Recently I onboarded a new client, who was looking for a new development partner. The site was running 2.3.4, so I was expecting we would need to perform a few updates and for there to be some security holes to patch. I ran Ecomscan, as always, during my initial audit of the site. And that highlighted 4 samples of malware on the store! Much to the surprise of the client, who had zero clue of the site being infected....

The default magento-vars.php file that is referenced through the Adobe Commerce documentation leaves a lot to be desired and can become a pain when managing stores with many websites and store views. Luckily we can simplify this configuration using the match implementation within PHP8. This version of the script allows us to configure new store fronts by adding a single case to the match statement. <?php $host = $_SERVER['HTTP_HOST'] ?? ''; $ephemeralHostScope = fn(string $host): ?...

This post explains how to set custom Elasticsearch configuration within Warden to fix the Fielddata access on the _id field is disallowed error with Elasticsearch 8. This is a follow on from a earlier post explaining common ES8 configuration issues with Magento. The error was are going to fix related to ES8 changing the default values for _id fielddata Fielddata access on the _id field is disallowed, you can re-enable it by updating the dynamic cluster setting: indices....

Have you upgrade to Magento 2.4.6 recently for the improved performance / support lifetime? Or maybe you have upgraded to 2.4.7 where Elasticsearch 8 is the only supported Elasticsearch Version now. We have spotted a major issue post update, where your catalog and search pages might be looking a little sorry for themselves… with ZERO products! Not ideal. There are a few configuration changes that are required to get Elasticsearch 8 to play nicely with Magento, that are easily overlooked in the upgrade notes (or absent entirely!...

Configuring Nginx rate limiting for Magento is both simple to get started, but complex to find the right balance. It is a great way to combat malicious traffic from web scrapers/crawlers, and less respectful 3rd party integrations. The default nginx status code for the limit is 503, it is important to change this to HTTP 429 Too Many Requests. HTTP 429 is the standard rate limiting code, and should prevent any negative indexing results with search engines, and as a bonus any bots should slow their crawl rate (if they respect the response code)....

The last few years i recently migrated to using Roots Bedrock to bootstrap new wordpress developments. It provides a host of extra features that makes wordpress half decent to work with, such as Composer support, ENV variables, ENV specific config, better directory structure etc. I suggest checking it out if you haven’t already. Anyway, since I mostly focus on Magento development. My goto local dev environment is Warden which does support standard Wordpress out the box, along with a few other PHP frameworks....

Frontend monitoring is a crucial part of running online ecommerce stores. Although in a Agency context, a lot of the SaaS options can get expensive quickly especially for smaller merchants. By self hosting Sentry, we can elevate a lot of this cost. We are using Hetzner as our host, due to the low cost and high specs of some machines in their server Auction. The machine specs in particular are: 14C/20T 2....

Recently I came across an issue on a site where the setup:db:status would constantly report Declarative Schema is not up to date even after consecutive runs. This was breaking the zero downtime deployment configuration for the store, as the CD process always saw DB updates to process. There seemed to be (at least at the time of writing) very little information / tooling on how to debug db schema issues. So after a bunch of reverse engineering Magento’s implementation of DB Schema, I ended up creating a simple script that compares the current DB schema with the current configuration in the compiled db_schema....

A handful of times I have came across pages where full page caching is broken. Instead of diving through and grepping various XML files to identify what module is breaking the cache. I have wrote a section of code, that will identify any uncacheable blocks on the current page and display them in the bottom left of the page. Currently I just paste this into the theme (usually the header or logo phtml files)....

I often find the need to test components / functionality independently of the system or execute single time use scripts. Which i find developing and deploying a whole module is a waste of time and resources. Some recent uses of scratch files are: Inspecting product or category data to help debug data issues Inspecting Cached Data Bulk assigning attributes Bulk renaming SKUs etc This is where scratch files come in handy, we can create a simple PHP file in the Magento root (I tend to prefix with z_ to easily find them)....