Let’s say you decided you need to audit your Magento 2 store and find out if everything in it works properly. Where to start? One approach is to hire someone to do it for you.
But let’s assume you want to do everything yourself. How hard could it be? Well, let’s find out.
It’s Not Rocket Science. Right?
It’s not. First, we need to establish what an actual Magento audit looks like. It’s a thorough examination of every aspect of your store that results in an actionable, ready to use audit report that you can then use as a guide to fix your site.
Magento technical audit examines 7 key areas of the store:
Magento code audit
- core integrity review
- browser compatibility audit
- bugs and glitches review
- third-party code review
- database audit
Magento UI/UX audit
- navigation audit
- key pages analysis
- sales funnel review
- content audit
Magento speed audit
- frontend performance
- backend performance
Magento security audit
- vulnerability assessment
- server and database security
- user permissions audit
Magento mobile audit
- mobile performance review
- mobile UX review
Magento SEO audit
- duplicate content check
- content and keywords review
- Magento Google Analytics audit
Once we’ve outlined available options, let’s see how you can make your store audit a success.
Magento 2 Code Audit
Code-wise, Magento is a complex platform with lots of components. This is the most technical audit of all, too. You need special knowledge to review the code. In addition to core Magento files that you’ll need to review, there are dozens of third-party extensions that will require lots of work. Actually, 90% of all effort goes into third-party extensions review.
Magento Core Integrity Review
Magento consists of Magento Core which is surrounded by extensions. It’s bad coding practice to directly modify Magento Core. Nevertheless, some developers still do this.
Modified Magento Core poses one really complex problem for your website: it’s hard to upgrade or patch a modified Magento. Something, somewhere, will inevitably break. This way, every upgrade to a newer Magento version becomes a thrilling adventure of code reviews, endless tinkering and debugging. You don’t want that to be a part of your life.
How to pass: make sure your Magento is unmodified. This is a vital audit for your future security and peace of mind. If you do have a modified Magento core, invest in a development effort to isolate these customization changes into third-party extensions instead of keeping them inside Magento core.
Browser Compatibility Audit
Extensive browser testing is something you should do but probably don’t. Even though it might seem like a minor issue, poor performance on certain browsers will cost you real customers.
Review how your store handles web browsers that your visitors are using. See where they drop off and try to figure out why. Outline technical challenges for each browser and fix them.
Check for at least these 4 browsers: Google Chrome, Mozilla Firefox, Safari, Microsoft Edge.
If you want to be extra vigilant, test the last two most recent versions of each browser to ensure you are taking care of both updated users and those who lag behind.
Bugs and Glitches Review
Customers do notice if your store is clean and works well. They are more likely to leave if it’s buggy. Finding and fixing bugs and glitches is not as fun as adding new features to the store. But it’s an important task.
Make sure you track and document all issues into the team’s bug tracker. Write down the steps to reproduce each bug. Give more attention to the bugs that the user will encounter on the critical path: that is the path they have to take to find a product and successfully purchase it from you.
Critically important areas: Homepage, Search, Product List, Product Page, Cart, and Checkout.
We can’t stress this enough. Make sure your users can go all the way from Homepage to Checkout and buy stuff!
General Codebase Audit
Checking that your code actually makes sense is a great way to develop stuff. Shocking and unorthodox, we know.
Audit your code to ensure it’s robust, mistake-free, comprehensive, secure, and easy to maintain. Check for conflicts with other components. We understand it’s uncommon for developers to dedicate time and resources to refactor the existing code so it adheres to modern coding standards.
It’s twice as hard because Magento is developed as an open-source free-for-all platform with thousands of contributors with their own coding techniques, backgrounds, and experiences. At the same time, we believe that you still need to review your codebase from time to time to make necessary yet small changes to maintain decent code quality.
How to pass: minimize effort and maximize impact. Focus on recommending easy changes that will help you reap the most benefits. Understand that the code doesn’t have to be perfect. It needs to work well and be secure. That’s all.
CSS more so than HTML requires expert implementation in order to load quickly. Inexperienced teams neglect best practices in CSS use and inadvertently make a lot of mistakes. Cleaning up after these developers is a necessary but laborious task.
Refactoring CSS following best industry practices will speed up your store, reduce confusion during further development, save bandwidth, and make the code easier to maintain in the future.
How to audit: Same as any other code, CSS needs to be bloat-free, maintainable, and efficient. Your task for the audit is to find weaknesses, inconsistencies, redundant CSS lines and highlight them.
Third-Party Code Review
Magento is all about customization. With thousands of available extensions, you can make your store whatever you want. You can also mess it up pretty bad if you install poorly optimized and insecure extensions from novice developer teams.
Hell, even experienced developers release products that are far from perfect. After all, they won’t test them on your specific hardware and extension list. They test the performance on a default Magento install with just this extension added to the mix.
Their performance results might be good. But add another 30 extensions that your store needs on a daily basis and we have a slow, unreliable mess that’s hard to speed up or upgrade.
Your goal here: pay extremely close attention to third-party extensions. They are the weakest spot in your Magento store setup and present huge issues in performance and security.
Databases need to be secure and fast. And this is what we are going to look for when we analyze them. One of the components of a good database is security. To eliminate security breaches make sure your store is updated to the latest version of Magento, has adequate protection against SQL injections and manipulations to gain unauthorized privileged access, etc.
What to look for: potential database breaches that allow users to get access to unauthorized writes, illegal permissions to change tables, objects, and other users, retrieve sensitive data, manipulate the network, and otherwise cause trouble.
Another big task is to make sure your Magento database is fast enough to handle the required workload and not create bottlenecks during your daily activities.
Even though it’s generally more beneficial to have someone else conduct a UX audit of your store, you can still do it yourself. Just beware of the so-called “blurring” effect. This is when you’ve seen your store so many times you become desensitized to its shortcomings in user experience and navigation.
It’s a combination of knowing the product too well and not empathizing enough with the users who are looking at it for the first time ever. The good news is, it’s still possible to look at your store for 1000 times and see where you need to improve. So let’s get started.
Please, please, please don’t assume you know what your users are thinking, how they interact with your website, or what they want. This is the fundamental mistake of all novices. Just keep an open mind about things and move forward.
If you involve other people in your audit, prepare to be amazed how unexpectedly and differently they all navigate through your store, how they interact with menus and UI elements. You get a lot of insight this way that can bring a new perspective into your vision and maybe even change your mind about a few things.
Your goal: create typical tasks for the users who are going to test your store. Ask them to find some information about a product, buy a gift for their significant other, find something specific, or navigate to a distinct part of the store.
Be open-minded and positive about their feedback. Look for common complaints that a few users expressed independently from one another and center your audit attention around them.
Note how fast and efficient your search and navigation are. Which menus are used more often than others. See how long it takes users to find stuff. Where they succeed and where they fail.
Key Pages Analysis
Every website has a handful of key content pages. For a typical Magento store, key content is located on the Homepage, Contact Us page, Delivery, Warranty, About Us, and Product pages.
These are the pages that users visit the most when they first do research and then make a decision whether to buy from you or not.
What we are looking for: whether your key pages have convincing and concise content that answers the main question of the user (How do I contact these guys? What are they selling? Do they have what I need? How long they have been around? Are they any good? etc.)
Sales Funnel Review
Examine your sales funnel and look closely how users usually move through your store from landing to cart to checkout, where they stumble or exit altogether.
It’s not an easy task to gather this data from the get-go but with a small budget to purchase the necessary tools and a bit of patience you’ll have enough information to draw your first conclusions.
What needs to be done: be patient, gather enough data, look at user behavior, analyze pages where users bounce the most and see where you can do better. Improving your sales funnel you directly improve your bottom line. There’s a lot at stake here.
Content must sell. The idea of a content audit is to find out how much content you have and how well it sells. While it might be hard to figure out how effective your content really is, we still need to give it a try.
Look at user behavior in detail: how your visitors interact with the page, what they read more and what they skip, whether they look at anything at all. Remember that content is so much more than just text. It’s the whole combination of data on your page: photos, videos, text descriptions, links to documents and brochures.
Your goal: analyze and find underperforming content, think through how it would be possible to improve it. Find out gaps in your content that need to be filled.
Good performance is the cornerstone of your good sales. We’ve extensively covered how to speed up your Magento 2 store in the Magento Performance Guide (here’s the link), for both frontend and backend. But before you fix stuff you need to know which issues cause most problems and where your pain points are. So welcome to the speed audit.
Frontend Performance Audit
70% of all issues is a huge number. How do you approach it?
One solution is to create a checklist in your head and go through each issue one by one, marking them off our imaginary performance audit list.
You want to tackle both of these issues to make your pages lighter and faster.
This is an extremely useful fix when you need to improve perceived performance without being able to remove the code from the page. Just reorganizing the loading order in the document will help dramatically improve the load speed where it matters.
Use Google Lighthouse and Magento Profiler to create a meaningful picture of your load order and discover bottlenecks along the way. Both tools are useful for specific applications and work well in tandem so it’s smart to use both of them at the same time.
Here’s our guide on Google Lighthouse auditing. We’ve also covered how to use Magento Profiler to analyze any page of your store. Check them out to see an in-depth review of the metrics and target performance values.
Critical data measurements:
- first contentful paint,
- time to first byte,
- time to interactive,
- first CPU idle,
- input latency.
Extensions Speed Impact Review
Magento’s magic is in extensions. But the more extensions you have, the more speed you lose. Some of these extensions make too many database queries, others run cron too often which slows down everything. Some extensions are just poorly optimized.
First, make a list of all installed extensions. Measure how they impact your store. Make sure you know what each extension does. If you experience slowdowns during specific operations or at a specific time of day, analyze which third-party extension eats up precious resources.
Second, make a list of extensions you can toss without a major loss in functionality. Something you never use or have no idea what it does. Just be careful when you delete extensions that depend on one another. It’s a growing trend on the marketplace to build a “master” extension which serves as a foundation to a few “child” extensions. Deleting the master extension before the child will cause issues.
Review to-do list:
- make a list of all third-party extensions you have installed,
- mark unknown or rarely used extensions for removal,
- outline which of the remaining extensions eat up most of your resources,
- decide to either leave them as they are, optimize them, or find a better alternative.
Plugins and Event Observers Analysis
This is an in-depth look at how plugins and event observers behave in the system. Magento is in the process of switching one for the other. But today both methods are present in the platform yet not all of them are made equal.
Event observers are considered slower and less efficient than plugins. Nevertheless, many third-party extensions use observers to extend basic Magento functionality. You can review observers in the events.xml file. It will require in-depth expertise, though, to know which one are the most taxing on your performance and how they can be replaced.
Your goals here:
- review existing plugins and event observers,
- measure their performance,
- see which of them slow you down the most,
- make recommendations on how to improve.
Magento 2 Theme Review
Magento themes can be heavy. If you’ve installed an old theme that is no longer supported, you can encounter a whole host of speed issues.
If your theme has become heavily customized, changing it to something lighter and better is not always an option. Most of the time you have to deal with what you already have.
In that case, analyze how well your theme is optimized for speed: whether it uses optimized images, neatly stores CSS files, what the mobile performance and UX are like.
Configuration Optimizations Review
Magento offers developers the opportunity to improve performance in dozens of small ways:
- check if you can exchange default catalog structure for flat catalogs,
- make sure your store uses lazy loading for images and a CDN,
- measure if the use of Elasticsearch can speed up search results,
- review your frontend cache configuration, install Redis if you haven’t already,
- see if JS bundling, HTML minification, CSS compression, etc. can get you better speed.
Backend Performance Audit
Magento backend optimization makes up 30% of all speed issues. Magento backend is a huge set of challenges that range from server environment to correct cache configurations and everything in between. When we are talking backend we mean the stuff casual users don’t even know exist.
Hardware and Config Review
Servers make stuff happen. And most of the time you want to pay for the optimal hardware, not just waste money. The server should be neither too powerful, nor too weak, just right.
Backend optimization allows you to make your servers more cost-effective. Here’s what you can do to optimize the server for your Magento store:
- test cache instructions in .htaccess (Apache) or server config (nginx),
- check how your server deals with peak loads and if it needs an upgrade,
- ensure you run the latest server software supported by your version of Magento,
- check if you have switched from HTTP/1.x to HTTP/2 protocol.
These steps constitute the bare bones backend optimization yet they are really important.
What to look out for:
- make sure Magento runs the latest server software (PHP7.1.x+, MySQL 5.7+),
- request that you upgrade to HTTP/2 or even HTTP/3 once it’s available,
- set up more powerful backend caching tools such as Varnish,
- make sure the server features at least 4-8 Gb of RAM.
Backend Cache Speed Audit
Full-page cache has been introduced with Magento 2.0 as a default alternative to third-party solutions. FPC as a whole is a great choice when you don’t want to invest a lot of resources in supporting infrastructure or tinker with the config files.
At the same time, Varnish offers much better speeds when you customize it correctly to your needs. It’s the recommended option for websites where users tend to request a lot of the same files that are easy to predict and call from Varnish cache instead of the system SSD.
Since it’s more flexible than the standard full-page cache, Varnish can be configured to offer 2x the speed boost depending on your use case.
What to look out for: see how well caching is implemented on the website, how much time it saves for your users, whether it makes sense to switch from a full-page cache to Varnish or vice versa. Review cache configuration to make sure it is optimized for your use case.
CDN Speed Assessment
CDN or Content Delivery Network is one of the optimizations that doesn’t get enough recognition. Sign up for a CDN service to see if in your particular use case it makes a difference.
CDN is best used when your audience is fractured and comes to your store from all over the world. So even if you can offer good latency and service to local customers, who are located close to your physical servers, others will experience long waiting times and worse user experience.
As with any business decision, though, make sure the CDN delivers more value than it costs to implement and maintain.
Best CDN criteria:
- ensure CDN has data centers in regions where users come to visit your store,
- check latency, throughput, and make a cost-benefit analysis,
- check that the features you’ll need are available through the CDN,
- measure speed before and after CDN implementation,
- install monitoring tools to periodically check CDN performance.
Magento Security Audit
You don’t need to be the master pen tester to do a security audit of your store. Not that that wouldn’t help. It would. But a solid understanding of what to look out for and a bit of persistence can go a long way, too.
You will need a few tools to scan your store:
Magento Vulnerability Assessment
One of the reasons Magento stores get hacked is because scammers know how to find a vulnerability in your store and use it. One of the most common sources of vulnerabilities is an out-of-date store.
Check which Magento version you run. If it’s something ancient such as Magento 1.4.x or Magento 2.0, update your store to the latest version ASAP. If it’s a more recent version, though, make the decision based on your resources.
We would still recommend that you update as soon as possible since hackers will scan and hack your store for recently described and patched vulnerabilities in hope that you haven’t updated yet. And bear in mind that Magento is one of the most popular e-commerce platforms out there so you automatically become the target of mass attacks.
Check if your third-party extensions are updated. No quick solutions here, either. You’ll have to manually check them one by one to see if they run the latest version. If some of them get abandoned, we recommend that you replace them with a regularly maintained alternative.
What to look out for:
- check which Magento version you run in the Store Admin area. Keeping Magento up to date will easily protect you from most automated hacking attempts,
- see if Magento uses the standard admin URL or a custom one to log in,
- review third-party extensions and their level of security,
- make sure all payment methods are PCI-compliant and safe.
Server and Database Security
Servers often have issues with folders and files permissions. Check how your own file system manages this challenge. There are 3 main user groups in the system: the owner, the group, and everyone else.
Use 770 for folders and 660 for files. If for some reason you can’t do that at least use 755 for folders and 644 for files. Never let the folders /var/, /app/etc/, and /pub/ stay 777 which is something developers might leave from the Dev mode days.
Things to consider:
- minimize Magento-specific vulnerabilities with a dedicated Magento hosting,
- check files and folders permissions,
- install Security Enhanced Linux to segregate users from applications they run,
- mark for removal server software that you don’t need.
User Permissions Audit
Human factor keeps offering hackers an easy way to enter even the most secure systems. Magento is particularly vulnerable to malicious user behavior because it can host dozens of user accounts with multiple privileges and can’t really manage user permissions precisely enough.
For example, a poorly configured Magento 2 will offer your content manager permission to change the price and other sensitive attributes of the products.
Things to analyze:
- review account names, permissions, and login attempts.
- block users that you either don’t remember or can’t recognize,
- limit all existing user accounts to permissions they need to do their job,
- whitelist known IPs such as your office to block login attempts from hackers,
- install a permission extension when you need to designate user permissions with more precision.
Mobile Magento Audit
Mobile browsing is huge in e-commerce. That’s why we decided to look at the mobile part of your store separately. There are two focus points here: usability and performance. To a degree, performance is a part of the usability challenge, but we’ll review it independently in order to bring your attention to a few critical details.
Mobile Performance Review
Speed is everything. Users need it to browse faster, to shop faster. Your customers literally don’t have all day to look at your goods.
They came either with a certain need or are window shopping. Both types of customers want your attention and care simply because you have no idea which ones are which. Let’s make sure all of them get the best service possible:
- measure key performance values (same as in the store performance review),
- check for HTML <picture> tag and other mobile-specific optimizations,
- look for an outside metrics tools such as Google Speedtest to get instructions how to fix key issues,
- use Google Lighthouse and Magento Profiler to gain more in-depth speed metrics.
Mobile speed depends as much on standard frontend and backend optimizations as its desktop counterpart but in general desktop will always show better results. That’s why even if you have a decent desktop Speedtest rating, prioritize what the Mobile Speedtest shows you.
Mobile UX Review
In mobile UX, we concentrate on the same issues and meet the same challenges as in desktops. But with a few notable exceptions:
- smartphones have small screens which means you need to tailor your info to that limitation,
- smartphones use mobile data which is slower and more expensive than a wifi, so you have to make your store lighter and more agile,
- smartphones use taps and swipes instead of significantly more different precise mouse movements and keyboard buttons to navigate the store and fill in data.
Low speeds, slow processors, and a different UI create significant challenges in mobile user experience. In order to combat that, Google introduced mobile-first website design.
What this means is the website needs to prioritize user experience on slower, smaller, less powerful devices instead of the ones that are powerful, large, and easier to use.
It’s a healthy vision when you consider that more than 50% of online shopping gets done using a smartphone.
What to look out for:
- check the metrics to see where mobile users leave the store, especially if mobile browsing shows significantly larger numbers. The biggest perpetrators here are the Checkout page (too many forms to fill in), Product Lists, and your Homepage,
- understand where speed affects user behavior the most and focus on these spots first: make sure that your homepage loads in a heartbeat, that you can add products to the cart quickly, how long and complex is the checkout process, whether the main menu is easy and fast to use,
- confront UX challenges that are unique to mobile browsing with mobile-first mentality: make users fill in fewer forms, create larger buttons, focus on delivering content better for a small viewport, reduce pop-ups and pop-unders,
- complete common user scenarios on mobile from the beginning to the end to see where users might get stuck or frustrated.
Magento SEO Audit
Magento and SEO have a complex relationship. Most generalist SEO teams don’t know all the intricacies of Magento search engine optimization so you aren’t losing much by doing the SEO audit yourself. After all, you’ve been using Magento for a while and know a thing or two about its SEO challenges.
Schematically, an SEO audit will include 3 main parts: on-page, technical SEO, and links. For our case, though, we are going to review Magento-specific issues and challenges.
Duplicate Content Check
Duplicate content is inevitable when you have dozens of near identical items on display in the store. Magento suffers from duplicate content especially badly because it has inherent technical weaknesses that create identical pages without your knowledge.
For example, unless you specifically shield categories, search filters, and other common links from Google, they will clog up your search results and might even steal link juice from your original landing pages.
We’ve covered most common challenges and fixes in the guide on duplicate content. Consult this page if you find it hard to tackle a specific problem on your own.
What to look out for:
- distinguish between user-generated and machine-generated content, learn how to minimize the amount of duplicates on the site (our guide should help),
- make sure you have only one domain to host your store, avoiding the pitfalls of www vs non-www links,
- check if you have restricted service pages, such as categories, filters, and search results from Google indexing,
- check for the multi-store trap where the same content lies unchanged on both pages, regardless of the store,
- use Google Search Console to choose between HTTP and HTTPS protocols and instruct Google which one it should prioritize,
- cut repetitive info on the page to a minimum, this is especially true for bloated footers and legal texts.
Content and Keywords Review
Magento store owners often neglect Google optimization guidelines. And usually all owners fall into two extremes here. One group completely ignores content-based SEO in hopes that “a good product will sell itself”.
The other group fills the page to the brim with spammy text descriptions and meta tags chock-full of keywords.
Keep in mind:
- research your keywords and use them according to Google SEO guidelines: this means 2-3 keywords per page in moderate amounts,
- create a consistent strategy on how to fill meta tags with keywords,
- analyze how your pages get indexed and crawled by Google, which of them are left our or underperform in SERP,
- work out the reasons for any sudden drops in traffic especially around dates of new Google search algorithms announcements, and analyze whether your content has been affected by penalizing filters or not.
Google Analytics Audit
A Google Analytics audit is a treasure trove for an inquisitive mind. This data can show you how customers use your site, where they like to stay for a bit longer and where they drop off. Armed with this data, you can do a lot to make your store more engaging and useful for your potential shoppers.
In contrast with other audits, Google Analytics might need a bit of time to create a meaningful output. We advise you to set up the Tag Manager, Goals, and Universal Analytics in a way that will accumulate more insights, site search queries, records about events and user groups that will make the report so much more useful.
Your task here is to see your site with new eyes. The eyes of your customers. See where they click and – more importantly – where they don’t click.
Google In-Page Analytics offers 2 ways to visualize data on the page. Both bubbles and color highlights offer interesting insights into where users look, what they click, which parts of the page work best, and where you need to improve.
Your task here as an auditor is to see where user don’t like to go and what links they don’t notice.
Read the in-page heatmap:
- understand the survivor bias: instead of concentrating 100% on the hot spots take your attention to the areas of the map where traffic is light or non-existent, make these areas your primary focus,
- study user navigation paths and see where users go from each page. Ideally, build a visual map of your typical customer journey, see the drop-offs and analyze how to improve them,
- see what users read and where they click: examine which tags, categories, in-text links, and articles generate the most foot traffic,
- work both with segments and the big data: lumping everyone together is a good way to see the big picture but you’ll need to separate users into groups to learn about separate trends, likes and dislikes of different like-minded shoppers.
Ideally, every audit you make will result in at least 2 deliverables. A list of challenges and a list of actionable points. These deliverables will serve you as a guidance on how to fix your Magento store step by step.
Taking the time to document your ideas and frustrations will help you later form more precise technical requirements for either the internal or the external dev team who will use it to fix stuff.
As an internal auditor, you don’t act as an independent third party. Bear in mind that during the audit you will both outline issues and monitor how they are fixed (and maybe even fix them yourself).
The more you write down, the easier it will be to guide the changes in your store in the future. A comprehensive DIY audit documentation is a good starting point to improve your Magento store in every aspect.
Not sure if you can handle such a large undertaking? No problem. Our team of developers, QA experts, SEO and UX specialists will share their expertise with you on how to fix your Magento challenges. We make sure you receive comprehensive deliverables that your team can use as a ready-to-use guide on how to fix your store.