Magento Monthly Maintenance
Give your magento site the health check it needs every month
Running an online business with a pro-actively managed magento website is better than fixing errors as and when they occur. You need to ensure the website runs the latest version for the e-commerce software version, the underlying operating system, php version, database, etc.,
Better safe than sorry. A hack attempt on any website is inevitable. We do our our best by minimizing the chances of an attack as far as possible. Magento 2 being a powerful e-commerce system, needs top of the line security in place, to ensure the chances of running an uninterrupted business are as high as possible.
An un-monitored & unmaintained magento website is susceptible to an attack that doesn’t just bring the website & its sales to a halt but can also compromise customer sensitive data that every e-ecommerce website stores. We recommend any magento website big or small should to maintain the highest standards of security. With the ever-growing and innovative ways hackers find to penetrate into websites, we need to stay on top of the game to ensure website has the highest security standards.
What is included…
Task | Basic Security | Advanced Security | Enterprise Security |
| Core System Functionality | |||
| 1) 30 second Downtime monitor check If the website goes down for more than 30 seconds, we will immediately investigate the reason and work on it pro-actively. Our automatic website triggers would notify us if there is a problem on the website within 30 seconds. In short, your website would constantly be monitored to ensure it runs uninterrupted, and in the event of a problem, our team would be on top of it (during working hours). | ✔ | ✔ | ✔ |
| 2) Magento Version check – weekly Check to see if latest version of Magento is running. If not, we will discuss with you (our client) the next steps required to upgrade the software. | ✔ | ✔ | ✔ |
| 3) Core File Modification Check Check if any core files are modified either due to possible malware. This is a quick to do a health check to see if things are running fine. If any core file is modified, it usually points to some suspicious activity on the website. | Monthly | Monthly | Weekly |
| 4) New version upgrade scope assessment Adobe (Magento’s parent company) plans to release a new version every quarter. Our scope here is just assessment, to see if an upgrade is required at this stage. | ✔ | ✔ | ✔ |
| 5) Security patch installations Helps to keep your magento website up to date with any patches released by Adobe. The most critical task in our Magento maintenance & security package. Any security patches officially released must be applied on production websites as soon as they are released. | ✔ | ✔ | ✔ |
| 6) New version upgrade This has to be assesed for the basic and advanced security plans. Magento version upgrades within the same release (example: 2.3.xxx) are handled. If a magento version upgrade is outside the release (example: v2.3.x to v2.4) then, upgrades are not covered in our maintenance plans. | ✘ | ✘ | ✔ |
| 7) Monthly audit of Extensions Includes only auditing and reporting extension versions. If some of the extensions run outdated code, then the scope to fix those shall be discussed on a case basis. | ✔ | ✔ | ✔ |
| 8) Extension files upgrade to the latest version – quarterly The enterprise security plan includes upgrading the extensions to the latest version. | ✘ | ✘ | ✔ |
| Backup | |||
| 9) Database Backup frequency | Monthly | Weekly | Weekly |
| 10) Complete Website backup (last 12 months archive stored) | Monthly | Monthly | Weekly |
| 11) Monthly backup of Raw Server access logs This is required for investigation of any malware or bot trying to attack the website. Server logs contain historical website access data from each IP address. In the event of a potential hack, the investigation starts by analyzing server access logs. | ✘ | ✔ | ✔ |
| Weekly Regular Maintenance activities | |||
| 12) Log Files Audit (var/log,var/report,error_log file) To check for any suspicious activity or underlying software/extension incompatibilities. There could be issues with modules, php, apache, OS, server, etc., which could either slow down the website or cause other known/unknown vulnerabilities. | ✔ | ✔ | ✔ |
| 13) Log files Cleanup We would inspect the logs first, audit each entry and then clear the log. | ✔ | ✔ | ✔ |
| 14) Log files issues – fixes A log entry is generated whenever a software or compatibility error occurs. We would step into each log entry, analyze the error and fix the root cause or discuss the scope if it is part of the bigger task. | ✘ | ✘ | ✔ |
| 15) Log Tables cleanup – Database Helps to keep the DB lean and run efficiently, thus saving you server costs. | ✔ | ✔ | ✔ |
| 16) Cron Audit – monthly To ensure there are no pending jobs on the cron and cron is running healthy. Health check and keep count of additional crons running, which were created by third party extensions. Any new cron entry has to be validated and approved. Cron audit is required to keep a site running healthy and safe. | ✔ | ✔ | ✔ |
| 17) Cache Check Cache flush check and health check. Ensure there are no errors created due to inconsistent DB. | ✔ | ✔ | ✔ |
| 18) Indexer Check Check for errors if any. | ✔ | ✔ | ✔ |
| 19) Admin Users audit Audit all admin users. Disable inactive / unused users immediately. | Monthly | Monthly | Weekly |
| 20) Remove unused extensions, cms blocks and static pages We will remove unused extensions, cms blocks and static pages if they are not used over a few months. Keeps the site lean and run efficiently. | ✔ | ✔ | ✔ |
| 21) Check Multi Currencies dynamic conversion Auto-fetch multi-currency module check, to ensure current currency conversion rates are being applied. | ✔ | ✔ | ✔ |
| 22) Orphan images check and cleanup To free up disk space. | ✔ | ✔ | ✔ |
| 23) Sitemap xml Check Check automatic sitemap update. (Part of SEO optimization process. But since this is critical for every website, we have included it here) | ✔ | ✔ | ✔ |
| 24) Manual UI testing (home page, category page, product page, cart page and checkout page) | ✔ | ✔ | ✔ |
| Weekly Regular Security Audit | |||
| 25) MageReport scan A quick way to ensure website is running the latest software and does not have any potential vulnerabilities. | ✔ | ✔ | ✔ |
| 26) Detailed audit of admin log for suspicious activity with the admin log extension Audit all actions performed by admins, to scan for possible malicious activity and if any core settings have been changed. To check this, we would require an admin log extension to be setup & configured. | ✘ | ✘ | ✔ |
| 27) Miscellaneous Scripts & Miscellaneous HTML To check for unauthorized code injection from admin backend. | ✔ | ✔ | ✔ |
| 28) Spam Customers check Check and clean up spam customers. | ✔ | ✔ | ✔ |
| 29) Detailed Magento access logs audit for potential hack attempts (debug.log, exception.log, magento.cron.log, setup.cron.log, system.log, update.cron.log, update.log, xtento_productexport.log) | ✘ | ✔ | ✔ |
| 30) Number of Products log To ensure server resources are in sync with DB size and there are no inconsistencies in the DB due to orphan records. | ✔ | ✔ | ✔ |
| 31) Hide magento version – check For added security. | ✔ | ✔ | ✔ |
| 32) Third-party feeds house keeping Clean up old feeds for google merchant center or any other third party shipping softwares, to ensure the site runs clean and fast. | ✔ | ✔ | ✔ |
| Malware Scans | |||
| 33) Complete malware scan The entire website will be scanned for malware files through a set of 6 different malware scanning tools that we use. The DB would also be scanned for malware. | ✔ | ✔ | ✔ |
| 34) Complete malware removal If the website still gets infected, we will clean the malware and take necessary steps if you are part of the enterprise plan. | ✘ | ✘ | ✔ |
| Automated Website Monitoring & Scans | |||
| 35) WAF (Web Application Firewall) setup with 24×7 monitoring and filtering traffic | ✔ | ✔ | ✔ |
| 36) DDoS Attack Mitigation | ✔ | ✔ | ✔ |
| 37) Brute Force Protection | ✔ | ✔ | ✔ |
| Environment Maintenance Activities | |||
| 38) Change all admin password Reminder to change all the admin passwords your team uses. | Monthly | Monthly | Monthly |
| 39) Chrome console error Check for any run-time errors in JS, Jquery, and other conflicts. | Monthly | Weekly | Weekly |
| 40) Files and Folders permission check To ensure file permissions are not reset, in case server is restarted or moved to another host. | Monthly | Weekly | Weekly |
| 41) Check and update the php version To ensure latest php version runs on the server. | Monthly | Monthly | Weekly |
| 42) Check robots.txt file For SEO and to strengthen security by disabling access to protected folders. And use Magento best practices for optimizing robots.txt. | Monthly | Monthly | Weekly |
| 43) Check the google bot lines added in htacess file To control frequency of google bots scan to a resonable one. Reduce it from a scan every second to a scan every minute. Saved bandwidth. | Monthly | Monthly | Weekly |
| 44) Load Test website for Concurrent users To test website functioning for potential traffic surge. | Monthly | Weekly | Weekly |
| 45) Review disk space usage Our websites would scale resources dynamically, but disk space usage is assessed just to ensure there is no billing overage. | Monthly | Weekly | Weekly |
| 46) Review bandwidth usage This would identify any unwated seo bots or hack bots that scan the website and hence consume data. | Monthly | Weekly | Weekly |
| 47) Review & inspect server logs Server logs will flag errors with the underlying php or apache. | Monthly | Monthly | Weekly |
| 48) Review and clean up non Magento files Ensure no other files are stored in root directory like backups, disk snapshot, etc., | Monthly | Monthly | Weekly |
| 49) Review FTP, SSH/SFTP accounts Remove unused FTP/SSH/SFTP accounts. | Monthly | Monthly | Weekly |
| 50) Review server capacity / resource utilization Check for any process if it hogs excessive processor/RAM than required. | Monthly | Monthly | Weekly |
| 51) Images Optimization Compress images to improve page speed. | Monthly | Monthly | Weekly |
| Performance & Page Speed Optimization | |||
| 52) Google Page Speed Performance Score reporting Reporting only & basic optimization, to keep the score within industry standards | Monthly | Weekly | Weekly |
| 53) GTMetrix Performance – PageSpeed Score reporting Reporting only & basic optimization, to keep the score within industry standards | Monthly | Weekly | Weekly |
| 54) Suggestions if any for page speed optimizations | ✘ | ✔ | ✔ |
| Misc Tasks | |||
| 55) Change admin url regularly | ✔ | ✔ | ✔ |
| 56) Admin URL IP whitelisted or 2FA for Admin logins Subject to conditions and only if client and their entire team who accesses the website is on a dedicated IP. | ✔ | ✔ | ✔ |
| 57) Configure captcha for all required forms on the website Helps prevent spam customers and form submissions. | ✔ | ✔ | ✔ |
| 58) Disable dangerous PHP functions – eval, phpinfo, etc., Common functions used to inject malware are disabled at php level. | ✔ | ✔ | ✔ |
| 59) PCI Compliance PCI Compliance when recommended by the payment provider – we will ensure you stay compliant and monitor the scan results after the payment provider recommends getting the PCI scans done. | ✘ | ✘ | ✔ |
| Reporting | |||
| 60) Monthly report submission | ✔ | ✔ | ✔ |
 £450 per month/- Approx. 15 hours | £690 per month/- Approx. 23 hours | £900 per month/- Approx. 30 hours | |
Basic security is typically suited for low volume websites while the higher plans for larger sites. Talk to us today to discuss which plan suits your business.
Terms and Conditions:
- When you are signing up for our maintenance plan, you are given access to our magento support portal, where you can raise tickets or ask questions on your magento website. We aim to respond and resolve all queries the same day.
- We do not guarantee that your website can never be hacked or brought down by external sources. No website can be safe from a hacking attempt. Here, we are trying our best to “prevent” possible website hacks/failures, and in the event of one, try to restore it as soon as possible with a minimum downtime.
- The maintenance plans do not include the price of restoring a website in the event of a hack. Some websites take a few minutes to investigate while some other busy websites might take several hours to investigate & restore. The restoration task is not part of the maintenance package.
- We do not take responsibility for the loss of revenue during the downtime of a website upgrade or in the unlikely event that a website has been compromised.
- Our support timings are 9am-5pm Mon-Fri GMT, via our support ticket portal.
- For telephone support, please schedule a suitable time with any of our staff, via the support portal.
- The scope of maintenance work on your website is based on the number of hours of indicated above, per month, depending on the plan in which you are under. Websites with large number of SKUs or higher traffic will need customized maintenance plans. Contact us for more details.
- Any ad-hoc support requests would be assessed and handled on a case basis at our at our hourly rate of £30 per hour.
- To ensure we provide the best security for your website, we do not give you admin access to the same.In case you require admin access to the ecommerce system, we would create a staging environment that you can play around with.
- In the event of you or your team still requiring full admin access to the backend system, this maintenance plan agreement would cease from that moment.
- For the avoidance of doubt, we do not warrant or represent that our maintenance services will result in increased sales, revenues, profits or customers, specific lead or traffic generation, sales, profitability or any other outcomes.
