Most agencies don’t have a disaster recovery plan. They have backups — which isn’t the same thing. A backup is a copy of your data. A disaster recovery plan is a documented, tested process for getting a client’s site back online when something goes wrong.
The difference matters when you’re on the phone with a panicked client at 7pm on a Friday.
Two Numbers Every Agency Should Know
Before you can plan for disasters, you need to define two metrics for each client site:
RPO (Recovery Point Objective) — how much data can you afford to lose? If your last backup was 24 hours ago and the site is compromised, you lose 24 hours of orders, form submissions, and content. For a WooCommerce store, that might be unacceptable. For a brochure site, it might be fine.
RTO (Recovery Time Objective) — how long can the site be down before it causes serious damage? A law firm’s website going down for 4 hours overnight is very different from an e-commerce store going down for 4 hours on Black Friday.
Document these for each client and use them to inform your backup frequency and hosting decisions.
Backup Strategy for Agency Client Sites
A proper backup strategy for agency clients has three components:
Frequency should match your RPO. Daily backups are the minimum. For revenue-critical WooCommerce stores, hourly or real-time backups are appropriate. WP Pro Host provides daily backups on all plans, with real-time backup capability on Scale and Elite plans.
Retention determines how far back you can recover. Seven-day retention means you can recover from anything discovered within a week. Thirty-day retention protects against slow-burning issues like gradual database corruption or malware that’s been dormant. Match retention to the risk profile of the client.
Off-server storage is non-negotiable. Backups stored on the same server as the site they’re backing up provide no protection against server-level failures, ransomware, or data centre incidents. Your backups need to live somewhere physically separate from your production infrastructure.
What to Do When Things Go Wrong
Having a plan means knowing the exact sequence of steps before you need them. For most agency disaster scenarios:
Contain first — if the site is compromised, take it offline or put it into maintenance mode before investigating. A live compromised site is actively causing damage.
Assess scope — what’s affected? Is it one site or the whole server? Is it a hack, a bad update, or infrastructure failure? The recovery path differs for each.
Communicate early — clients react badly to surprises but reasonably to proactive communication. A message saying “we’ve identified an issue and are working to resolve it, estimated resolution by X” is infinitely better than silence.
Recover from backup or roll back the change — document exactly which backup you restored from and when, for your own records and for any post-incident review.
Verify before going live — test the restored site in staging before putting it back in front of real visitors. A botched recovery that takes the site down again damages trust more than the original incident.
How WP Pro Host Supports Agency Disaster Recovery
WP Pro Host’s infrastructure is designed with agency disaster recovery in mind. Automated daily backups with off-server storage, staging environments for safe recovery testing, and container isolation that prevents one site’s incident from affecting others.
Our agency partner programme gives you the tools to manage recovery across multiple client sites from a single interface.
Frequently Asked Questions
What is the difference between a backup and a disaster recovery plan?
A backup is a copy of data. A disaster recovery plan is a documented, tested process for restoring service after an incident. The distinction matters because backups are necessary but not sufficient — an agency with off-site backups but no tested recovery procedure will still take hours or days to restore a client site under pressure. A disaster recovery plan specifies: who does what, in what order, using which tools, with what verification steps, and how clients are communicated with throughout. The plan is only real if it has been rehearsed under realistic conditions.
What are RTO and RPO and why do agencies need to know them?
RTO (Recovery Time Objective) is the maximum acceptable time to restore service after an incident — how long the client’s site can be down before it becomes a serious business problem. RPO (Recovery Point Objective) is the maximum acceptable data loss — how many hours of orders, content, and customer activity can be lost. Every client has different RTO and RPO requirements: a WooCommerce store processing hundreds of daily orders has a very low RPO (hourly backups required); a brochure site has a higher RPO (daily backups sufficient). Knowing these numbers drives backup frequency and recovery infrastructure decisions.
How should agencies prioritise client sites for disaster recovery planning?
Prioritise by business impact: highest priority for WooCommerce stores processing live transactions (any downtime is directly measurable revenue loss), professional services sites where enquiry forms are the primary lead source, sites in regulated sectors (healthcare, legal, financial) with compliance obligations, and clients with high seasonal traffic where downtime during peak periods is disproportionately costly. Lower priority for brochure sites with minimal traffic where 24-48 hours of downtime is commercially tolerable. Document the priority tier for each client and ensure backup frequency and recovery procedures match the tier.
How long should a WordPress agency disaster recovery take?
Target recovery times by site tier: Tier 1 (ecommerce, high-value leads) — under 2 hours from incident detection to site restored and verified; Tier 2 (active business sites) — under 4 hours; Tier 3 (lower-traffic sites) — under 24 hours. These targets assume clean backups are available, recovery procedures are documented, and the person executing recovery has practised the process. Untested recovery on a site with undocumented dependencies will always take longer. Run annual recovery drills on at least one Tier 1 client site (on staging) to verify procedures work and estimates are realistic.
What should agencies document for each client site for disaster recovery?
Per-client disaster recovery documentation should include: hosting provider credentials and control panel access, DNS registrar credentials and current DNS records (screenshot), SSL certificate type and renewal method, custom server configuration (any non-standard PHP settings, cron jobs, email routing), database name and credentials, all third-party service credentials (payment gateway, CRM integrations, email service provider), last known clean backup date and location, and key contacts (client technical contact, domain registrar support, hosting provider support). This documentation should be stored securely outside the hosting environment itself — a compromised or unavailable server should not make recovery documentation inaccessible.
For the broader agency hosting context, see our guide on managing 50+ client sites.