Published: March 3, 2010
Professional Magento
Page 2 of 6 Installing Magento in and of itself is not terribly difficult. However, there is a lot of work to be done between the install and launch of a proper Magento site. We can save you hours of experimentation by applying what we have learned over many Magento installations.
More importantly, you’ll end up with a storefront that is faster, more secure, SEO optimized, and closer to launch than what you get from a typical Magento install.
Professional Magento Installation in a Nutshell
Six community extensions that we have found to be the most useful ($300 value – we typically charge $50 per extension install)
Performance optimization – Quick Cache extension, content compress, and miscellaneous configuration tweaks to improve your site’s performance ($89 value)
Security optimization – Configure admin area to be accessible through URL of your choice, enable Recaptcha, and turn off Saved Credit Card payment option
Search engine optimization (SEO) – Implement most of the suggestions in this blog post from the experts over at Yoast
Update proof - Edit your templates and layouts without worrying about it getting overwritten in a Magento update
Removal of front-end Magento branding – The default Magento install includes some tough to remove branding such as call-out advertisements that we remove for you
General usability – Enable cron jobs for maintenance and other miscellaneous tasks
What We Need from You
After you place your order, we’ll send you an e-mail survey to help collect some of the information we need.
We currently only offer this service for Apache web server environments
We can apply these items to any Magento installation – however, we do not recommend applying them to a site currently in production; if you would like us to perform this service on a production website, we will require a release of liability for any down time that occurs during the service
SSH access with a user that has sudo rights or root privileges FTP access
MySQL connection information for a root user (IP address, user, and password)
Your desired admin address (i.e. http://yoursite.com/myadmin) – should be something other than “admin”
SSL status (enabled or not?) – we strongly recommend that you have SSL configured on your server for the security of you and your users
Domain name and www vs. non-www preference
Root Magento directory (if not specified, we’ll create one for you)
Page 3 of 6 the credentials you send to us after the Professional Installation is complete. When we are finished, we will send you an e-mail with instructions and suggestions on securing your site.
Because of the nature of the internet, we cannot guarantee that your information will be safe. We are not responsible for the security of your server. Please change your credentials after we are finished with the installation.
Helpful Community Modules
Magento is famous for its developer community. Here are the six community modules that we recommend for every Magento install:
Yoast Canonical URLs (SEO) Yoast MetaRobots (SEO)
Fooman Invoice Number = Order Number (Usability) NastNet Order Print (Usability)
Fontis WYSIWYG (Usability) Fontis Recaptcha (Security)
Performance Optimization
One of the biggest complaints about Magento is that it is slow and bloated. As part of our Professional Installation, we implement some best practices and also give you our Quick Cache extension to speed up category pages.
Install Quick Cache extension
Enable GZIP content compression for site (edit the root .htaccess file) Configure sessions to be managed by the database
Enable content caching in Magento (remember to refresh your cache any time you install a new extension!)
Magento performance optimization can be complicated. The tasks above should be seen as establishing a foundation for your optimization strategy. If you are looking for the ultimate performance increase, we strongly endorse Delorum’s LightSpeed extension. At $500, it may feel pricy, but it is more than worth it.
Security Optimization
Having a website that your customers can trust is key to turning visits into dollars.
Install Fontis Recaptcha extension – prevents robots from submitting comments, sending e-mails, registering, and more
Set up admin area to be accessible through URL of your choice (other than “admin”) Payment Methods->Saved CC - Change “Enabled” to No; this isn’t required, but unless you
Page 4 of 6 As with performance, we merely set up a foundation to build on. In addition to the items above, we recommend that you take the following actions:
Configure your server for SSL and enable secure URLs in the frontend and backend Use strong passwords for all administrative users
Use strong passwords for all SSH, FTP, and database users
In order to support file uploads via FTP, we set your site permissions to 777 for the entire
directory. What does this mean? All users on your server can read, write, and execute files in your website. This is not a secure solution.
We recommend that you become familiar with Linux permissions and set the owner of your
website and all sub-directories to the apache user and apply 700 permissions to the website. When you need to upload files through FTP, temporarily switch permissions to 777.
We do not guarantee that your site is hacker-proof and are not responsible for any security incidents related to your server or website.
Search Engine Optimization (SEO)
SEO is key to getting interested customers to visit your website. Magento is extremely SEO friendly. As part of our Professional Installation, we implement most of the recommendations detailed in this blog post by the experts over at Yoast.
Install Yoast Canonical URLs extension Install Yoast MetaRobots extension
Add a rewrite rule to the root .htaccess file to redirect www visitors to non-www or vice versa (i.e. go from www.yoursite.com to yoursite.com)
Remove default title in Design->HTML Head
Remove default description in Design->HTML Head Remove default keywords in Design->HTML Head
Set “Use categories path for product URLs” to No in Catalog->Search Engine Optimizations Set “Use Web Server Rewrites” to Yes in Web->Search Engines Optimization
Configure Catalog->Google Sitemap to include a sitemap called “sitemap.xml” with a base path of “/”
Add a robots.txt file in path/to/magento with the contents: “Sitemap: /sitemap.xml”
Update Proof
Magento is frequently updated. Though you may not be keeping up with the latest version of Magento, there will come a time when you need to update your Magento version. When you do, you’ll want to make sure that the changes you have made to templates and layouts don’t get over-written.
Page 5 of 6
Note: After this change is made, any editing of layouts or templates will need to occur in
path/to/magento/app/design/frontend/default/evolved/. Editing of css, images, and other skin-related assets will need to occur in path/to/magento/skin/frontend/default/evolved/.
Many extensions will add new templates and layouts to path/to/magento/frontend/default/default. Depending on your version of Magento, these will get used as advertised. However, if you notice any odd issues after installing an extension, move all of the template and layout files included with the extension to path/to/magento/skin/frontend/default/evolved/.
Removal of Front-End Magento Branding
We get rid of those annoying call-outs, favicon, and demo polls for you. Remove favicon.ico path/to/magento/favicon.ico,
path/to/magento/skin/frontend/default/evolved/favicon.ico, and
path/to/magento/skin/frontend/default/default/favicon.ico (we recommend replacing it with your own favicon)
Comment out content of
path/to/magento/app/design/frontend/default/evolved/template/callouts/left_col.phtml (if you want to use the left call-out, put in your own content)
Comment out the content of
path/to/magento/app/design/frontend/default/evolved/template/callouts/right_col.phtm l (if you want to use the right call-out, put in your own content)
Remove the “Keep Magento healthy” notice from the footer in
path/to/magento/app/design/frontend/default/evolved/template/page/html/footer.pht ml
Set the demo poll to “Closed” in CMS->Poll Manager
After the installation, there are some other branding tasks that you should complete. Those are detailed in our Magento Pre-Launch Configuration Checklist available on our website.
General Usability
Install Fooman Invoice Number = Order Number extension Install NastNet Order Print extension
Install Fontis WYSIWYG extension
Enable hourly cron job to run scheduled tasks
Configure Currency Setup->Scheduled Import Settings Configure Catalog->Product Alerts Run Settings Configure Google Sitemap->Generation Settings Configure System->Log Cleaning
What Next?
After the installation, please do the following:
Page 6 of 6 During the installation, we will create a MySQL user that has rights to your Magento
database – we recommend that you change this user’s password and update the site’s configuration to reflect the change; here’s how to update the database credentials in Magento:
o Make sure that caching is OFF before changing the MySQL user’s password – if you do not do this, the site will continuously attempt to connect using the old password o Change the user’s password in MySQL
o In path/to/magento/app/etc/local.xml, look for the line that says <default_setup> o In the local.xml file, just below <default_setup>, there will be a line that begins with
<password>
o Change the password that is inside of the second square bracket to match the new password
o Verify that your site is still connecting o Turn caching back on
If you haven’t done so already, install an SSL certificate (work with your hosting provider to accomplish this) and enable secure URLs in the frontend and backend; here’s how in
Magento:
o From the admin panel, go to System->Configuration->Web->Secure
o Change Use Secure URLs in Frontend to “Yes” and Use Secure URLs in Admin to “Yes”
Learn about Linux file permissions and set the owner of your website root directory to the apache user and assign permissions 700 – when you need to upload anything over FTP, temporarily change the permissions to 777
o To change the owner: sudo chown –R apache path/to/magento o To change the permissions: sudo chmod –R 700 path/to/magento
