Magento Monthly Maintenance

Magento Monthly Maintenance

Give your magento site the health check it needs every month

Running an online business with a pro-actively managed magento website is better than fixing errors as and when they occur. You need to ensure the website runs the latest version for the e-commerce software version, the underlying operating system, php version, database, etc.,

Better safe than sorry. A hack attempt on any website is inevitable. We do our our best by minimizing the chances of an attack as far as possible. Magento 2 being a powerful e-commerce system, needs top of the line security in place, to ensure the chances of running an uninterrupted business are as high as possible.

An un-monitored & unmaintained magento website is susceptible to an attack that doesn’t just bring the website & its sales to a halt but can also compromise customer sensitive data that every e-ecommerce website stores. We recommend any magento website big or small should to maintain the highest standards of security. With the ever-growing and innovative ways hackers find to penetrate into websites, we need to stay on top of the game to ensure website has the highest security standards.

What is included…


Basic Security

Advanced Security

Enterprise Security

Core System Functionality
1) 30 second Downtime monitor check
If the website goes down for more than 30 seconds, we will immediately investigate the reason and work on it pro-actively. Our automatic website triggers would notify us if there is a problem on the website within 30 seconds. In short, your website would constantly be monitored to ensure it runs uninterrupted, and in the event of a problem, our team would be on top of it (during working hours).
2) Magento Version check – weekly
Check to see if latest version of Magento is running. If not, we will discuss with you (our client) the next steps required to upgrade the software.
3) Core File Modification Check
Check if any core files are modified either due to possible malware. This is a quick to do a health check to see if things are running fine. If any core file is modified, it usually points to some suspicious activity on the website.
4) New version upgrade scope assessment
Adobe (Magento’s parent company) plans to release a new version every quarter. Our scope here is just assessment, to see if an upgrade is required at this stage.
5) Security patch installations
Helps to keep your magento website up to date with any patches released by Adobe. The most critical task in our Magento maintenance & security package. Any security patches officially released must be applied on production websites as soon as they are released.
6) New version upgrade
This has to be assesed for the basic and advanced security plans. Magento version upgrades within the same release (example: are handled. If a magento version upgrade is outside the release (example: v2.3.x to v2.4) then, upgrades are not covered in our maintenance plans.
7) Monthly audit of Extensions
Includes only auditing and reporting extension versions. If some of the extensions run outdated code, then the scope to fix those shall be discussed on a case basis.
8) Extension files upgrade to the latest version – quarterly
The enterprise security plan includes upgrading the extensions to the latest version.
9) Database Backup frequencyMonthlyWeeklyWeekly
10) Complete Website backup (last 12 months archive stored)MonthlyMonthlyWeekly
11) Monthly backup of Raw Server access logs
This is required for investigation of any malware or bot trying to attack the website. Server logs contain historical website access data from each IP address. In the event of a potential hack, the investigation starts by analyzing server access logs.
Weekly Regular Maintenance activities
12) Log Files Audit (var/log,var/report,error_log file)
To check for any suspicious activity or underlying software/extension incompatibilities. There could be issues with modules, php, apache, OS, server, etc., which could either slow down the website or cause other known/unknown vulnerabilities.
13) Log files Cleanup
We would inspect the logs first, audit each entry and then clear the log.
14) Log files issues – fixes
A log entry is generated whenever a software or compatibility error occurs. We would step into each log entry, analyze the error and fix the root cause or discuss the scope if it is part of the bigger task.
15) Log Tables cleanup – Database
Helps to keep the DB lean and run efficiently, thus saving you server costs.
16) Cron Audit – monthly
To ensure there are no pending jobs on the cron and cron is running healthy. Health check and keep count of additional crons running, which were created by third party extensions. Any new cron entry has to be validated and approved. Cron audit is required to keep a site running healthy and safe.
17) Cache Check
Cache flush check and health check. Ensure there are no errors created due to inconsistent DB.
18) Indexer Check
Check for errors if any.
19) Admin Users audit
Audit all admin users. Disable inactive / unused users immediately.
20) Remove unused extensions, cms blocks and static pages
We will remove unused extensions, cms blocks and static pages if they are not used over a few months. Keeps the site lean and run efficiently.
21) Check Multi Currencies dynamic conversion
Auto-fetch multi-currency module check, to ensure current currency conversion rates are being applied.
22) Orphan images check and cleanup
To free up disk space.
23) Sitemap xml Check
Check automatic sitemap update. (Part of SEO optimization process. But since this is critical for every website, we have included it here)
24) Manual UI testing (home page, category page, product page, cart page and checkout page)
Weekly Regular Security Audit
25) MageReport scan
A quick way to ensure website is running the latest software and does not have any potential vulnerabilities.
26) Detailed audit of admin log for suspicious activity with the admin log extension
Audit all actions performed by admins, to scan for possible malicious activity and if any core settings have been changed. To check this, we would require an admin log extension to be setup & configured.
27) Miscellaneous Scripts & Miscellaneous HTML
To check for unauthorized code injection from admin backend.
28) Spam Customers check
Check and clean up spam customers.
29) Detailed Magento access logs audit for potential hack attempts (debug.log, exception.log, magento.cron.log, setup.cron.log, system.log, update.cron.log, update.log, xtento_productexport.log)
30) Number of Products log
To ensure server resources are in sync with DB size and there are no inconsistencies in the DB due to orphan records.
31) Hide magento version – check
For added security.
32) Third-party feeds house keeping
Clean up old feeds for google merchant center or any other third party shipping softwares, to ensure the site runs clean and fast.
Malware Scans
33) Complete malware scan
The entire website will be scanned for malware files through a set of 6 different malware scanning tools that we use. The DB would also be scanned for malware.
34) Complete malware removal
If the website still gets infected, we will clean the malware and take necessary steps if you are part of the enterprise plan.
Automated Website Monitoring & Scans
35) WAF (Web Application Firewall) setup with 24×7 monitoring and filtering traffic
36) DDoS Attack Mitigation
37) Brute Force Protection
Environment Maintenance Activities
38) Change all admin password
Reminder to change all the admin passwords your team uses.
39) Chrome console error
Check for any run-time errors in JS, Jquery, and other conflicts.
40) Files and Folders permission check
To ensure file permissions are not reset, in case server is restarted or moved to another host.
41) Check and update the php version
To ensure latest php version runs on the server.
42) Check robots.txt file
For SEO and to strengthen security by disabling access to protected folders. And use Magento best practices for optimizing robots.txt.
43) Check the google bot lines added in htacess file
To control frequency of google bots scan to a resonable one. Reduce it from a scan every second to a scan every minute. Saved bandwidth.
44) Load Test website for Concurrent users
To test website functioning for potential traffic surge.
45) Review disk space usage
Our websites would scale resources dynamically, but disk space usage is assessed just to ensure there is no billing overage.
46) Review bandwidth usage
This would identify any unwated seo bots or hack bots that scan the website and hence consume data.
47) Review & inspect server logs
Server logs will flag errors with the underlying php or apache.
48) Review and clean up non Magento files
Ensure no other files are stored in root directory like backups, disk snapshot, etc.,
49) Review FTP, SSH/SFTP accounts
Remove unused FTP/SSH/SFTP accounts.
50) Review server capacity / resource utilization
Check for any process if it hogs excessive processor/RAM than required.
51) Images Optimization
Compress images to improve page speed.
Performance & Page Speed Optimization
52) Google Page Speed Performance Score reporting
Reporting only & basic optimization, to keep the score within industry standards
53) GTMetrix Performance – PageSpeed Score reporting
Reporting only & basic optimization, to keep the score within industry standards
54) Suggestions if any for page speed optimizations
Misc Tasks
55) Change admin url regularly
56) Admin URL IP whitelisted or 2FA for Admin logins
Subject to conditions and only if client and their entire team who accesses the website is on a dedicated IP.
57) Configure captcha for all required forms on the website
Helps prevent spam customers and form submissions.
58) Disable dangerous PHP functions – eval, phpinfo, etc.,
Common functions used to inject malware are disabled at php level.
59) PCI Compliance
PCI Compliance when recommended by the payment provider – we will ensure you stay compliant and monitor the scan results after the payment provider recommends getting the PCI scans done.
60) Monthly report submission
£450 per month/-
Approx. 15 hours
£690 per month/-
Approx. 23 hours
£900 per month/-
Approx. 30 hours

Basic security is typically suited for low volume websites while the higher plans for larger sites. Talk to us today to discuss which plan suits your business.

Terms and Conditions:

  1. When you are signing up for our maintenance plan, you are given access to our magento support portal, where you can raise tickets or ask questions on your magento website. We aim to respond and resolve all queries the same day.
  2. We do not guarantee that your website can never be hacked or brought down by external sources. No website can be safe from a hacking attempt. Here, we are trying our best to “prevent” possible website hacks/failures, and in the event of one, try to restore it as soon as possible with a minimum downtime.
  3. The maintenance plans do not include the price of restoring a website in the event of a hack. Some websites take a few minutes to investigate while some other busy websites might take several hours to investigate & restore. The restoration task is not part of the maintenance package.
  4. We do not take responsibility for the loss of revenue during the downtime of a website upgrade or in the unlikely event that a website has been compromised.
  5. Our support timings are 9am-5pm Mon-Fri GMT, via our support ticket portal.
  6. For telephone support, please schedule a suitable time with any of our staff, via the support portal.
  7. The scope of maintenance work on your website is based on the number of hours of indicated above, per month, depending on the plan in which you are under. Websites with large number of SKUs or higher traffic will need customized maintenance plans. Contact us for more details.
  8. Any ad-hoc support requests would be assessed and handled on a case basis at our at our hourly rate of £30 per hour.
  9. To ensure we provide the best security for your website, we do not give you admin access to the same.In case you require admin access to the ecommerce system, we would create a staging environment that you can play around with.
  10. In the event of you or your team still requiring full admin access to the backend system, this maintenance plan agreement would cease from that moment.
  11. For the avoidance of doubt, we do not warrant or represent that our maintenance services will result in increased sales, revenues, profits or customers, specific lead or traffic generation, sales, profitability or any other outcomes.