Conducting Magento Store Audit

- E-Commerce

Magento website Audit

In case of brick-and-mortar retail, store audit is an ​examination of ​information ​about the ​effectiveness of ​different parameters such as price, sales, or advertising campaign compared to ​any competitors or common standards. As for ecommerce in general and Magento in particular, this process is more complicated, since it consists of a wider number of variables that require different approach to calculation. Luckily, there are a lot of tools and materials, that can help you with a Magento store audit. The following guide offers a store audit checklist,  resources, and techniques necessary for running the procedure. Being useful for all kinds of Magento specialists and store owners, it teaches how to estimate efforts, collect information about your Magento website, and keep the installation clean and healthy.

Magento Store Audit: PageSpeed Insights

When it comes to the audit of a Magento website, the first difference from a brick-and-mortar store audit is the necessity to measure a site speed. That’s where PageSpeed Insights, a product from the Google Developers kit, is helpful. You only enter a website’s URL, while the tool analyzes your Magento store and shows its speed on both mobile and desktop devices compared to common standards. Furthermore, the PageSpeed Insights service tells you what to fix on a website to make it faster and offers advices on how to solve the problem. Additionally, you will find a user experience rate related to mobile devices.

Magento website audit: PageSpeed Insights

Magento Store Audit: MageReport

The next important difference with a Magento website audit is security. Although you can examine the safety of a brick-and-mortar store, the parameter is not as important as in ecommerce. In case of Magento, store audit requires finding and fixing various security vulnerabilities. Chances are your website lacks some crucial patches or has other holes. You can find all these security problems with the aid of MageReport – a free service that gives you a quick insight in the security status of your Magento store. Besides showing all current security problems, the service teaches how to fix possible vulnerabilities.

Magento website audit: MageReport

Magento Store Audit: Mage Scan

Despite the idea behind this service is to evaluate the security and quality of a Magento website you don’t have access to for further work with a potential developer or a new client, you can easily utilize Mage Scan in a Magento website audit. The service shows the following information:

  • Magento. The version of your Magento store and its edition (e.g. Community
  • Sitemap data. In our example, it is not declared in robots.txt and not accessible.
  • Catalog. This one illustrates a number of categories (4) and products (23).
  • Technology. In our case, the Technology section shows that our MAgento website relies on a Nginx server.
  • Sensitive URLs. Here, Mage Scan lists all sensitive URLs of your website. It shows their paths (admin/), response codes (200), and statuses (Reachable).
  • Patches. This section shows both installed and uninstalled security patches but for further information directs you to the aforementioned MageReport.
  • Modules. No detectable modules were found on our store.

Magento website audit: Mage Scan

As you can see, Mage Scan offers a wider range of information necessary for a Magento store audit, but it doesn’t teach you how to fix current security vulnerabilities.

You can find Mage Scan on GitHub here.

Magento Store Audit: Toolbox for Magento Shop Audit

With the script, you will get various reports on a Magento installation. All these reports are vital as a foundation for a Magento website audit.

Toolbox for Magento Shop Audit requires copying files from its repository right into your Magento installation. Then, you can easily run the script and get all necessary data.

The script downloads a clean Magento source from the Magento website to run the audit. When it’s done, you get all the results in var/audit divided into several CSV, HTML, and XML files:

  • modules is a list of modules with their status;
  • module-updates-from-connect – extensions installed via Magento Connect that can be updated;
  • sysinfo includes general information related to your Magento instance;
  • codepooloverrides offers data on all overridden core classes;
  • corehacks lists all modified core files of your Magento installation;
  • rewrites shows all class rewrites;
  • rewrite-conflicts offers conflicting class rewrites;
  • phpcs provides a deep insight into coding standard violations and possible problems.

Toolbox for Magento Shop Audit is very complex and at the same time informative solution. Don’t hesitate to use it while trying to make your Magento website better.

Magento website audit: Toolbox for Magento Shop Audit

Magento Store Audit: Must Read Materials

Below, you will find three must read materials related to a Magento website audit. The first one is an article, the second one is a PDF, and the third one is a StackOverflow questions. It is senselessly to rewrite all these materials in our post, so below you will find brief descriptions and links to the original publications.

Three-tier system for Magento quality analysis

Fabian Schmengler, the author of the article, tells how to run a Magento store audit inheriting a new project from a hobby developer or getting shifted on a website done by a different agency. He highlights 4 major problems related to both cases: performance issues,

security vulnerabilities, impossibility to update, and unmaintainable code. In order to fix them, Fabian propose to implement a three-tier approach to Magento store audit. Thus, your analysis will have a three-tier design, and after the first tier, which takes 1-2 hours, you will get a rough estimation of quality and need for action. The second tier will provide the ability to make a quote for cleaning and updating your Magento shop. As for the the third tier, it is aimed at a detailed Code review.

All three tiers are described in the article. Besides, the author provides useful tools ant third party materials related to each tier.

Analyzing an existing Magento Shop

This is a Magento store audit guide which covers such important aspects as code quality, security, performance, and updatability. The PDF file describes what you need for a successful Magento store audit as well as shows all the procedures you will face. Besides, there is a vital information about structuring your ecommerce store audit. The guide ends with 2 lists. The first one shows all the things you should look at while analyzing your Magento website. The second list tells what you should look for during the audit.

How do you give estimates for Magento upgrade?

This is a StackExchange question, and the main idea behind it is about the technical side of a Magento store audit. The author of the question offers his own Magento store audit checklist:

  • Is the Magento core touched? What about Magento DB schema?
  • Is there any inconsistent data in the DB?
  • What about custom extensions? How many plugins are installed in local and community code pool? Are they compatible with the latest Magento version?
  • Is a local.xml file used for the the layout directives instead of copied xml files from the base/default/layout?
  • Is there any deprecated layout directives / block methods?

This checklist is significantly extended by answers of other developers, so don’t miss this precious source of information related to a Magento store audit.


That was our guide to a Magento store audit. With the aforementioned materials and tools, you will be able to conduct this procedure seamlessly. The articles will help you cope with the audit, while tools will provide all the necessary information about your Magento installation. Feel free to ask any questions related to the topic of this post via the comment field below.