Some resources for conducting Magento Site Audits

Audit that Magento site before you take it on as a project!
Audit that Magento site before you take it on as a project!

The following pointers can get you well on your way to auditing a Magento site:

Multisite: Websites, Stores, Views
Environments: Production, Stage, Dev, etc
Versions: Magento, Apache/Nginx, PHP, MySQL (etc), OS, etc
CDN(s) in use
Hosting info, Physical topology, load balancers/edge devices, network diagrams, etc
Operations plans: Steady-state, Scalability plans,
Existing testing/QA plans
Monitoring, alerting systems and plans, historic/baseline stability/outage report (for before/after comparison)
PCI compliance & auditing
Credentials to everything: Magento & other frameworks, Servers/SSH/sFTP, VPN, DB's, CVS, Control Panels, etc
Backups and Restores, DMP (Data Management Plan) - Retention, Rotation, Restore, etc (including Databases, Media/Files directories, etc)
Extensions and Custom Code, Hacked Core Files, Versions, Patches/Hotfices applied, security audit
Enterprise License info
SSL certificates, domains not expiring?
Traffic patterns & peaks analysis
SEO reports, baseline SEO performance (for before-and-after comparison)
Average order values, total orders, peak simultaneous users in checkout, etc
Catalog size and complexity (items, types of products in use, categories, attributes & attribute sets, etc)
Caching (Varnish, Memcached, APC, OPcache, others)
OS configs required (htaccess/Apache Redirects, virtual hosts, symbolic links, etc)
Enviro variables (PHP Mem Limit, timeouts, max uploads, DB max users/threads/etc)
Log files: Running? Trimming? Capping max size/rotating?
Critical existing errors in log files? Retain existing logs before trimming? (For before/after comparison)

Some web resources:

Cadence Labs: How to audit a site for upgrades or custom functionality: https://www.cadence-labs.com/2016/02/how-to-audit-a-magento-site-for-upg...

Tags: