It's good to keep backups of website's HTML and other assets. A common way to do backups, if you're not using some sort of version control system like Git, is to make a zip of the entire document tree. Usually it'll just get called "website.zip" or maybe "website-20180810.zip" or whatever the current date is.

It's a fine way to take a snapshot, but don't leave it on your web server in your website's document tree. The document tree is that folder where you upload the files, like /sites/mysite . If you make a zip or tarball or similar and leave it as /sites/mysite/mysite.zip , you're asking for it to be stolen by bad guys. Maybe you've got PHP files in there that have secrets in them, like connection passwords to your database. Maybe you've got original work files like the .psd files that you created your .jpg files from. If you don't want it seen, don't put it in your document tree.

"No way, nobody knows it's there", you may think. You don't link to the backup file anywhere, and there's no directory listing on the server. This idea is called "security through obscurity", and it's not security at all. It turns out that the bad guys don't have to know a file is there. They just have to make a lucky guess.