Technical Questions
The following questions address technical details of our maintenance work: backup strategies, update processes and performance optimization.
- How often are backups created? The backup frequency depends on the SLA tier and therefore on the value of your data. Under the Basic SLA, we create daily full backups. Under the Business SLA, hourly incremental backups supplement the daily full backup, so in the worst case only one hour of orders would be affected. Under the Enterprise SLA, transaction logs are additionally maintained, enabling point-in-time recovery to almost any moment. What matters is not just that backups exist but that they work. We therefore regularly test all backups for actual recoverability, because a never-verified backup is often worthless in an emergency. How closely recovery in an emergency is interlinked with our emergency support is described there in more detail.
- How are updates applied? Every update goes through a fixed, multi-stage process. First we apply it to a staging environment, a copy of your live system. There, automated and manual tests verify the critical functions such as the ordering process, payment integrations and search before anything touches the production system. This is exactly where it becomes apparent whether a plugin breaks after the update, without your customers noticing. Only after successful tests is the update deployed to the live system during the agreed maintenance window, and a rollback scenario is ready for every deployment. This keeps the risk manageable even with unexpected side effects. This disciplined sequence is the core of our security updates and distinguishes them from risky updates applied directly in live operation.
- How quickly are security patches applied? With security patches, we prioritize by severity. Critical patches with a CVSS score of 9.0 or higher are applied within 24 hours, because here the window between disclosure and active exploitation is typically very short. For zero-day vulnerabilities with active exploits, we respond immediately and, if no official patch is yet available, deploy compensating controls such as targeted filter rules. Regular, less critical security updates are bundled into monthly to weekly maintenance windows depending on the SLA tier, each with an upstream staging test. This gradation ensures that acute threats are addressed immediately, while routine updates run in a controlled way without unnecessary interventions on the live system. The exact timeframes are part of your SLA.
- Do I receive reports about the state of my shop? Yes. Depending on the SLA tier, you receive monthly or quarterly status reports that comprehensibly summarize the condition of your shop. They contain uptime statistics, all updates performed, incidents that occurred along with their resolution, performance metrics and concrete optimization recommendations for the next phase. This makes maintenance tangible: you see in black and white what happened and what benefit the ongoing support delivered, instead of merely paying a flat rate. Under the Enterprise SLA, you additionally have access to a real-time dashboard through which you can view the current status at any time. The data basis for this is provided by our continuous monitoring.
- What happens if an update fails? We are prepared for an update failure rather than improvising. Before every update, we create a complete, tested backup and verify the update on staging beforehand. Should an update cause problems on the live system despite these tests, we perform a rollback to the last stable state within minutes. In parallel, post-update monitoring detects deviations early, often before end customers notice anything, by watching critical metrics such as response times and error rates right after deployment. This combination of tested backup, fast rollback and close observation is the reason why controlled security updates are considerably less risky than untested updates applied alone.
- Can you also improve the performance of my shop? Yes, performance optimization is a fixed component of our services. We analyze loading times systematically, identify the actual bottlenecks instead of optimizing blindly, and implement targeted measures: caching optimization, image compression, database tuning and a sensible CDN configuration. In a shop in particular, speed directly affects conversion and bounce rate. We make the results measurable via Core Web Vitals and concrete loading time metrics, so you do not have to believe an optimization but can see it in a before-and-after comparison. A noticeably improved loading time pays directly into the user experience. Performance can be a fixed part of the contract or run as a targeted one-time project; which is more sensible for you is something we clarify in the initial consultation.