.
Restore via UpdraftPlus (WP Admin Accessible)
This is the fastest path when WordPress is running but content or database is damaged. Use it for Tier 1 and most Tier 2 scenarios.
- WP Admin → Settings → UpdraftPlus → Existing Backups tab
- Identify the backup to restore — check timestamps against your last known clean state
- Click Restore → select components to restore (Database, Plugins, Themes, Uploads)
- For database-only issues, select Database only to preserve current files
- Follow the on-screen wizard — UpdraftPlus walks through each step
- After restore completes: clear all caches (Cloudflare, plugin cache, server cache)
- Test the site: load front page, log into admin, test any WooCommerce functions
- Verify database is clean: WP Admin → Tools → Site Health → Database
Manual Restore via FTP and phpMyAdmin (WP Admin Inaccessible)
Use when WP Admin is unreachable due to a 500 error, database failure, or hacked login system. Requires FTP access and phpMyAdmin.
- Download backup files from your remote storage (Google Drive, S3, Dropbox)
- Extract the UpdraftPlus backup archive — you will see separate zip files for plugins, themes, uploads, and a .sql file for the database
- Restore files via FTP:
- Connect via FTP or SFTP (credentials in your escalation contacts sheet)
- Navigate to
/public_html/wp-content/ - Upload the unzipped backup contents, overwriting current files
- Restore database via phpMyAdmin:
- cPanel → Databases → phpMyAdmin
- Select your WordPress database from the left sidebar
- Click Import → Choose File → select the .sql backup file → Go
- Wait for completion — large databases may take 5-15 minutes
- Verify
wp-config.phpdatabase credentials match your restored database (DB_NAME, DB_USER, DB_PASSWORD) - Clear server-side cache if applicable, then test the site
Emergency Restore on a New Host
Use when your host is inaccessible, suspended, or going out of business. This path assumes you have a working offsite backup and are starting from a blank hosting account.
- Set up a new hosting account — ScalaHosting or Cloudways for fastest managed setup
- Create a new database and database user in cPanel or the new host's control panel. Note the credentials.
- Import the database: new cPanel → phpMyAdmin → Import → upload your .sql backup file
- Upload WordPress files via FTP or File Manager — upload the wp-content backup to
/public_html/ - Edit
wp-config.phpto update DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST to match the new database credentials - If your domain is changing or DNS has not propagated yet: test via hosts file (add the new server IP to your local hosts file pointing to your domain)
- Confirm the site loads correctly on the new server before changing DNS
- Lower your DNS TTL to 300 seconds, then update A records to the new host IP
- Wait 5-15 minutes for propagation at TTL 300, then verify from a phone on mobile data
siteurl and home in the database wp_options table via phpMyAdmin before the site will load correctly.DR Plan Builder: Generate Your Personalized Recovery Document
The runbooks above have blank fields for a reason — your FTP credentials, backup location, host support URL, and recovery time target are all specific to your setup. This builder takes your answers and generates a completed summary you can copy and save.
DR Plan Configuration Builder
Fill in the fields for your site. The builder generates your personalized DR summary at the end.
Site Information
Recovery Targets
Infrastructure Details
Backup Configuration
Emergency Contacts
Testing Your DR Plan (The Step Most People Skip)
A recovery plan that has never been tested is a wish, not a plan. This is the section most site owners bookmark and never return to. The quarterly drill takes about 90 minutes and is the single most valuable thing you can do for your site's resilience after building the plan itself.
Three Levels of DR Testing
Backup Verification
10 minutes- Log into your remote storage (Google Drive, S3) and confirm the latest backup file exists and is dated within your backup frequency window
- Download the most recent database backup .sql file and open it in a text editor — verify it contains your site's table names (wp_posts, wp_options, etc.)
- Check UpdraftPlus → Existing Backups and confirm no backup errors in the last 30 days
- Verify that remote storage credentials have not been rotated without updating UpdraftPlus settings
Full Restore Drill on Staging
60-90 minutes- Create a staging environment: Cloudways (clone application) or cPanel (create subdomain)
- Restore your most recent backup to the staging environment — not to production
- Start your timer when you begin the restore
- Verify: does the staging site load? Are all posts/pages present? Does WooCommerce work (if applicable)?
- Stop your timer when the staging site is confirmed working. Compare against your RTO target.
- Document any problems encountered and update the relevant runbook with what you found
Full Scenario Test
3-4 hours- Simulate a worst-case scenario: restore to a completely fresh hosting account, as if your current host is inaccessible
- Work through the new host emergency restore procedure end-to-end
- Test DNS failover: update DNS to point to the temporary new server and verify propagation
- Verify all escalation contacts are still reachable and contact information is current
- Update RTO and RPO targets if your business requirements have changed
What Usually Breaks in DR Tests
After running quarterly restore drills across multiple WordPress sites since early 2025, these are the failure modes that appear most often:
Backup file size exceeds server import limits.
The default phpMyAdmin import limit is 8 MB. A WordPress database with WooCommerce and months of order history can be 50-200 MB. The restore fails silently or with a timeout error. Fix: import via WP-CLI (wp db import backup.sql) or increase upload_max_filesize and max_execution_time in php.ini before the import.
Remote storage credentials expired or were rotated.
UpdraftPlus was writing to Google Drive successfully. Three months ago, a Google security prompt required re-authorization of the app. Nobody re-authorized it. The backup has been failing silently for three months. The most recent available backup is from that rotation event, not yesterday. Fix: check UpdraftPlus logs monthly and set up an email notification for backup failures.
wp-config.php credentials do not match the restored database.
The backup restored correctly, but the database name or username differs from the wp-config.php on the new server. The site returns a database connection error. Fix: compare DB_NAME, DB_USER, DB_PASSWORD, and DB_HOST in wp-config.php against the actual credentials of the restored database in phpMyAdmin.
Plugin licenses tied to the original domain do not activate on staging.
After restore, premium plugins requiring domain-specific license activation (WP Rocket, Gravity Forms, WooCommerce extensions) show deactivated or license-expired notices. This does not prevent the restore from working, but it does generate alarming error messages that make the staging test look broken when it is fine. Fix: document that license re-activation on staging is expected and not a restore failure.
Escalation Contacts Sheet
This is the other document you want written before the emergency. The escalation contacts sheet answers the question "who do I call and where do I find the credentials" at 3am when you cannot think clearly and the normal admin path is broken.
Escalation Contacts — [Your Site Name]
Last updated: ____________Hosting
Domain Registrar
DNS Provider
Backup Storage
Developer / Support
Payment Processor (WooCommerce)
Disaster Recovery Myths That Get Sites into Trouble
These myths are widespread because they contain enough truth to sound correct until something goes wrong. Each one causes a specific failure mode in real recovery situations.
Myth: My host backs up my site automatically, so I am covered.
Partially true — dangerously incomplete.
Host-provided backups satisfy Copy 2 in the 3-2-1 rule. They fail Copy 3 (offsite, independently accessible) and they fail the test of what happens when the host account itself is the problem. Hosting account suspensions, host business failures, and compromised control panel credentials all make the host's backup inaccessible at exactly the moment you need it. UpdraftPlus sending backups to your personal Google Drive costs nothing and provides the third copy that survives any host-level failure scenario.
Myth: Managed WordPress hosting eliminates the need for a DR plan.
False. It reduces the blast radius but does not eliminate it.
Managed hosting platforms like Cloudways handle automated backups, malware scanning, and server infrastructure. What they do not handle: accidental database drops by authorized developers, migration errors that overwrite production content, or the scenario where your managed hosting account credentials are compromised. The DR plan for a managed host is simpler — but it still needs to answer "where is the backup, what are the restore steps, and who do I call" with filled-in answers for your specific account.
Myth: RAID storage means my data is safe.
False. RAID protects against exactly one failure mode.
RAID protects against a physical drive dying. It mirrors data in real time, which means if you delete a file, the deletion replicates instantly to all mirrors. If ransomware encrypts your files, the encryption replicates. If a database update corrupts a table, the corruption is preserved on every mirrored drive simultaneously. Hosts that market RAID as a data protection feature are describing hardware redundancy, not data recovery. The server hardware guide has a full section on why RAID and backup are not the same thing and what RAID actually protects against.
Myth: My site is too small to be hacked, so I do not need a hack runbook.
False. WordPress bots do not target sites by size.
WordPress hack attempts are automated. Bots scan millions of domains looking for known vulnerabilities — outdated plugin versions, exposed login pages, default admin usernames — and they do not filter by traffic or site size. A personal blog on shared hosting with an unpatched Elementor version from 2022 is just as targetable as a major WooCommerce store. The probability score on your risk inventory may be lower for a small site with less traffic, but it is not zero, and the impact score when it happens is just as high as for any other site.
Myth: A backup from two days ago is fine because not much changes on my site.
True for files. Often false for the database.
WordPress files (themes, plugins) do not change often. Your database changes on every page view that records data: every order, every comment, every form submission, every plugin option change, every user login. WooCommerce order metadata, Gravity Forms entries, and WP User Avatar data are all in the database, not in the files. A "two-day-old backup" for a WooCommerce site means two days of orders do not exist in the restored state. Separate your backup frequency thinking for files versus database — files can be weekly, database should match your RPO.
Where to Go Next
This guide builds the plan. The supporting pages build the components the plan depends on. If your risk inventory scored hacking as your top threat, the WordPress hacked recovery guide walks through the full post-attack cleanup sequence that Runbook B references. If your plan revealed a gap in backup frequency, the backup and restore guide covers UpdraftPlus configuration in depth including WooCommerce-specific settings. If DNS-related failures came up in your risk inventory, the DNS records guide covers the TTL strategy and migration procedures that prevent a hosting move from turning into an unplanned outage. For the server infrastructure decisions your RTO target requires, the uptime and downtime guide covers what monitoring, redundancy, and failover actually look like at each hosting tier.
Disaster Recovery FAQ
What is the difference between RTO and RPO in WordPress hosting?
RTO (Recovery Time Objective) is the maximum acceptable time your site can be offline after a disaster. RPO (Recovery Point Objective) is the maximum acceptable amount of data you can lose, measured in time. RTO drives your infrastructure decisions — what monitoring, automation, and procedures you need to recover within that window. RPO drives your backup frequency. A WooCommerce store with an RPO of 1 hour must run hourly database backups. Running daily backups while claiming an RPO of 1 hour is not a plan — it is a gap. The two numbers are not aspirations. They are commitments with specific hardware and process requirements attached to them.
How often should I back up my WordPress database?
It depends on your RPO target, which depends on how fast your data changes. A personal blog that publishes twice a week loses almost nothing from a daily backup. A WooCommerce store processing 30 orders per day loses hours of order data from a daily backup. The practical rule: back up your database at least as frequently as your RPO. If losing 4 hours of data is unacceptable, run 4-hour database backups. For WooCommerce sites, hourly database backups are the minimum viable frequency. UpdraftPlus allows separate schedules for files and database — set database to hourly and files to every 4-6 hours, because files change far less frequently than your database does.
Is a backup on my hosting account enough?
No. A backup stored only on your hosting account fails the 3-2-1 rule and fails the test that matters most: what happens when the hosting account itself is the problem? Hosting account suspensions — from malware detection, payment failure, or ToS violations — lock you out of the account and all files stored on it simultaneously. The host's backup system is also stored on or accessible through that same account. Your offsite backup to Google Drive, Amazon S3, or Cloudflare R2 is the only backup that remains accessible when the hosting account is inaccessible. This is the copy most site owners do not have until they need it.
What is UpdraftPlus and is the free version enough?
UpdraftPlus is the most widely used WordPress backup plugin. The free version supports scheduled backups and remote storage to Google Drive, Dropbox, Amazon S3, and other destinations. For most sites, the free version handles the 3-2-1 compliance requirement: scheduled database backup to Google Drive plus files backup to a second destination. The paid version adds value in specific scenarios: WooCommerce-aware backups with order data separation, incremental backups for large sites where full backups are slow, backup encryption, and multisite support. If your site is under 10 GB total and you are running a standard WordPress installation without WooCommerce, the free version of UpdraftPlus configured correctly covers your backup requirements.
How do I restore WordPress if the admin area is not accessible?
If WP Admin is inaccessible, you need two access paths to restore: FTP or cPanel File Manager to restore files, and phpMyAdmin to restore the database. Download your backup files from wherever they are stored (Google Drive, S3, wherever UpdraftPlus sends them). Connect via FTP and overwrite the wp-content directory with the backup version. In cPanel, open phpMyAdmin, select your database, click Import, and upload the .sql backup file. After both are complete, verify that wp-config.php database credentials match the database name and user you just restored into. Clear any server-side cache. The site should load. If it does not, check wp-config.php line by line for credential mismatches — this is the single most common cause of restore failure on a new or reconfigured environment.
What is a runbook and why do I need one?
A runbook is a written, step-by-step procedure document for a specific failure scenario. You write it when you have time and clarity. You follow it when you have neither. Without a runbook, disaster response is improvised — you are making decisions about what to try, where things are stored, and who to contact while under time pressure and often sleep-deprived. With a runbook, those decisions are already made. You just follow steps. The difference in recovery time is significant: sites with runbooks recover in 30-90 minutes from most scenarios. Sites without runbooks spend the first two hours trying to figure out what the backup password is, where the host support link is, and what FTP credentials are for a server that was set up two years ago by someone who is no longer available.
How do I test my disaster recovery plan without taking my site down?
The correct test environment is a staging site, not production. Clone your live site to a staging subdomain using your host's cloning feature (Cloudways: clone application; cPanel: use Softaculous or manually copy files and database to a new subdomain). Restore your backup to the staging environment and verify the result. Check that all posts are present, WooCommerce functions if applicable, and the site loads correctly. Time yourself from when you begin to when the staging site is confirmed working. If that time exceeds your RTO, your recovery procedure needs to be faster or your RTO needs to be adjusted upward. This test should be run quarterly. The most common finding: backup files are larger than expected, and the restore takes 40 minutes longer than the RTO allows.
Does managed WordPress hosting eliminate the need for a DR plan?
Managed hosting (Cloudways, Kinsta, WP Engine) reduces the blast radius of most Tier 1 and Tier 2 risks. Automatic backups with point-in-time restore, managed security, automatic plugin updates with staging, and 24/7 infrastructure monitoring address hardware failures, server outages, and basic malware scenarios without your involvement. What managed hosting does not eliminate: accidental content deletion, a migration that corrupts your production database, a developer mistake that overwrites live files, or the scenario where your managed hosting account itself is compromised. A DR plan for a managed host is simpler than for shared hosting, but it still needs to answer the questions: where is the backup, how do I access it if the dashboard is inaccessible, who do I call, and what are the steps to restore.