Developers and non-developers are not always on the same level. This makes sense: Everyone is knowledgable in its own area. Sometimes however, opinions differ on the same thing - this is where you can get into an arguement. Here are 7 points that we take our stand with. Nothing you say will change our mind anymore.
1. Access via SSH is required
FTP is dead, SSH is alive - period. Security-wise, you can debate whether SSH is needed, when SFTP or FTPS are available. However, SSH is simply much more powerful. When managing a site remotely via SSH, you get access to a UNIX shell which offers a lot of more options for numerous tasks: With
mysqldump you quickly create a MySQL backup. Using commands like
zip, you can create an archive of your files and copy them remotely - waiting for FTP to transmit all files individually is insane. And quickly inspecting logfiles is peanuts using SSH.
For our own projects, there is much more for which we require SSH:
git, running remote scripts to play our own Continuous Deployment tricks. We can't live without SSH. For Magento custom projects, we can't live without SSH either -
modman are vital tools under Magento 1, and Magento 2 simply requires shell access for some common tasks like static view file deployment and reindexing.
2. Best way to run PHP is via PHP-FPM
In the old days, Apache
mod_php was the most preferred way (or even the only way) to run PHP scripts in your webserver. Later on, FastCGI was introduced with numerous variations and tricks (
mod_suid). These are the old days. For us, the only PHP interpreter that is current and ready for todays requirements is PHP-FPM. Actually, we have swapped Apache with Nginx in numerous cases (production sites, development sites, customer sites) and with Nginx the only solid solution is PHP-FPM. PHP-FPM rules.
3. PHP 7
Again, the PHP version story: PHP 5.5 has reached its end-of-life a few days ago (July 21st 2016) and with that, no more security fixes will come for it. If you are still using PHP 5.5 you are doing it wrong. If you are still using PHP 5.4, you have been doing it wrong for over 1 year. If you are still using PHP 5.3, you are probably living in an alternate reality.
PHP 5.6 is not the current version of PHP. PHP 7 is. For our specialities Joomla and Magento, there are no reasons not to upgrade to PHP 7 except for obsolete extensions that you should get rid of anyway. Upgrade, upgrade, upgrade.
4. Everybody on SSL via LetsEncrypt
A long time having an SSL certificate was also a budget question: You had to pay for an SSL certificate and therefore only shops that really needed it had it. LetsEncrypt changes that. You can get a free SSL certificate - no money involved. The only thing you need to is install the LetsEncrypt client on your hosting environment and there you go. If you have
root access, you can do this yourself. If you don't have
root access, ask your hosting provider to do this. If they don't want to install LetsEncrypt, something is wrong there: Why not install something that makes the web a safer place? We personally expect any hosting environment to have support for LetsEncrypt, or we move elsewhere. No debating.
5. Redis for Magento
Magento is slow? Bullocks. Yes, Magento has a lot more files and is a lot more complex than your average PHP application - Joomla included. However, Magento also has a hell of a lot more to offer. It's not without reason that most people will say that Magento is the most powerful open source cart out there. This power comes with an expense: You need to invest in your hosting environment - the earlier 4 points already point to that. One guaranteed way to make Magento faster is via Redis. So, don't argue here, implement Redis right away.
6. Joomla 3
The note on PHP versioning was that PHP 5.6 is no longer current, you should be using PHP 7. The same applies for Joomla 3 - this major version has been around for quite some time. Anyone still on Joomla 2.5 or older is not willing to invest and we don't support that stubbornness. We don't offer extensions for older Joomla versions.
You might think the same will be counting for Magento 1, but we're not there yet: Magento 2 is currently being rolled out to customers and developers, however Magento 1 will be supported until 2018.
7. No encrypted software
In our manifest we are pretty clear on this matter: Open source comes first. This also means that we don't do closed source. Encrypting PHP code is a big no-no. We have bumped so many times into issues where ionCube was removing the ability to solve specific issues, that we are no longer discussing things: If an issue is related to an ionCube extension, support on our end stops. It makes sense - it's completely logical. We take it a step further as well: We can not promote or closely work together with companies that focus on encrypted extensions either.
Open for discussion
There are numerous other points that are completely open for discussion: For instance, using a versioning system like
git is something that we highly recommend, but we will not deny support if it is not used. Also, we try not to be too religious about whether Joomla and Magento are worthy enough - that's more a personal opinion. However, the 7 points above are points that already have had a long discussion. I hope you agree with me that these points are beyond discussion.