|Core System Functionality|
|30 second Downtime monitor check|
If the website goes down for more than 30 seconds, we will immediately investigate the reason and work on it pro-actively. Our automatic website triggers would notify us if there is a problem on the website within 30 seconds. In short, your website would constantly be monitored to ensure it runs uninterrupted, and in the event of a problem, our team would be on top of it (during working hours).
|Magento Version check – weekly|
Check to see if latest version of Magento is running. If not, we will discuss with you (our client) the next steps required to upgrade the software.
|Core File Modification Check|
Check if any core files are modified either due to possible malware. This is a quick to do a health check to see if things are running fine. If any core file is modified, it usually points to some suspicious activity on the website.
|New version upgrade scope assessment|
Adobe (Magento’s parent company) plans to release a new version every quarter. Our scope here is just assessment, to see if an upgrade is required at this stage.
|Security patch installations|
Helps to keep your magento website up to date with any patches released by Adobe. The most critical task in our Magento maintenance & security package. Any security patches officially released must be applied on production websites as soon as they are released.
|New version upgrade|
This has to be assesed for the basic and advanced security plans. Magento version upgrades within the same release (example: 2.3.xxx) are handled. If a magento version upgrade is outside the release (example: v2.3.x to v2.4) then, upgrades are not covered in our maintenance plans.
|Monthly audit of Extensions|
Includes only auditing and reporting extension versions. If some of the extensions run outdated code, then the scope to fix those shall be discussed on a case basis.
|Extension files upgrade to the latest version – quarterly|
The enterprise security plan includes upgrading the extensions to the latest version.
|Database Backup frequency||Monthly||Weekly||Weekly|
|Complete Website backup (last 12 months archive stored)||Monthly||Monthly||Weekly|
|Monthly backup of Raw Server access logs|
This is required for investigation of any malware or bot trying to attack the website. Server logs contain historical website access data from each IP address. In the event of a potential hack, the investigation starts by analyzing server access logs.
|Weekly Regular Maintenance activities|
|Log Files Audit (var/log,var/report,error_log file)|
To check for any suspicious activity or underlying software/extension incompatibilities. There could be issues with modules, php, apache, OS, server, etc., which could either slow down the website or cause other known/unknown vulnerabilities.
|Log files Cleanup|
We would inspect the logs first, audit each entry and then clear the log.
|Log files issues – fixes|
A log entry is generated whenever a software or compatibility error occurs. We would step into each log entry, analyze the error and fix the root cause or discuss the scope if it is part of the bigger task.
|Log Tables cleanup – Database|
Helps to keep the DB lean and run efficiently, thus saving you server costs.
|Cron Audit – monthly|
To ensure there are no pending jobs on the cron and cron is running healthy. Health check and keep count of additional crons running, which were created by third party extensions. Any new cron entry has to be validated and approved. Cron audit is required to keep a site running healthy and safe.
Cache flush check and health check. Ensure there are no errors created due to inconsistent DB.
Check for errors if any.
|Admin Users audit|
Audit all admin users. Disable inactive / unused users immediately.
|Remove unused extensions, cms blocks and static pages|
We will remove unused extensions, cms blocks and static pages if they are not used over a few months. Keeps the site lean and run efficiently.
|Check Multi Currencies dynamic conversion|
Auto-fetch multi-currency module check, to ensure current currency conversion rates are being applied.
|Orphan images check and cleanup|
To free up disk space.
|Sitemap xml Check|
Check automatic sitemap update. (Part of SEO optimization process. But since this is critical for every website, we have included it here)
|Manual UI testing (home page, category page, product page, cart page and checkout page)||✔||✔||✔|
|Weekly Regular Security Audit|
A quick way to ensure website is running the latest software and does not have any potential vulnerabilities.
|Detailed audit of admin log for suspicious activity with the admin log extension|
Audit all actions performed by admins, to scan for possible malicious activity and if any core settings have been changed. To check this, we would require an admin log extension to be setup & configured.
|Miscellaneous Scripts & Miscellaneous HTML|
To check for unauthorized code injection from admin backend.
|Spam Customers check|
Check and clean up spam customers.
|Detailed Magento access logs audit for potential hack attempts (debug.log, exception.log, magento.cron.log, setup.cron.log, system.log, update.cron.log, update.log, xtento_productexport.log)||✘||✔||✔|
|Number of Products log|
To ensure server resources are in sync with DB size and there are no inconsistencies in the DB due to orphan records.
|Hide magento version – check|
For added security.
|Third-party feeds house keeping|
Clean up old feeds for google merchant center or any other third party shipping softwares, to ensure the site runs clean and fast.
|Complete malware scan|
The entire website will be scanned for malware files through a set of 6 different malware scanning tools that we use. The DB would also be scanned for malware.
|Complete malware removal|
If the website still gets infected, we will clean the malware and take necessary steps if you are part of the enterprise plan.
|Automated Website Monitoring & Scans|
|WAF (Web Application Firewall) setup with 24×7 monitoring and filtering traffic||✔||✔||✔|
|DDoS Attack Mitigation||✔||✔||✔|
|Brute Force Protection||✔||✔||✔|
|Environment Maintenance Activities|
|Change all admin password|
Reminder to change all the admin passwords your team uses.
|Chrome console error|
Check for any run-time errors in JS, Jquery, and other conflicts.
|Files and Folders permission check|
To ensure file permissions are not reset, in case server is restarted or moved to another host.
|Check and update the php version|
To ensure latest php version runs on the server.
|Check robots.txt file|
For SEO and to strengthen security by disabling access to protected folders. And use Magento best practices for optimizing robots.txt.
|Check the google bot lines added in htacess file|
To control frequency of google bots scan to a resonable one. Reduce it from a scan every second to a scan every minute. Saved bandwidth.
|Load Test website for Concurrent users|
To test website functioning for potential traffic surge.
|Review disk space usage|
Our websites would scale resources dynamically, but disk space usage is assessed just to ensure there is no billing overage.
|Review bandwidth usage|
This would identify any unwated seo bots or hack bots that scan the website and hence consume data.
|Review & inspect server logs|
Server logs will flag errors with the underlying php or apache.
|Review and clean up non Magento files|
Ensure no other files are stored in root directory like backups, disk snapshot, etc.,
|Review FTP, SSH/SFTP accounts|
Remove unused FTP/SSH/SFTP accounts.
|Review server capacity / resource utilization|
Check for any process if it hogs excessive processor/RAM than required.
Compress images to improve page speed.
|Performance & Page Speed Optimization|
|Google Page Speed Performance Score reporting|
Reporting only & basic optimization, to keep the score within industry standards
|GTMetrix Performance – PageSpeed Score reporting|
Reporting only & basic optimization, to keep the score within industry standards
|Suggestions if any for page speed optimizations||✘||✔||✔|
|Change admin url regularly||✔||✔||✔|
|Admin URL IP whitelisted or 2FA for Admin logins|
Subject to conditions and only if client and their entire team who accesses the website is on a dedicated IP.
|Configure captcha for all required forms on the website|
Helps prevent spam customers and form submissions.
|Disable dangerous PHP functions – eval, phpinfo, etc.,|
Common functions used to inject malware are disabled at php level.
PCI Compliance when recommended by the payment provider – we will ensure you stay compliant and monitor the scan results after the payment provider recommends getting the PCI scans done.
|Monthly report submission||✔||✔||✔|
£450 per month/-
Approx. 15 hours
£690 per month/-
Approx. 23 hours
£900 per month/-
Approx. 30 hours