Industry standard best practice for passwords for both the web server and Linux machines. Site designers do not have direct access to the underlying Linux server, the raw database or files. All changes are done within sandbox of the system.
All databases are backed up nightly.
All client documents are backed up nightly and consistency check of the raw file checksum is performed.
The backups are kept for a week on site.
The machines themselves are backed up as a whole to an off site secure backup location. A full or partial restore of the machine can be done from the off site recovery centre.
The standard system is Linux will all ports closed except HTTP, HTTPS and SSH.
SSH is configured to block IP addresses after a series of failed log in requests. All SSH requests that are from unknown locations or from foreign countries are blocked by default.
All raw files which are stored separately to the database itself are sent to both the main site and the disaster recovery site when the files are uploaded. Each version of a file is kept and never modified ( new version created ). When a file is uploaded a file checksum of the raw file is performed and stored in the database, the file is then encrypted and the key is stored in the database. The compressed/encrypted resulting file is sent to the redundant file servers for permanent storage.
The hosting provider has a 2 hour hardware replacement,