Optimal Secure Magento Hosting

Business needs of a optimal secure Magento hosting

  • Optimal
    • Best response times for each hit – server response is a critical factor to overall page load time.
    • Planned use of memory and other resources.
    • Cost effective solution – neither a cheap solution that may not work nor an over engineered expensive one that may never get used.
  • Scalable
    • Path to scalability should be well defined depending on the business need for the next 3, 6 or 12 months.
  • Secure
    • Multi layered security for your customers’ data and the infrastructure.
    • Serve valid human traffic and keep BOTs out.
    • Reasonable protection against DOS attacks.
    • Web Application Firewall to keep application hacks like SQL Injection at bay
    • Backup and disaster recovery
  • Efficiently done automatically in background
    • Minifiy css and js assets
    • Generation images of various sizes needed in the app
    • Optimize images on load or on generation
  • Insight
    • Configurable alerting when site slows or breaks
    • Dashboard to see system performance
    • Debug help for developers when something breaks
luroConnect Insight performance graph

Renting a server for hosting is now a commodity. Most vendors have very similar offerings. A multi vendor strategy that as far as possible avoids vendor lockin is needed. Managed hosting from a provider with multi vendor capability will help you keep your processes and choices clear.

Can this be achieved?

Hosting a Magento website does not have to be either an ignored problem nor should it be rocket science (or maybe magic even). Firm scientific principles can be used to ensure a website is well hosted and has alerts when the system goes out of capacity.

Essential Components

nginx + php-fpm
  • load balance as you scale or as per traffic pattern.
  • rate limit from a single IP to protect against DOS attacks.
  • restrict bad IPs from accessing the sites.
  • allow or keep away BOTS based on their User Agent signature.
  • Secure configuration disables php execution from non code directories
  • Secure hosting ensures web application cannot change code files
redis
  • Used for storing cache and sessions in memory
  • Configurations of Full Page Cache include memory limiting
  • sessions rejection based on rate preventing Magento lock
mysql
  • oracle mysql is improving but Percona and Mariadb perform better even now
  • Mysql for Magento requires configured balance between memory available and cache size.
luroConnect Insight
  • Cloud tool to analyze log file data from live site
  • Dashboard to show crucial parameters from the site
  • Alerting when site slows or gives error
  • Alerts from analyzing actual hits on the site
  • See Top 10 IPs, BOTS to help decide what to block or allow
  • Rate limit blocking to help find good from bad

Optional Components

Web Application Firewall (WAF)

Using Open Source ModSecurity custom built for nginx, along with custom rules for Magento we enable a reasonable level of security directly on the edge server as part of the stack. Preventing popular SQL injection and Cross Site Scripting using the OWASP ruleset (or the commercial Trustwave ruleset)

Offline minification of css and js

css and js files need to be minified. Magento offers merge and minify option, but many times the minifier fails, resulting in a site that cannot be rendered.
Our minification technology allows exclusion of files that give errors on minification and is only performed on deployment of new code.

Image Upload & Optimization

When a site needs frequent uploads of products, upload of images requires insecure access to Magento. Our solution allows safe upload to a “pod” from where images are transferred transparently and automatically to the desired folder.

Similarly our image optimization will optimize Magento generated images, either lossless or to a level of optimization acceptable, keeping the original images intact. This technology is compatible to all modern CDNs.

Also needed
  • CDN

We can analyze your site for free

Schedule a call

Not happy with your website performance and want an expert to look at it?

  • We will analyze your site using public information.
  • We will ask you to give us a 1 day web server log file.
  • We will try to identify what steps if any you should take to improve your sites performance goals.

Video - Magento scaling and performance

Its free!

Using analogy to vehicular traffic we explain performance and scaling in Magento.

  • Know how to compare hosting options
  • Importance of good code
  • How to scale
  • Tuning Magento