Magento remains one of the most popular eCommerce systems in the world, but it’s not without some areas of weakness. It’s a platform for selling that leads the way when it comes to features, scalability and flexibility – but all this advanced functionality inevitably has an impact on the speed and performance of your site.
This article takes a look at the more intricate details of development with top tips such as keeping up with security updates, choosing extensions and keeping a close eye on your site’s performance.
Follow Coding Standards
Magento’s architecture is very large and diverse. It is common for developers to use multiple libraries, extensions or frameworks and combine them into a single Magento site. It is important the code adheres (as close as possible) to a common code style to make it easy for developers to mix and match various libraries for their projects.
Like many platforms, Magento follows a set of coding standards for all the files that make up its architecture. When developing custom extension we recommend sticking to the official Magento Coding Standards so the code is kept consistent across the whole codebase and it’s easier to maintain.
Doing this manually can become a lot of work, luckily there are tools like PHP CodeSniffer that can help automate coding standards checking and even prevent changes in the files in the code doesn’t adhere to a specific set of standards.
Keep Up With Security Updates
Magento is well known for releasing security patches and updates to its core components to help prevent malicious code from spreading in your eCommerce site. It is important to apply these patches as soon as possible, Magento usually displays a notification in the backend of the site to let you know when new patches are available so it’s easy to know when a new one comes out.
Magento is well known for releasing security patches and updates to its core components to help prevent malicious code from spreading in your e-commerce site, so It’s important to apply these patches as soon as possible.Tweet this now
In addition to this, it is also useful to keep 3rd party extensions and modules up to date as well since they might expose vulnerabilities themselves that Magento might not cover with their patches. Doing this requires some extra work, in some case,s developers will use the same notification system in the backend that Magento uses to let you know when an update is available but it’s not always the case. Sometimes you’ll need to check the extension developer’s website and see if there’s an updated version of the extension and apply it manually.
It is also worth using the latest supported PHP and MySQL versions as they tend to include fixes to their own code. Older versions of PHP are not supported anymore which means that they will stop getting security fixes and open your Magento store to vulnerabilities.
It’s important to always perform some testing of the whole e-commerce website after applying patches or updates, especially if it relies on several 3rd party extensions, to make sure everything is working properly and the performance of your Magento site is not compromised.
Do Not Change Core Files
One of the better known best practices for Magento development is to never modify core files directly, the main reason for this is that your changes might get overwritten the next time Magento is updated. Also, it can prevent security patches from applying correctly because they expect to find certain content in these core files and, if it’s different, patches won’t work at all.
Magento exposes multiple ways of changing its core functionality without having to directly edit any file, one of the most common ways to do this is using Event Observers. One of the best ways to add code to Magento is to make use of its built-in event system. This allows custom code to be fired without having to rewrite models or blocks. Developing with observers means that the code is more independent and less likely to conflict with other extensions.
Since Magento 2 was released it also provided another great way to modify Magento’s core in the form of Plugins (Interceptors). Plugins are similar to events but give developers more power as they let you change or add functionality before, during or after a core function is called (contrary to events where code can only be run after). This approach reduces conflicts among extensions that change the behavior of the same class or method. The plugin implementation changes the behavior of a class function, but it does not change the class itself. Magento calls these interceptors sequentially according to a configured sort order, so they do not conflict with one another.
Pick Extensions Carefully
Most changes to Magento’s core functionality is done through extensions, and one of the strongest incentives in favour of using Magento as an eCommerce platform is the high number of extensions available from third-party developers.
Having these many options comes with a disadvantage, it is not uncommon for some extensions to cause issues in your site, introduce security vulnerabilities or make it harder to make changes or add new functionality. There are plenty of extensions out there that don’t follow any kind of coding best practices or hasn’t been updated in a while so it’s a good idea to do some research before installing any kind of third-party module.
There are plenty of extensions out there that don’t follow any kind of coding best practices or hasn’t been updated in a while so it’s a good idea to do some research before installing any kind of third party module.Tweet this now
As a good rule of thumb extensions published in the official Magento Marketplace tend to have higher than average quality standards as they are subject to a set of technical and marketing review tests by the Magento code team. This quality program ensures that only the best extensions make it onto the Magento Marketplace, they are rigorously tested to meet Magento standards and best practices making sure the marketplace can be trusted as the #1 source for best in class extensions.
If the extension you want to use doesn’t come from the Magento Marketplace it’s important to perform a code review of the module before installing it on your site. Some of the things to look out for can be:
- Does it follow Magento’s coding standards?
- Does it try to extend functionality by rewriting core files?
- Has it been updated recently?
- Does it conflict with any other 3rd party extension installed?
If the extension meets a minimum quality criteria you can start building a list of trusted (and untrusted) extension providers, so you can know where to go the next time you need any custom functionality.
Keep An Eye On Performance
It’s not uncommon to see website performance start degrading over time, this can be caused in part by 3rd party extensions running code in a less than optimal way or updates including additional functionality and requiring more resources from your server.
Google has indicated site speed (and as a result, page speed) is one of the signals used by its algorithm to rank pages, so it’s very important to keep Magento sites loading as quickly as possible.
An easy way of improving site speed is by removing modules that are not being used or are not used as much, this applies mostly to 3rd party extensions but can also be used for core Magento code, eg: if you don’t sell on Amazon you can safely disable all the Amazon-related modules from your site and save Magento some resources by not having to load them on every request.
There are tools you can use to keep track of your site performance, Google’s PageSpeed Insights is a great way to measure site speed in both mobile and desktop, not only because it provides information about multiple key areas of your website and how to improve them but also because it’s a good insight in what Google is looking for when deciding to rank websites higher than others. The Pingdom Website Speed Test is also very useful as it can also provide some suggestion focused around SEO and content optimisation.
Ultimately, following these tips should help you along the way, however, if you are seeking more personalised guidance on what can be done for your site please get in touch and we’ll be happy to help.