Magento 2 Audits

When was the last time your website had a Magento 2 Code Audit? How about a Magento 2 Server Audit? Or even a Magento Devops Audit?

As a Consultant/Contractor I regularly see new (to me) Magento projects, and the vast majority of them having major issues in various areas. Really slow executing code, poor cache coverage or even non working caching, misconfigured servers (PHP-FPM max children, Elasticsearch Memory Limits, etc). How about a very common one, lack of Malware scanning (and even having Malware present!).

A lot of these are innocent mistakes, where there is a disconnect between your developers and managed hosting providers. Or just lack of attention in certain areas due to limitations of specialities. And often leads to finger pointing back and forth between your development team and hosting provider. "It's a Server Issue!" "It's a application issue!"

This is where experiencing of leading Magento development and infrastructure, everything from Code to Infrastructure to DevOps comes in useful. I can work with your current development team, and hosting provider to bridge the disconnect and provide Magento specific advice on how to get the most out of your current solution.

What does the Audit cover?

All the audits that I perform are tailored to the individual project. As every Magento Store is unique, and every ones goal from the audit is different.

Magento Code

First I look at the application code, as this usually will have the biggest impact on a store. Some of the questions I ask are:

• How are modules installed? Quality of the modules? Are they even needed? How many modules are installed?
• Do the modules / custom code contain questionable code? exec? eval? N+1 queries? Caching/Performance Issues?
• Is Malware present in the application code? What about the database?
• Is the Store upto date?
• Are we using a bespoke theme? Generic Off the Shelf Theme?
• Local Profiling Key Pages: Homepage, Product, Category, Checkout etc. Are these slow? Where is the performance being lost?
• Production Profiling Requests - Is inter-service communication slow? IO Slowness?

Server Infrastructure

Then I move onto the server infrastructure, where we cover everything from server utilisation / cost, to software configuration, all the way to how the infrastructure is configured. Some of the things we look at are:

• Is NGINX configured correctly? Rewrites? Forced HTTPS? Appropriate Timeouts? Memory/File Size Limits? Proxy Pass Fallbacks? Traffic Source Blocks?
• Is PHP-FPM configured correctly? Max Children? Max Requests? PM Static v Dynamic?
• Is Elasticsearch configured correctly? Appropriate Memory Limits Set?
• Is the services enabled correctly? Will they all auto restart on failure?
• Do we have a WAF / Edge Firewall in place? What WAF rules are configured? Is alerting bound to these rules?
• Is rate limiting in place?

DevOps

Lastly I can audit your DevOps processes. Having a solid and well established DevOps pipeline is crucial for Magento development, especially within an Agency where you will be running many stores. Something of the Audit points are:

• Are CI/CD Pipelines in place? What does these contain?
• Is Automated testing in place?
• Effective merge gates for production? Core Web Vitals? Blackfire? Cacheability?
• Backups? Retention? Frequency?
• Established Disaster recovery process? Restore SLAs? Test Frequency?
• Observability Configuration? Centeralised logging? APM Monitoring? Automated Alerting? Dashboards?
• Automatic Magento & Modules Updates? Frequency? Merge Gates?
• Artifact Deployments? Streamlined Artifacts?
• Static Content Deployments optimisations?

Free Audits

Getting the Magento 2 Audit is great, but what if your current partners cannot action the changes? Lack of time, budget, or expertise?

I offer supporting work for all Audits, where we discount any of the related work against the original price of the Audit.