Digital Marketing Agency – TIS India Blog

Magento is now leading ecommerce platform and you can figure bunch of websites done in Magento while browsing web. Since it is a ‘heavy’ feature rich ecommerce CMS system, shoppers want that the speed offered by its default configuration should be high. Further, popular ecommerce platforms like Magento stand first in the list of potential victims as they deal with monetary transactions, therefore, these sites need advanced online security management.

Though, you can find many Magento developers who can easily configure and implement nice look to your website, it’s quite important that speed and security of Magneto websites are enhanced to ensure good conversions and secure shopping. After an in-depth research work, I have listed here a few simple but effective tips that will enhance speed and security of your Magento site.

Tips to enhance speed of Magento site:

With the launch of Google Panda 4.0, loading time of any website has become an important criterion in Google ranking. Those websites that take too much loading time can lose their ranking in Google search result page. Moreover, having a slow Magento website can be frustrating and can affect your ecommerce business. Read following statistics:

• 18% of shoppers abandon their cart if pages are too slow. Source
• 51% of online shoppers in the US say that the slowness of any website is the top reason they’d abandon a purchase. Source
• Even 2 second delay in load time during a transaction results in abandonment rates of up to 87%, which is significantly higher than the average abandonment rate of 70%. Source

In order to enhance speed of your Magento website, I have collected a few effective tips. Apart from following the below mentioned tips, you should also avoid Magento SEO mistakes to increase page-load speed of your Magento website:

1. Merge CSS and JS files

Merging CSS and JS files is an easy but effective way to enhance speed of Magento website. There are various CSS and JavaScript files in a website and if you combine these files, then the website has to load only one CSS and JS file that will make each page load faster.

How to merge CSS and JS files?
In Magento admin, (top menu) System -> Configuration, (left nav) Advanced -> Developer, (main page) JavaScript Settings, CSS Settings. Just set “Merge Javascript” Files and “Merge CSS” Files to “Yes”.

You can also install Fooman speedster extension, which merges and compresses JavaScript and CSS files. This extension also reduces the total size of files to be loaded as well as the number of HTTP requests.

2. Enable compilation

Compilation is a new feature in Magento version 1.4.x.x and above. It compiles files and scopes into more easily accessible blocks of HTML. If you turn compilation on, it can provide between 25% to 50% better performance depending on the page requested. It is important to know that if you need code modifications, updates, and extension installations, then compilation needs to be disabled first.

How to enable compilation?
In Magento admin, (top menu) System -> Tools -> Compilation, click Enable.

3. Delete unused extensions

Deleting unused extensions is one of the best ways to speed up your Magento website. It is required to completely remove unused extensions rather than just disabling them because when you disable an extension, it still exists in the database and increases the size of your database (DB). So, if you do not require any extension, delete it completely.

How to Uninstall Magento Extension?

• Log into your Magento administration panel
• Click on Magento Connect Manager
• Click the dropdown menu besides the extension name and choose “Uninstall”. Then click “Commit Changes”.

4. Clean database log

It is easy to understand that your Magento website cannot load in less time with a huge database. Many ecommerce websites keep too much data on their website that they have never used. You should clean this unused data if you want your website to run fast.

How to clean database log?
Cleaning unused data will not take you more than 15 minutes. You can clean logs via Magento admin panel by following the below method:

• Log on to your Magento Admin Panel
• Go to System -> Configuration
• On the left under Advanced click on System (Advanced -> System)
• Under system you will see “Log Cleaning” option
• Fill the desired “Log Cleaning” option values and click Save.

5. Enable Magento Flat Catalog

Magento uses the EAV database module to store all the data related to customers and products. This implies that each category or product has information spread throughout dozens of tables. Enabling the Flat Catalog improves performance of your website as it allows Magento website to build the same objects with one single DB query from one single DB table. All online stores should enable Flat Catalog for Categories and stores with over 1000 products should enable Flat Catalog for Products.

How to enable Flat Catalog?

• In the Magento Admin, go to System -> Configuration -> Catalog
• Under “Frontend”, change “Use Flat Catalog Category” to YES
• Under “Frontend”, change “Use Flat Catalog Product” to YES (optional)

Tips to enhance security of Magento site:

With cyber crime on a rise, nobody wants to provide any loopholes that may allow hackers to creep in their online store. Further, if any virus enters your e-store, it can damage database of customers as well as the whole website. Many people choose Magento for building ecommerce website and if you are also planning to build your website on Magento, it is necessary to follow below mentioned security tips:

1. Use latest Magento version

Magento consistently gets updated with new features. Updating your Magento website with its new version is important to enhance security. Latest versions of Magento fix security issues of the preceding ones; therefore, it is quite vital to stay informed about the latest Magento version and once a stable release is out, get it implemented.

2. Choose a secure password

If you are not choosing secure password, your Magento website can give access to hackers easily. When you are choosing your website’s administrator passwords, choose it wisely. Some guidelines for creating a really secure password are:

• Use at least 10 characters for creating password
• Mix lower and upper case, punctuation and numbers
• Making your password phonetic can make it easier to remember and type quickly

Make sure to not use the same password everywhere, and SSH password and DB root password should not be the same. You can also use a non root user for SSH or your specific Magento database. Try to refresh passwords every 3-6 months and force all of your administrators to do so as well. Further, saving your passwords in your browser may be a convenient way, but certainly not wise because those who have the access to your computer can easily read the credentials and use them.

Magento also provides users a great password recovering facility through their pre-configured Email address. If this email gets hacked your whole Magento website becomes vulnerable, therefore, you need to make sure that the email address you use for Magento site is not publicly known.

3. Enhance security of admin panel using custom path

Generally, you access your Magento admin panel by going on my-site.com/admin, which is very easy for hackers. They can get on the admin login page and guess your passwords. You should avoid this and create a custom path i.e. make a secret code instead of just /admin. In this way, you can prevent hackers form getting on to your admin login page even if they somehow get hold of your admin password.
You can easily change your admin path by:

• Locating /app/etc/local.xml
• Finding and replacing “admin” with your desired word or code

4. Use a Secure FTP

Hackers often breach security of Magento e-store by intercepting or guessing FTP passwords. This has become critical now, as almost 75% of the merchants do not change their FTP account password after working with a service provider. If you want your website to remain secure, it is essential that you use SFTP (SSH File Transfer Protocol) in which a private key file is used for de-encryption or authenticating a user. Further, you should use a powerful and difficult password for FTP.

5. Use encrypted connection (SSL/HTTPS)

When you send important data across an unencrypted connection, there are high risks of that data being intercepted or hacked. Therefore, it is quite important that you acquire secure connection for safety of your online store.

You can easily get secure HTTPS/SSL URL in Magento by checking the tab “Use Secure URLs in system configuration menu. In this way, you can make your e-store compliant with the PCI data security standard and secure your all online transactions.

6. Do not use a free or non-effective anti-virus software

There are various Trojans and viruses which are made for a sole purpose – to steal login details and credentials. In order to prevent your Magento e-store from such viruses, invest in some quality and effective Antivirus software.

There are many free Antivirus(s) such as AVG and Avast etc., which are great for home and personal use but to maximize their shield and potential, it may cost you a certain amount. Therefore, you should avoid free and non-effective anti-virus software, if you are really serious about security of your online store.

Conclusion

Speed and security of online store is the priority for every online entrepreneur. By following above mentioned tips, you can speed up your Magento server and make its environment secure, keeping hackers away from your setup. If you want to enhance security and speed of your Magento website professionally and effectively, I recommend you to hire experienced Magento developers.