Why I Stopped Treating Hosting Dashboards as a Backup Strategy

Why I Stopped Treating Hosting Dashboards as a Backup Strategy
Claudio Xerez Claudio Xerez
Cybersecurity

Why I Stopped Treating Hosting Dashboards as a Backup Strategy

For a long time, I used Contabo VPS servers the way most people do.

Before a risky update, a migration, or any experiment that could go wrong, I logged into the dashboard and created a snapshot. It felt responsible. It felt like the right thing to do.

It also depended entirely on me remembering to do it.

That worked for years. Until I started looking at it from a security perspective.

Manual snapshots are not a strategy. They are a habit. And habits fail under stress, urgency, or routine.

When the question changed

At some point, I stopped asking myself how to make snapshots easier.

I started asking something else:

What happens if I forget?
What happens if I’m not available?
What happens when something breaks fast?

Backups and snapshots are not about convenience. They are about recovery when everything else has already failed.

If they depend on memory or discipline, they are already fragile.

Why I didn’t use scripts or the CLI

The obvious solution would have been a shell script or a cron job running on the VPS itself.

I chose not to do that.

Instead, I built a small WordPress plugin that talks to the Contabo API and handles snapshot creation.

That decision wasn’t about WordPress being “good” or “bad”. It was about reuse.

WordPress already gave me:

  • an authenticated dashboard

  • access control

  • visibility

  • logging

  • cron execution without exposing the server shell

Adding another script or SSH-based workflow would have increased complexity and attack surface. Reusing an environment I already managed daily reduced both.

Automation changed the problem

The first version of the plugin, created in May 2025, solved a simple operational issue: it removed manual work.

Later, something more interesting happened.

Once snapshots were automated, new questions appeared naturally:

  • Who can trigger this?

  • What if credentials leak?

  • What happens if an endpoint is abused?

  • How do I know what actually ran?

Those questions pushed the project forward.

That’s when logging, token-based execution, credential masking, and snapshot rotation became necessary. Not as features, but as controls.

Automation without limits is just another risk.

What this project represents

This plugin is not a product. It’s not meant to be sold or generalized.

It’s a personal checkpoint.

It marks the moment I stopped thinking only about keeping systems running and started thinking about how they fail. About recovery paths. About removing assumptions instead of trusting routines.

Cybersecurity, at least for me, didn’t start in a course or a framework. It started by revisiting things I already built and asking harder questions.

Closing

I’m documenting this publicly so I don’t lose track of why these decisions mattered.

The technical details live in the project itself.
This post exists to record the thinking behind it.

→ See the project: Contabo Snapshots Automation

-
Related Posts
Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.