12 Ways to Improve Magento 2 Security and Performance
1. #MM17DE
Pavlo Okhrem
CEO at Elogic Commerce
12 Ways to Improve Magento 2
Security and Performance
OFTOPIC
Your Company logo
2. #MM17DE
CEO and Co-Founder at eLogic Commerce
Vice president of International affairs at
Cluster BIT
Co-founder and chairman at Chernivtsi IT
CEO Club
Participant in international business
programs in Sweden and Norway
Not married
3. #MM17DE
Performance
1. Environment settings: PHP
2. Job Que
3. DB solutions: Scaling
4. Client side features
5. Advanced caching
6. Images compression, CDN
7. Profiling instruments for code optimization
8. Catalog search optimization
Agenda
Security
9. Permissions
10. Secure workflow/deployment
11. Server side logging configuration
12. Best practices of application configura
for security purposes
5. #MM17DE
Recommended list of extensions
Sufficient memory_limit 768MB
XDebug adds extra 20% to response time
OpCache with recommended settings:
- Enough memory portion to fit the code [512MB]
- Max_accelerated_files_count [60000]
- Timestamp validation / Consistency checks
Note: Max performance will be achieved only if
OpCache is enabled.
Environment Settings: PHP
php-bcmath
php-cli
php-common
php-gd | php-imagick
php-intl
php-mbstring
php-mcrypt
php-pdo
php-soap
php-xml
7. #MM17DE
DB Solutions: Scaling (EE)
Main (Catalog)Main (Catalog)
MasterMaster
Checkout
Master
Order MS
Master
Main
Slave
Catalog
Slave
Checkout
Slave
EAV
Slave
…
Available only in Magento 2
Enterprise Edition
8. #MM17DE
DB Solutions: Scaling (EE)
Adding a Slave database:
CLI: magento setup:db-schema:add-slave
Moving a separate part to a separate master database:
CLI: magento setup:db-schema:split-quote
CLI: magento setup:db-schema:split-sales
9. #MM17DE
Configuration: Client side features
Minification (CSS, JS, HTML)
JS resources bundling
Caching of static content
Images compression
CLI: magento catalog:images:resize
12. #MM17DE
CDN and image compression
CDN will help you to
deliver content faster.
Reduce images size where possible.
Use JPEG format for catalog pictures.
15. #MM17DE
Catalog search
Magento 2 EE provides the support for
Solr – a robust catalog search engine
option.
Elasticsearch utilizes the RESTful web
interface as well as uses schema-free
JSON documents. Merchants prefer this
search engine, because it offers real-time
search, high scalability, and enterprise-
level performance.
18. #MM17DE
Permissions
The owner of the Magento file system: Must have full control (read/write/execute)
of all files and directories.
Must not be the web server user; it should be a different user.
The web server user must have write access to the following files and directories:
var app/etc pub
In addition, the web server's group must own the Magento file system so that the
Magento user (who is in the group) can share access to files with the web server user.
19. #MM17DE
Permissions
All directories have 770 permissions.
770 permissions give full control (that is, read/write/execute) to the owner and to the
group and no permissions to anyone else.
All files have 660 permissions.
660 permissions mean the owner and the group can read and write but other users
have no permissions.
20. #MM17DE
Workflow
Limit the access to the production server. Ideally, with the help of CI, so
nobody will have access to the live container
Limit admin access (use different roles)
Only 1 person should have the access to merging commits and deploying
them to the live environment
Purchase extensions from verified extensions providers
21. #MM17DE
Server logging
Configure the logging in a way that it detects all of the suspicious
activities on your server
Configure the firewall
Use Fail2Ban to ban all of the suspicious activities on your server
22. #MM17DE
Application configuration
Change the default admin url path
Change the default downloader url path
Use only secure communications protocol (SSH/SFTP/HTTPS)
Use strong, long, and unique passwords, and change them periodically.
Immediately install patches when new security issues are discovered.
23. #MM17DE
One more thing
Close all of the unnecessary ports on your server
Restrict SSH access by IP
Use password managers like LastPass, PassPack etc to
store password securely
24. #MM17DE
Useful resources
https://elogic.co/blog/ultimate-magento-performance-guide-nginxhttp2php-7-0-
8/ - How to configure Magento with http/2
https://elogic.co/blog/magento-security-lifehacks/ - Magento security
lifehacks
https://github.com/magento/magento2-zray - Magento2 z-ray plugin
https://www.linkedin.com/pulse/20141210024646-1143212-22-ways-to-
bulletproof-your-magento-security - 22 Ways to bulletproof your magento
security