Magento
Magento EOL: Am I able to retain PCI Compliance on Magento 1?
With Magento’s end of life (EOL) fast approaching we’ve had some clients raise the question – ‘Are we still PCI compliant after June?’. PCI compliance can be very ambiguous with the PCI Council rarely commenting on specifics. This has led some actors to jump in and claim that they’ll look after clients wanting to stay … Continue reading
Debugging Magento 2 Varnish
Magento 2 comes with two options for full page cache (FPC), Built In Varnish Its worth noting that only dynamic content is cached with Magento 2 - and that we don't recommend using Varnish to cache static content. There's nil performance benefit and it will actually reduce performance as Varnish is overburdened with static assets … Continue reading
Patching Magento SUPEE-10975
SUPEE-10975 is an important security update for Magento to address remote code execution and SQL injection vulnerabilities. Where to download Its best downloading the patch from the Magento.com download section - or via MDA - the Magento download tool (this is what this guide will use). Dependencies SUPEE-10975 Applying the patch The application of this … Continue reading
Patching SUPEE-8788
SUPEE-8788 is an important security update for Magento to address remote code execution and SQL injection vulnerabilities. Unfortunately, Magento have released two versions of SUPEE-8788 due to insufficient testing that lead to conflicts with previous patches. The original SUPEE-6788 patch (released before 14/10/2016) is known as SUPEE-8788 v1 (although, this it is not identified as … Continue reading
Identifying and blocking "Bad" Magento traffic
There's a number of common attacks on Magento stores; that can range from aggressive crawlers/bots, to XSS attacks, to severe SQL/compromise attacks. There are two approaches to dealing with attacks of this nature, Automated - Through the use of a WAF Manual - By traversing log files for patterns and blocking said patterns/sources as necessary … Continue reading
Correcting incorrect timestamp after server migration
An issue we (admittedly infrequently) come across when moving Magento stores from one server to another, is when the previous server's time was incorrect - causing all historical order data to be incorrect on MySQL import. More often than not, we see stores migrated from US West (-7:00) show orders that are in the future … Continue reading
Fix for "No search results" after CLI reindex on Magento Enterprise (SOLR)
Edit shell/abstract.php and add Mage::app()->addEventArea('adminhtml'); public function __construct() { if ($this->_includeMage) { require_once $this->_getRootPath() . 'app' . DIRECTORY_SEPARATOR . 'Mage.php'; Mage::app($this->_appCode, $this->_appType); + Mage::app()->addEventArea('adminhtml'); } $this->_applyPhpVariables(); $this->_parseArgs(); $this->_construct(); $this->_validate(); $this->_showHelp(); }
Finding all Magento secure URIs
We recently needed to try and identify all HTTPS URI's in a customer's store and had to quickly write a script to scan the core, local and community directories to find any pages that used HTTPS. This is by no means 100% accurate, but will be a good starter indication of finding URL's that are … Continue reading
Simple Magento performance/load testing with Mage-Perftest
Mage-Perftest is a simple Linux command line tool to test the performance of your Magento store, it can perform a number of clever operations which makes it far more suitable than siege or ab. Its not a replacement for fully fledged simulation tools (like jMeter), but it is simple to set up and run. You … Continue reading
The nolocal theming and packaging methodology
So this will cause ultimate uproar and go against the grain of every Magento developer - but we've got a solid process for theming - that does not use local.xml (more on that later). We always work off the base/default template - but zero out the CSS. Even though all designs don't particularly lend themselves … Continue reading