Magento Monthly Maintenance

Magento Monthly Maintenance

Give your magento site the health check it needs every month

Running an online business with a pro-actively managed magento website is better than fixing errors as and when they occur. You need to ensure the website runs the latest version for the e-commerce software version, the underlying operating system, php version, database, etc.,

Better safe than sorry. A hack attempt on any website is inevitable. We do our our best by minimizing the chances of an attack as far as possible. Magento 2 being a powerful an e-commerce system it is, needs top of the line security in place, to ensure the highest chances of running an uninterrupted business.

An un-monitored & unmaintained magento website is susceptible to an attack that doesn’t just bring the website down but can also compromise customer sensitive data that every e-ecommerce website hosts.

What is included…

Task

Basic Security

Advanced Security

Enterprise Security

Core System Functionality review
Magento Version check – weekly
Check to see if latest version of magento is running. If not, we will discuss with you (our client) the next steps required to upgrade the software.
Core File Modification Check
Check if any core files are modified either due to malware or due to bad programming practices. This is a quick to do a health check to see if things are running fine. If any core file is modified, it usually points to some suspicious activity on the website.
MonthlyMonthlyWeekly
New version upgrade scope assessment
Adobe (Magento’s parent company) plans to release a new version every quarter. Our scope here is just assessment, to see if an upgrade is required at this stage.
Security patch installations
Helps to keep your magento webstie up to date with any patches released by Adobe. The most critical task in our magento maintenance & security package. Any security patches officially released must be applied on production websites as soon as they are released.
New version upgrade
This has to be assesed for the basic and advanced security plans. Magento version upgrades within the same release (example: 2.3.xxx) are handled. If a magento version upgrade is outside the release (example: v2.3.x to v2.4) then, upgrades are not covered in our maintenance plans.
Monthly audit of Extensions
Includes just auditing and reporting extensions versions. If some of the extensions run outdated code, then the scope to fix those shall be disucssed on a case basis.
Extension files upgrade to the latest version – quarterly
The enterprise security plan includes upgrading the extensions to the latest version.
Backup
Database Backup frequencyMonthlyWeeklyWeekly
Complete Website backup (last 12 months archive stored)MonthlyMonthlyWeekly
Monthly backup of Raw Server access logs
This is required for investigation of any malare or bot trying to attack the website. Server logs contain historical website access data from each IP address. In the event of a potential hack, the investigation starts by analyzing server access logs.
Weekly Regular Maintenance activities
Log Files Audit (var/log,var/report,error_log file)
To check for any suspicious activity or underlying software/extension incompatibilities. There could be issues with modules, php, apache, OS, server, etc., which could either slow down the website or cause other known/unknown vulnerabilities.
Log files Cleanup
We would inspect the logs first, audit each entry and then clear the log.
Log files issues – fixes
A log entry is generated whenever a software or compatibility error occurs. We would step into each log entry, analyze the error and fix the root cause or discuss the scope if it is part of the bigger task.
Log Tables cleanup – Database
Helps to keep the DB lean and run efficiently, thus saving you server costs.
Cron Check – monthly
To ensure there are no pending jobs are on cron, and cron is running healthy. Helps to ensure third-party integrations are running fine.
Number of crons check
Health check and keep count of additional crons running, which were created by third party extensions. Any new cron entry has to be validated and approved. Cron audit is required to keep a site running healthy and safe.
Cache Check
Cache flush check and health check. Ensure there are no errors created due to inconsistent DB.
Indexer Check
Check for errors if any.
Admin Users audit
Audit all admin users. Disable inactive / unused users immediately.
MonthlyMonthlyWeekly
Remove unused extensions, cms blocks and static pages
Keeps the site lean and run efficiently.
Check Multi Currencies dynamic conversion
Auto-fetch multi-currency module check, to ensure current currency conversion rates are being applied.
Orphan images check and cleanup
To free up disk space.
Sitemap xml Check
Part of SEO. But we will include this in our regular maintenance.
Manual UI testing (home page, category page, product page, cart page and checkout page)
Weekly Regular Security Audit
MageReport scan
A quick way to ensure website is running the latest software and does not have any potential vulnerabilities.
Detailed audit of admin log for suspicious activity with the admin log extension
Audit all actions performed by admins, to scan for possible malicious activity and if any core settings have been changed. To check this, we would require an admin log extension to be setup & configured.
Miscellaneous Scripts & Miscellaneous HTML
To check for unauthorized code injection from admin backend.
Spam Customers check
Check and clean up spam customers.
Detailed Magento access logs audit for potential hack attempts (debug.log, exception.log, magento.cron.log, setup.cron.log, system.log, update.cron.log, update.log, xtento_productexport.log)
Number of Products log
To ensure server resources are in sync with DB size and there are no inconsistencies in the DB due to orphan records.
Hide magento version – check
For added security.
Third-party feeds house keeping
Clean up old feeds for google merchant center or any other third party shipping softwares, to ensure the site runs clean and fast.
Malware Scans
https://sitecheck.sucuri.net/
https://account.magento.com/scanner
https://www.magereport.com/
Magento Software configuration check.
https://www.foregenix.com/solutions/technology/webscan
Malware check.
Complete malware removal
If the website stil gets infected, we will clean the malware and take necessary steps if you are part of the enterprise plan.
Automated Website Monitoring & Scans
WAF (Web Application Firewall) setup with 24×7 monitoring and filtering traffic
DDoS Attack Mitigation
Malware Removal & Hack Cleanup
Brute Force Protection
Environment Maintenance Activities
Change all admin password
Reminder to change all the admin passwords your team uses.
MonthlyMonthlyMonthly
Chrome console error
Check for any run-time errors in JS, Jquery, and other conflicts.
MonthlyWeeklyWeekly
Files and Folders permission check
To ensure file permissions are not reset, in case server is restarted or moved to another host.
MonthlyWeeklyWeekly
Check and update the php version
To ensure latest php version runs on the server.
MonthlyMonthlyWeekly
Check robots.txt file
For SEO and to strengthen security by disabling access to protected folders. And use magento best practices for optimizing robots.txt.
MonthlyMonthlyWeekly
Check the google bot lines added in htacess file
To control frequency of google bots scan to a resonable one. Reduce it from a scan every second to a scan every minute. Saved bandwidth.
MonthlyMonthlyWeekly
Load Test website for Concurrent users
To test website functioning for potential traffic surge.
MonthlyWeeklyWeekly
Review disk space usage
Our websites would scale resources dynamically, but disk usage just to ensure there is no billing overage.
MonthlyWeeklyWeekly
Review bandwidth usage
This would identify any unwated seo bots or hack bots that scan the website and hence consume data.
MonthlyWeeklyWeekly
Review & inspect server logs
Server logs will flag errors with the underlying php or apache.
MonthlyMonthlyWeekly
Review and clean up non Magento files
Ensure no other files are stored in root directory like backups, disk snapshot, etc.,
MonthlyMonthlyWeekly
Review FTP, SSH/SFTP accounts
Remove all FTP accounts if they have been created. Rest all SSH passwords every month.
MonthlyMonthlyWeekly
Review server capacity / resource utilization
Check for any process if it hogs excessive processor/RAM than required.
MonthlyMonthlyWeekly
Images Optimization
Compress images to improve page speed.
MonthlyMonthlyWeekly
Performance & Page Speed Optimization
Google Page Speed Performance Score
Reporting only & basic optimization, to keep the score within industry standards
MonthlyWeeklyWeekly
GTMetrix Performance – PageSpeed Score
Reporting only & basic optimization, to keep the score within industry standards
MonthlyWeeklyWeekly
Suggestions if any for page speed optimizations
Misc Tasks
Change admin url regularly
Check isolation of production environment from any other installation
To ensure no other software runs in production environment
Admin URL IP whitelisted or 2FA for Admin logins
Subject to conditions and only if client and their entire team who accesses the website is on a dedicated IP.
30 second Downtime monitor check
We shall setup an automated website downtime monitor check, and if the site is down for more than 30 seconds, we will investigate the reason and work on it pro-actively.
Configure captcha for all required forms on the website
Helps prevent spam customers and form submissions.
Disable dangerous PHP functions – eval, phpinfo, etc.,
Common functions used to inject malware are disabled at php level.
Check copyright date in the footer yearly
Reporting
Monthly report submission
Buy It NowBuy It NowBuy It Now

Typically suited for websites having ~5000 products

Terms and Conditions:

  1. When you are signing up for our maintenance plan, you are given access to our magento support portal, where you can raise tickets or ask questions on your magento website. We aim to respond and resolve all queries the same day.
  2. We do not guarantee that your website can never be hacked or brought down by external sources. No website can be safe from a hacking attempt. Here, we are trying our best to “prevent” possible website hacks/failures, and in the event of one, try to restore it as soon as possible with a minimum downtime.
  3. The maintenance plans do not include the price of restoring a website in the event of a hack. Some websites take a few minutes to investigate while some other busy websites might take several hours to investigate & restore. The restoration task will be billed separately, and is not part of the maintenance package.
  4. We do not take responsibility for the loss of revenue during the downtime of a website upgrade or in the unlikely event that a website is under attack.
  5. Our support timings are 9am-5pm Mon-Fri GMT, via our support ticket portal.
  6. For telephone support, please schedule a suitable time with any of our agents, via the support portal.
  7. The scope work is 10-20 hours of maintenance work on the website website, per month, depending on the plan in which you are under. Websites with large number of SKUs or higher traffic will need customized maintenance plans. Contact us for more details.
  8. Any additional development or customization tasks would be charged at our hourly rate.
  9. For the avoidance of doubt, we do not warrant or represent that our maintenance services will result in increased sales, revenues, profits or customers, specific lead or traffic generation, sales, profitability or any other outcomes.