AUDIT REPORT EXAMPLE
Severity levels: low, average, high, critical Difficulty levels: low, average, high
I. General information and server configuration
Problem: Too many HTTP requests. Found (on homepage): Severity: Average
Recommendations:
combine external javascripts / css files – as much as possible transform various background images in CSS sprites
Use CDN for static resources (this will also avoid passing the cookies when make requests to static content – thus improving page load time)
Difficulty: Average
Problem: Images are scaled down from HTML, causing 2 issues: 1. Unnecessarily high bandwith usage
2. Unnecessary browser processing when scaling the images. Severity: Low
Recommendations: Modifying the images so they are the exact dimensions as the ones that are used (note that this applies both to images that are resized programmatically, and to various theme related images that will need to be manually resized – like to logo, which is 285x63, and
Problem: Missing Expires headers for various content. Many static components don't have expires dates, and thus they are not cached
Severity: Average
Recommendations: Set the expires headers, so they can be cached by the browser or use a CDN
Difficulty: Low
Problem: Missing compression for many static files. Severity: High
Recommendations: Add gzip compression to static files, or use a CDN Difficulty: Low
Problem: Javascripts / css are not minified Severity: Low
Recommendations: Minify these static resources whenever possible Difficulty: Low (admin panel configuration)
Problem: Various PHP configurations Severity: Low
Recommendations: We recommend changing the following php.ini configurations: precision: 8 (currently 14)
we can consider upgrading PHP to 5.4 (currently 5.3.24). Magento announced recently that magento community (version 1.6 and higher) supports PHP 5.4 – and this will improve performance and memory usage. However, this should be approached with care, since it may break some of the older modules.
Difficulty: high (should be done by server administrator after we do a complete test on our own server. Your hosting provider may not be willing to do this modification)
II. Module reviews
We only checked the modules in local.
Module DesignCoil/ExtraTabs: no comments
bad variable/method naming standards (including method names that are in German) Conclusion: No obvious problems with the module, except readability. Potential for bugs: very low (considering the tiny codebase)
Module AW/Onestepcheckout:
code is generally well commented
very well enforced Magento coding standards minor issues with handling exceptions
(Helper/Points.php::getAppliedPointsDiscountAmount()#80, controllers/AjaxController.php::saveFormValuesAction()#196)
Conclusion: Well written and documented module, overall of good quality. Potential for bugs: Low (considering the large codebase)
Module Infortis/Brands:
Code is not commented Obfuscated variable names
Magento coding standards are generally respected Using jQuery
Conclusion: Due to the variable name obfuscation and lack of comments, it's difficult to check/debug. The potential for bugs is low, considering the small codebase.
Module Infortis/CloudZoom: Code is well commented
Magento coding standards are generally respected Using jQuery
Conclusion: Small, fairly well written module with low potential for bugs.
Module Infortis/UltraSlideshow: Module Infortis/Ultimo:
Conclusions:
The installed modules come from the following vendors (in community and local): Billpay, Crius, Dhl, Ebizmarts, Paymill, Phoenix, AW, DesignCoil, Infortis, Mage, Trollweb.
No rewrite conflicts were found between currently installed modules. No database issues except for some unused tables
Some modules use jQuery 1.7.2 (a javascript library that's not included in magento): Infortis/Brands, Infortis/CloudZoom, Infortis/Ultimo, Infortis/UltraSlideshow. This can potentially cause conflicts, if jQuery is included multiple times by various modules, or have dependencies of differente jQuery versions. There seem to be no conflicts with the currently installed modules – as they are made by the same company, however this should be taken into consideration when installing new modules.
The modules and the theme all have translatable texts
Overall, the modules respect coding standards, and there seem to be no major issues with them. Also, most of these modules are actively maintained.
III. Magento core files modifications
Magento core files modified directly. These changes will be overwritten if an upgrade is made, and need to be saved before making an upgrade:
Overwritten core files. These are files are are not overwritten using the rewrite functionality, the file is copied, and then the modifications are made. This can cause upgrade problems.
Frontend modifications:
The theme used is ultimo, the original files are in ……. The customizations made to the theme are in the following folders:
app/design/frontend/ app/design/frontend/ultimo/ app/design/frontend/ultimo/
The modifications made the the ultimo theme are done according to Magento best practices, and are well documented.
Conclusions:
There are very few core modifications and rewrites that aren't done according to best practices, these are minor and easy to fix, and an upgrade would have little to no impact on the current functionality of the website.
Difficulty: Low
IV. Audit conclusions
1. There are few custom modules and modifications. Although some modules have minor problems, the majority of them follow Magento coding standards and are actively maintained.
2. The server configurations are overall appropriate. There are some tweaks that can (and should) be made, that would improve the site load speed, and in certain situations these improvements could be significant.
3. An upgrade is recommended to keep up with all the recent security updates,
optimizations and features Magento has to offer. The main concern here is the compatibility of the Ultimo theme with Magento 1.8, so some problems may occur, but the theme seems to be well written, so these problems should be fairly small.
V. Extra statistics
Raw data on which we performed part of the analysis. Explanation of the table fields:
URL the URL that was tested (the full domains are not included, just the path after the domains)
js – number of javascript files used in this page css – number of css files used in this page img – number of image files used in this page css img – number of css images used in this page
total requests – the total number of requests for this page
requests missing expire – the number of requests that are missing the Expire header on this page
doc size (kb) – the document size for this page (excluding external files)
page size (kb) – the page size (including external files, like javascript, css, images, fonts) scaled images – the number of images that are scaled by the browser.
