The 3-2-1 Backup Rule: How to Never Lose Server Data
The 3-2-1 backup rule is the gold standard for server backup strategy. We cover the rule, automation, and KavesNET's backup infrastructure.
Servers crash. Disks fail. A wrong command gets typed. Ransomware lands. None of these is zero-probability — the question is when. The right question about your server isn’t “should I take backups?” but “with what strategy?” This post covers the 3-2-1 backup rule — the corporate-world gold standard — and how to apply it.
What is 3-2-1?
The 3-2-1 rule is a backup strategy endorsed by US-CERT and used as the foundational reference by millions of organisations worldwide. The three numbers stand for:
- 3: Keep 3 copies total — original + 2 backups
- 2: On 2 different media types (e.g., SSD + HDD, or disk + cloud object storage)
- 1: Keep at least 1 copy off-site (different physical location)
The logic is simple: data centralised in one place is wiped out by a single failure. 3-2-1 builds resilience against every loss scenario.
Why is it this critical?
| Threat | Without 3-2-1 | With 3-2-1 |
|---|---|---|
| Disk failure | All data gone | Restore from another copy |
| Ransomware | Encrypted, you pay | Restore from off-site backup |
| Human error (wrong DROP TABLE) | Data wiped | Restore from earlier snapshot |
| Data centre fire | Everything’s over | Restore from off-site location |
| Hosting bankruptcy | Service cut | Local copy still intact |
According to a 2024 IBM report, the average data breach cost is $4.88M. Most businesses don’t survive — 60% of companies that lose data without backups close within 6 months.
How do you apply 3-2-1 in practice?
Scenario: a WordPress + MySQL e-commerce site
Copy 1 — live server (the original)
- WordPress files + MySQL DB on the server’s NVMe SSD
- This is not a backup — it’s the working copy
Copy 2 — same server, separate disk / RAID
- Disk-level mirror with RAID 1 or RAID 10
- Instant failover on disk failure
- Nightly automatic snapshot
Copy 3 — off-site (different location, different medium)
- Cloud object storage (Backblaze B2, AWS S3, Wasabi)
- Or a backup server in another data centre
- Encrypted transfer (rsync over SSH, restic, or borgbackup)
- Weekly full + daily incremental
Backup automation — a simple cron example
A minimal backup script for WordPress + MySQL:
#!/bin/bash
DATE=$(date +%Y-%m-%d)
BACKUP_DIR="/backup"
DB_NAME="wordpress"
DB_USER="root"
SITE_DIR="/var/www/html"
REMOTE="user@backup-server:/backups/wp/"
# 1. DB dump
mysqldump -u $DB_USER --single-transaction $DB_NAME | gzip > $BACKUP_DIR/db-$DATE.sql.gz
# 2. File backup (incremental tar)
tar --listed-incremental=$BACKUP_DIR/snapshot.snar -czf $BACKUP_DIR/files-$DATE.tar.gz $SITE_DIR
# 3. Off-site sync (encrypted rsync)
rsync -az --delete $BACKUP_DIR/ $REMOTE
# 4. Delete backups older than 30 days
find $BACKUP_DIR -name "*.gz" -mtime +30 -deleteRun it nightly at 03:00 via /etc/cron.d/backup:
0 3 * * * root /usr/local/bin/backup.sh >> /var/log/backup.log 2>&1Production tools
In production environments, enterprise tools beat ad-hoc scripts:
- Veeam Backup — industry standard, what KavesNET uses
- restic — open source, deduplication + encryption built-in
- BorgBackup — incremental, encrypted, deduplicated
- Duplicati — user-friendly, GUI
The most critical step: restore testing
A backup you can’t restore is worth zero. This is the most-skipped step in 3-2-1.
- Restore the backup to a test environment monthly
- Measure restore time (RTO — Recovery Time Objective)
- Verify data integrity
An untested backup is a myth. The number of people in production saying “we had backups” but “couldn’t restore” is no smaller than those with no backups at all.
KavesNET’s backup infrastructure
KavesNET servers include as standard, free:
- RAID10 — instant disk-level protection
- Daily automatic backups via Veeam to external backup servers
- 7-day retention
- One-click restore via support ticket
- Backup servers on a separate network with redundant 10 Gbps links
This handles points 2 and 3 of 3-2-1 out of the box. For S3-compatible off-site cloud backups, get in touch.
Common backup mistakes
- Backups on the same disk — disk dies, backups die with it
- Manual-only backups — gets forgotten; the latest one is 6 months old
- Unencrypted transfer — backup server hacked = all data exposed
- Skipping restore tests — fails on the day that matters
- Excessive retention — wasted storage; rotate 7-30-90 days
- Backing up only the database — uploads/, .htaccess, config files forgotten
Conclusion
3-2-1 backup isn’t a technical preference — it’s a business continuity necessity. The companies that lose data and shut down aren’t the ones who heard about the rule, but the ones who didn’t apply it.
Audit today:
- How many copies do you have? (Should be 3)
- On how many different media? (Should be 2)
- Do you have an off-site copy? (Should be 1)
- When did you last restore-test? (Shouldn’t exceed 1 month)
KavesNET servers already cover two legs of 3-2-1 with RAID10 + daily Veeam backup + external backup servers. Browse server plans → or contact us for off-site backup architecture.
Related: VDS vs VPS Difference · WordPress Hosting Guide
Related Posts
You might also like these.
How to Migrate a Site from Plesk to Plesk: Migrator Tool Guide
Move sites, mail, DB, and DNS in one shot with Plesk Migrator. Step-by-step setup, test migration, and cutover.
Read More
FileZilla: VDS-to-VDS File Migration Guide
Move your site from old to new VDS: FileZilla over FTP/SFTP, speed tips, permissions, and error handling.
Read More
How to Choose the Best WordPress Hosting in 2025
Want a fast, secure, scalable WordPress site? Choosing the right hosting is critical. Here are the technical criteria and how to evaluate them.
Read More