Magento Spring Clean

Who is responsible?

It’s a team effort

1. Make a check-list

2. Assign Responsibilities and/or automate

3. Schedule

Structuring the check-list

SECURITY MAINTENANCE PERFORMANCE

Security - Mage Level

● Checking log files for signs of brute force or suspicious IP addresses

● Check files for signs of backdoor signatures

● Check for signs of plain text payment/user CC details

● Patches

● Regular password changes

● Regular admin vetting

● Regular admin URL change

● Two-factor authentication

Security - Server Level

● Check for suspicious users and SSH keys

● Check last logged in users

● Patches

● Regular password changes

● Regular admin vetting

● Firewall rules

Security - Business/Client Layer

● Are staff taking their personal security seriously?

● Passwords in inboxes are a No! No!

● Same applies to other tools such as FTP clients

● Other in-house protocols

● Client protocols

Maintenance

Maintenance

● Filesystem housekeeping

● Security Patch review & Installations

● Review Magento users

● Server Review

● Magento security scan

● Website performance testing

Performance

Performance

● Mage Level - APM/Server monitoring

● Server Level - Load testing

● Server Level - Load History

● Server Level - Review of patterns of issues

● Ecosystem Layer - External API’s performing well?

● Ecosystem Layer - Is analytics set up correctly

Performance

● HTML/JS & CSS Validation

● JS Error console issues

● Traffic review

● Image optimisation

● File permissions/ownership

Contact

Liverpool OfficeSuite 4

Church House

1 Hanover Street

Liverpool

L1 3DN

Ollie Hunt

ollie@devteam.co.uk

+44 (0) 7931 818383

@devteamuk