The best practices for offline backup of the WP-based website's content is to backup the WP-based website's content on thumb drives, external hard drives and even your own hard drive on your computer.
Backing up the WP-based website's content and files and database online such as through cloud storage, storage VPS servers and even using Jetpack Backup to automatically send backup files to remote storage like Amazon S3, Google Drive, DropBox etc are good ways of keeping your website files backed up and safe.
Don't rely just on your host backups as those can also fail, but still are a good idea to have them.
It is also safe to backup website files including your WordPress files and database on Cloud Storage.
Backing up website files and the database to your website on Cloud storage services is recommended and very convenient as well.
When you backup your website files and database to a cloud storage service, it protects those website files against theft, fires server failures, hacking etc.
To provide maximum protection for your website files and database on Cloud Storage, it's recommended that you use end to end encryption for the files like by using Cryptomator before uploading the files and database to cloud storage to ensure that only you can read the data.
However while backing up your website files and database on Cloud Storage is recommended, you should not rely just on the Cloud Storage backup for your website files and database.
You should also use specialized tools that take periodic snapshots and protect against accidental data deletion or ransomware and keep backups of your website files and database on other devices like thumb drives, computer hard drive, external hard drives etc.
Always maintain at least 3 copies of your website data, including your database on 2 different types of storage media, with at least 1 copy of the website data and database offsite like in Cloud Storage.
Use strong and unique passwords and multifactor authentication or MFA to prevent any unauthorized access to your cloud storage account.
There was a major Cpanel hack that occurred in April of 2026 that deleted a lot of files and corrupted databases and many people didn't have backups of their website files and database and are having to start over.
So it's important to keep several backups of your website files and database and if your website is a forum for example that gets updated frequently, you should take nightly backups.
The Cpanel hack also started as early as Feb 23rd, but a patch for Cpanel was not available yet.
Cpanel did however issue a patch and servers should now be protected as long as the Cpanel was updated.
If your website and server were infected, it's best to get a new server if on a VPS or dedicated server as the hackers could've left backdoors as they also rooted into the server.