Probably the most tedious part of running a website is the constant maintenance and updates. Continuing our previous post on WordPress, we’ve put together a quick guide of routine checks and changes for both Magento 1.x and 2.x. A poorly maintained website can be a security nightmare, or even impact on your website appearance and search position with potential attacks and spam.
Always always keep a backup – but more importantly, particularly if you automate your backups, ensure that you test them too. Often it’s only found that backup storage is full, or failing, once a disaster has already happened. Your hardware can be replaced, but your data can’t. Your hosting provider may also offer a backup service, though you may also prefer to manage your own too.
Magento updates are released on a very regular schedule, both offering new features and security updates.
If you are using custom plugins or themes, you should check manually whether there are any updates to these too. Often updates may cause problems with complex sites, so it’s recommended to always backup manually before proceeding with updates. Often we recommend updating items one-at-a-time so that any issues can be quickly spotted.
If you are taking any orders or customer data at all, it is highly recommended to have an SSL certificate and for your site to be running with HTTPS. We’ve discussed previously using Let’s Encrypt, which is ideal for smaller sites. It is also important to ensure that the web server being used is using correct SSL security, and not using encryption protocols which are weak or easily broken.
Health and Security Monitoring
Alongside updates, it is essential that your site is monitored for health and security issues, particularly if you need to meet GDPR or other data protection standards it is generally your responsibility to ensure customer data is secured.
Your hosting provider should also ensure your server is up-to-date. Ensuring that you’re running the latest web server and database software, as well as firewalling and security your servers is as important as ensuring your site cannot be attacked from the the website. Given that there have been a huge number of security threats, and that customer data is at risk, it is important to ensure these are kept secure over time.
With all the best intentions, it’s very easy to get behind on updates and maintenance. It is worth keeping a weekly or monthly checklist, and to get into a routine of checking and updating your website.
Some websites, especially Magento can easily evolve and contain complex steps and procedures, just for creating new posts and pages. Especially in a corporate setting, this technical information is often not easily shared and the responsibility of few. With holidays and absence, this can often pose difficulties making new posts difficult, slow, or impossible. We’ve worked often with clients, writing custom documentation to ensure that this task can be taken on. This is often required as part of ISO certification or simply for sharing employee knowledge.
For larger or more difficult sites, you may wish to employ a third-party to monitor and observe your site, either as a one-off or as an ongoing maintenance plan – if this is something that interests you, we can help with any size site and any requirements – do get in touch.