Magento Monthly Maintenance
Give your magento site the health check it needs every month
Running an online business with a pro-actively managed magento website is better than fixing errors as and when they occur. You need to ensure the website runs the latest version for the e-commerce software version, the underlying operating system, php version, database, etc.,
Better safe than sorry. A hack attempt on any website is inevitable. We do our our best by minimizing the chances of an attack as far as possible. Magento 2 being a powerful an e-commerce system it is, needs top of the line security in place, to ensure the highest chances of running an uninterrupted business.
An un-monitored & unmaintained magento website is susceptible to an attack that doesn’t just bring the website down but can also compromise customer sensitive data that every e-ecommerce website hosts.
What is included…
|Core System Functionality review|
|Magento Version check – weekly|
Check to see if latest version of magento is running. If not, we will discuss with you (our client) the next steps required to upgrade the software.
|Core File Modification Check|
Check if any core files are modified either due to malware or due to bad programming practices. This is a quick to do a health check to see if things are running fine. If any core file is modified, it usually points to some suspicious activity on the website.
|New version upgrade scope assessment|
Adobe (Magento’s parent company) plans to release a new version every quarter. Our scope here is just assessment, to see if an upgrade is required at this stage.
|Security patch installations|
Helps to keep your magento webstie up to date with any patches released by Adobe. The most critical task in our magento maintenance & security package. Any security patches officially released must be applied on production websites as soon as they are released.
|New version upgrade|
This has to be assesed for the basic and advanced security plans. Magento version upgrades within the same release (example: 2.3.xxx) are handled. If a magento version upgrade is outside the release (example: v2.3.x to v2.4) then, upgrades are not covered in our maintenance plans.
|Monthly audit of Extensions|
Includes just auditing and reporting extensions versions. If some of the extensions run outdated code, then the scope to fix those shall be disucssed on a case basis.
|Extension files upgrade to the latest version – quarterly|
The enterprise security plan includes upgrading the extensions to the latest version.
|Database Backup frequency||Monthly||Weekly||Weekly|
|Complete Website backup (last 12 months archive stored)||Monthly||Monthly||Weekly|
|Monthly backup of Raw Server access logs|
This is required for investigation of any malare or bot trying to attack the website. Server logs contain historical website access data from each IP address. In the event of a potential hack, the investigation starts by analyzing server access logs.
|Weekly Regular Maintenance activities|
|Log Files Audit (var/log,var/report,error_log file)|
To check for any suspicious activity or underlying software/extension incompatibilities. There could be issues with modules, php, apache, OS, server, etc., which could either slow down the website or cause other known/unknown vulnerabilities.
|Log files Cleanup|
We would inspect the logs first, audit each entry and then clear the log.
|Log files issues – fixes|
A log entry is generated whenever a software or compatibility error occurs. We would step into each log entry, analyze the error and fix the root cause or discuss the scope if it is part of the bigger task.
|Log Tables cleanup – Database|
Helps to keep the DB lean and run efficiently, thus saving you server costs.
|Cron Check – monthly|
To ensure there are no pending jobs are on cron, and cron is running healthy. Helps to ensure third-party integrations are running fine.
|Number of crons check|
Health check and keep count of additional crons running, which were created by third party extensions. Any new cron entry has to be validated and approved. Cron audit is required to keep a site running healthy and safe.
Cache flush check and health check. Ensure there are no errors created due to inconsistent DB.
Check for errors if any.
|Admin Users audit|
Audit all admin users. Disable inactive / unused users immediately.
|Remove unused extensions, cms blocks and static pages|
Keeps the site lean and run efficiently.
|Check Multi Currencies dynamic conversion|
Auto-fetch multi-currency module check, to ensure current currency conversion rates are being applied.
|Orphan images check and cleanup|
To free up disk space.
|Sitemap xml Check|
Part of SEO. But we will include this in our regular maintenance.
|Manual UI testing (home page, category page, product page, cart page and checkout page)||✔||✔||✔|
|Weekly Regular Security Audit|
A quick way to ensure website is running the latest software and does not have any potential vulnerabilities.
|Detailed audit of admin log for suspicious activity with the admin log extension|
Audit all actions performed by admins, to scan for possible malicious activity and if any core settings have been changed. To check this, we would require an admin log extension to be setup & configured.
|Miscellaneous Scripts & Miscellaneous HTML|
To check for unauthorized code injection from admin backend.
|Spam Customers check|
Check and clean up spam customers.
|Detailed Magento access logs audit for potential hack attempts (debug.log, exception.log, magento.cron.log, setup.cron.log, system.log, update.cron.log, update.log, xtento_productexport.log)||✘||✔||✔|
|Number of Products log|
To ensure server resources are in sync with DB size and there are no inconsistencies in the DB due to orphan records.
|Hide magento version – check|
For added security.
|Third-party feeds house keeping|
Clean up old feeds for google merchant center or any other third party shipping softwares, to ensure the site runs clean and fast.
Magento Software configuration check.
|Complete malware removal|
If the website stil gets infected, we will clean the malware and take necessary steps if you are part of the enterprise plan.
|Automated Website Monitoring & Scans|
|WAF (Web Application Firewall) setup with 24×7 monitoring and filtering traffic||✔||✔||✔|
|DDoS Attack Mitigation||✘||✔||✔|
|Malware Removal & Hack Cleanup||✘||✔||✔|
|Brute Force Protection||✘||✔||✔|
|Environment Maintenance Activities|
|Change all admin password|
Reminder to change all the admin passwords your team uses.
|Chrome console error|
Check for any run-time errors in JS, Jquery, and other conflicts.
|Files and Folders permission check|
To ensure file permissions are not reset, in case server is restarted or moved to another host.
|Check and update the php version|
To ensure latest php version runs on the server.
|Check robots.txt file|
For SEO and to strengthen security by disabling access to protected folders. And use magento best practices for optimizing robots.txt.
|Check the google bot lines added in htacess file|
To control frequency of google bots scan to a resonable one. Reduce it from a scan every second to a scan every minute. Saved bandwidth.
|Load Test website for Concurrent users|
To test website functioning for potential traffic surge.
|Review disk space usage|
Our websites would scale resources dynamically, but disk usage just to ensure there is no billing overage.
|Review bandwidth usage|
This would identify any unwated seo bots or hack bots that scan the website and hence consume data.
|Review & inspect server logs|
Server logs will flag errors with the underlying php or apache.
|Review and clean up non Magento files|
Ensure no other files are stored in root directory like backups, disk snapshot, etc.,
|Review FTP, SSH/SFTP accounts|
Remove all FTP accounts if they have been created. Rest all SSH passwords every month.
|Review server capacity / resource utilization|
Check for any process if it hogs excessive processor/RAM than required.
Compress images to improve page speed.
|Performance & Page Speed Optimization|
|Google Page Speed Performance Score|
Reporting only & basic optimization, to keep the score within industry standards
|GTMetrix Performance – PageSpeed Score|
Reporting only & basic optimization, to keep the score within industry standards
|Suggestions if any for page speed optimizations||✔||✔||✔|
|Change admin url regularly||✔||✔||✔|
|Check isolation of production environment from any other installation|
To ensure no other software runs in production environment
|Admin URL IP whitelisted or 2FA for Admin logins|
Subject to conditions and only if client and their entire team who accesses the website is on a dedicated IP.
|30 second Downtime monitor check |
We shall setup an automated website downtime monitor check, and if the site is down for more than 30 seconds, we will investigate the reason and work on it pro-actively.
|Configure captcha for all required forms on the website|
Helps prevent spam customers and form submissions.
|Disable dangerous PHP functions – eval, phpinfo, etc.,|
Common functions used to inject malware are disabled at php level.
|Check copyright date in the footer yearly||✔||✔||✔|
|Monthly report submission||✔||✔||✔|
|Buy It Now||Buy It Now||Buy It Now|
Typically suited for websites having ~5000 products
Terms and Conditions:
- When you are signing up for our maintenance plan, you are given access to our magento support portal, where you can raise tickets or ask questions on your magento website. We aim to respond and resolve all queries the same day.
- We do not guarantee that your website can never be hacked or brought down by external sources. No website can be safe from a hacking attempt. Here, we are trying our best to “prevent” possible website hacks/failures, and in the event of one, try to restore it as soon as possible with a minimum downtime.
- The maintenance plans do not include the price of restoring a website in the event of a hack. Some websites take a few minutes to investigate while some other busy websites might take several hours to investigate & restore. The restoration task will be billed separately, and is not part of the maintenance package.
- We do not take responsibility for the loss of revenue during the downtime of a website upgrade or in the unlikely event that a website is under attack.
- Our support timings are 9am-5pm Mon-Fri GMT, via our support ticket portal.
- For telephone support, please schedule a suitable time with any of our agents, via the support portal.
- The scope work is 10-20 hours of maintenance work on the website website, per month, depending on the plan in which you are under. Websites with large number of SKUs or higher traffic will need customized maintenance plans. Contact us for more details.
- Any additional development or customization tasks would be charged at our hourly rate.
- For the avoidance of doubt, we do not warrant or represent that our maintenance services will result in increased sales, revenues, profits or customers, specific lead or traffic generation, sales, profitability or any other outcomes.