There are thousands of Magento 1 extensions listed on Connect (soon to be rebranded as Marketplace), and already 750 Magento 2 extensions on the new Marketplace. With so many on offer, it’s easy to go a little crazy installing extensions. And some people do:
Wow - this might be a new record holder: 106 installed Magento extensions!— Fooman (@foomanNZ) July 16, 2013
As an extension developer, I believe that good extensions from reputable providers are worth investing in. The right extensions can save hours of developer time by quickly adding extra functionality to your store. But through years of troubleshooting client stores (and also running my own Magento store where I’m extremely picky about which extensions I install), I’ve also witnessed the issues which can be caused when running multiple extensions.
Which raises the question - how many extensions is too many? Is there a magic number where extensions stop being helpful and start to cause more problems than they solve?
When it comes to extensions, quality counts for so much more than the number you have installed. Just one poorly coded extension can be one extension too many and can start causing you problems. The good news is that you can happily run as many Magento extensions as you like if you follow a few sensible guidelines.
Guideline 1 - Do I really need an extension for this?
Every day I talk to potential customers who ask if we provide certain functionality as an extension. But often, the feature they’re wanting can be achieved through a configuration setting or by using a built-in Magento feature - without needing an extension at all.
For example, you don’t need an extension to track Magento ecommerce with Google Analytics. You can easily set this up directly in your Google Analytics account. It’s only when you need advanced functionality that goes beyond standard ecommerce tracking that an extension like Fooman Google Analytics + comes in. Because the extension is free, it gets downloaded a lot. But a lot of these downloads are by merchants who have only basic analytics needs that are already met by Magento itself. While there’s no harm in having the extra functionality, it does add weight to your store.
Before searching for an extension to solve your problem, check out what Magento can already do. Its out-of-the-box functionality is powerful, even though it may take some time to navigate its long list of features and understand how they can best be applied.
Guideline 2 - Inspect new code before installing it, every time
The quality of Magento extensions varies significantly. Before allowing a new extension to be installed on your store, it’s important to check that it’s up to scratch quality-wise. While many reputable Magento developers produce excellent extensions, unfortunately there’s also cheap junk modules which give the rest of the industry a bad name (this will be a blog post for another day!).
What’s the best way to check code?
I recommend installing Magento extensions manually, rather than using the Magento Connect Manager or Marketplace to install directly into a live environment. This allows you to inspect the code of a new extension before committing to installing it. Yes, you’re busy and this takes time. But resisting the temptation to install extensions blind (which is what you do with a one-click install) is the first step to a healthy Magento store.
Take a few minutes to look over the code before installing it on your site, or ask your developer to do this. Good developers will do this automatically, without being asked. The more functionality provided by a new extension, the longer this code check will take. It gets quicker and easier once you get into the habit of doing this. I can't emphasise enough this is one habit you do want to get into.
How can you judge whether an extension code is acceptable?
When reviewing extensions, I think it’s important to review with quality in mind, but at the same time have realistic expectations. You’re looking for solid code which is free from obvious red flags, rather than gold standard coding where every line of code is absolute best practice from the current year.
A summary of the main things to look out for are:
The extension is not encrypted
Some developers choose to encrypt their extensions in an effort to protect against license breaches. But this means that you won't be able to inspect the code at all, so will have no way of determining the quality of an extension. I strongly advise against installing encrypted extensions. You simply don't know what level of risk you might be introducing to your store. Plus, if you wanted to customise code this would be near impossible to do.
Compare the below screenshots of the same code - which one would you rather be reading?
No modifications to Magento core
I can’t think of any situation where this would be excusable. Look for files which are in any of these folders:
These files will make your system behave differently to a standard Magento install. This will make it harder for other developers working with your store, and will likely cause unwanted surprises down the track.
Core classes are not overwritten without good reason
A well-coded extension will replace Magento's core classes only when absolutely necessary - meaning there is no other practical way (such as using event observers) to achieve the intended functionality. It’s always preferable if an extension does not overwrite core Magento classes. However, there’s often a genuine need for an extension to replace one or more core classes to achieve certain functionality. This is not necessarily a marker of a poor extension, but more often a sign that Magento itself has not provided the necessary means to customise this functionality efficiently.
The above example rewrites the sales/order and catalog/product classes. These core classes are often overwritten by extensions as they’re fundamental to how Magento works (and a good reason for checking conflicts every time you install a new extension - see below).
Other core classes that are often targets of rewrites are sales/quote, checkout/cart and checkout/type_onepage. So anything that rewrites those fundamental classes should be scrutinised further to check if there aren’t any other means to avoid the rewrite in the first place.
Alarm bells should ring if an extension affects core classes that it shouldn't have anything to do with. One extension I saw rewrote Mage/Core/Model/App as well as Magento’s Autoloader. Are the rewrites necessary to perform the core advertised function(s) of the extension? If they appear unrelated, ask the developer and don’t install the extension if you’re not convinced.
Code should be easy to work with - this means well organised, documented and commented. A few more things I look for are:
- Does it implement a license check? If yes, is it implemented to only use minimal resources? If not, this can slow performance of your store or in the worst case scenario cause your store to be offline due to the vendor’s license server being unresponsive
- If you’re planning on making additional customisations, will it be easy to do this? Does the extension offer custom events, or provide theming capability?
- Take a look at the database install/update scripts inside the sql folder of the extension. This will give you a good idea of what the extension does and how it works. Less is more when it comes to making changes to the Magento core database tables
- Free from malicious intent. It’s sad that this even needs to be mentioned. Look for anything that connects to a 3rd-party server sending information across. Unless it’s meant to integrate with said 3rd-party service there is no place for your store’s data to be shared
Beyond this, it’s too simplistic to use code style as a proxy for quality. If you ask three different developers what the best coding standard is, you’ll get three (or more) different answers. And that is absolutely fine as ultimately what drives this are the requirements of the merchant - a small time merchant has very different needs to a multi-million dollar enterprise.
Check out extension reviews and look for general patterns - do features work as intended and is the developer responsive? Use your common sense to form a gut feeling. If a review identifies an issue, has the developer responded with a solution? No matter how good an extension is, extension issues and bugs are inevitable from time to time - so you want a developer who you trust to fix these issues in a timely manner.
A word of warning however - it’s sad that this even needs to be mentioned, but while many reviews are genuine, some are anything but. Check out different sources when doing your research - you might find the developer's site bursting with abundant glowing reviews, while Magento Connect tells a different story!
(Side note: The worst example I ever saw of this was right after the first version of Magento 2 was released. Despite very few actual customers using M2 yet - every single extension on that website had magically accumulated multiple 5 star reviews. Seriously - do you know how long it can take to get your first customer review on an extension? Some of our extensions are more than a year old with tons of active users, and still don’t have any reviews!).
The above is intended to be a summary of what to look for. If you’d like more information, this Q&A provides some good perspectives on evaluating Magento extensions.
What if I find something in the code I don’t like?
You have a few options:
- Notify the support of the extension developer with your feedback - they might be able to supply you with an updated version that addresses your concerns, or might have an open mind to improving their code
- Modify the extension (keep in mind that you need to re-apply these modifications if you upgrade the extension to a newer version in the future, or the changes will be lost)
- Don't install the extension and choose another one. Many developers offer a money back guarantee, so ask to make use of this.
Guideline 3 - Proactively identify and deal with extension conflicts
With so many extensions available, occasional conflicts are a reality. The more extensions you have, the higher the potential for a conflict.
After installing a new extension, I always recommend checking for code conflicts - even if the extension provides only minor functionality or is free. This takes about five minutes, which is significantly less time than you might need to spend troubleshooting at a later stage, wrestling with conflicting extension functionality on your live site while you have customers trying to place orders.
What causes a conflict?
You can only replace each of the core classes of Magento’s architecture once with an extension. Two or more extensions re-writing the same functionality tells Magento to do conflicting things. Only one extension's functionality can win, and the others will not function as advertised. A rule of thumb is that if multiple extensions provide similar functionality, they probably shouldn't be used together. Back in 2010 I conducted some experiments on this - check this out if you’re into the technical details.
How to check for conflicts in Magento 1
Check for potential extension conflicts by heading to the Firegento project and downloading this file. Save the file as firegento.php and upload it via FTP or SFTP to your Magento server. Opening the file in your browser as http://www.example.com/firegento.php will advise you of any potential conflicts between extensions you have installed in your store.
What happens if you find a conflict?
Usually it's not a big deal. Temporarily disable one of the extensions, and contact both extension developers for assistance. The developer/s might instruct you to make a small code change which enables both extensions to work together (by disabling elements of competing duplicate functionality, while leaving the rest of the extension to perform as intended).
Developers (especially Magento Solution Partners) work with these kind of scenarios all the time - it’s their area of expertise to get conflicts working together. If there’s a way of making it work, they’ll find it.
If a workaround isn't possible, you'll need to decide which extension provides the most important functionality, and uninstall the other. This is where a money back guarantee on an extension can be worth its weight in gold.
The good news here is that Magento 2 has introduced new platform features which make conflicts between different extensions less likely and easier to resolve.
Guideline 4 - Audit all extensions you’ve installed previously
If you’ve only recently started inspecting new extension code before installing it, it's a good idea to do an audit of all existing extensions on your site. It's never too late to do this, so I'd strongly encourage you to make it a priority in the new year. Your store will thank you for it!
First, do a spring clean
Uninstall any extensions that you no longer use. Every extension you have:
- Adds to your workload (or your developer’s workload - $) when you perform a Magento update (see guideline 5 below)
- Increases the chance of a potential conflict
Maybe you installed something but aren’t using it like you thought you would. It doesn’t make sense to have extensions that you don’t plan to use cluttering up your store.
Why bother with an audit?
Your store could be hosting poor quality code without it causing any problems yet. Maybe you don’t use the specific functionality, or don’t have any extensions with a dependency in this area. But let’s say you install a new extension or upgrade your Magento version in the future. This can introduce a new dependency which exposes an existing code issue in your store. This looks like a new problem that’s been caused by the most recent change, but really the underlying existing issue is responsible.
By doing than audit, you'll be able to identify (and then deal with) any underlying code issues which might cause problems in the future.
How to do an audit
Follow the process in guideline 1 to inspect the code of all existing extensions in your store. Or, ask your developer to do this if they haven’t already done so.
What if I find something in the code I don’t like?
If it’s a small issue, you might be OK with just being aware of it and knowing what might trigger a potential complication in the future (for example, installing a future extension which relies on similar Magento functionality).
If the issue is more serious, you basically have two options: contact the developer to see if there is an updated version with improved code (or even ask if modifications can be made), or uninstall the extension and replace it with a better coded option. Yes, replacing an extension is a hassle you can do without. But as they say, prevention is better than cure, and this might save you valuable time and inconvenience compared to fixing a bigger problem in the future.
Guideline 5 - Budget extra time and money for site upgrades
The more extensions you have, the more time (and $$) you’ll need to budget for site upgrades. Why? Each time you upgrade your store to a newer version of Magento's core, you’ll probably also have to update many of your extensions to keep them compatible.
Checking extension compatibility each time you do a site upgrade will keep your store healthy and current. If you update your Magento version but don’t regularly update extensions, sooner or later you’re likely to run into compatibility issues. Most commonly, a feature which was previously working fine could all of a sudden stop working (and you might only discover this by accident … eek!).
When will this apply to me?
If you make a big jump in Magento versions (from say Magento 1.5 to 1.9 straight away), it’s very likely that most of your extensions will need updating to either stay compatible or work with new features introduced in Magento itself. A more minor update (say from Magento 1.9.1 to 1.9.2) will require fewer extension updates. Extension developers test their extensions against each new version of Magento, and might have to make code changes. Check the developer’s website for details - don’t assume the extensions will automatically be compatible.
Two things to consider:
- There may be a time delay in an extension developer releasing a new version, especially if a lot has changed in the Magento release. Developers (unfortunately!) don’t get a sneak preview of new Magento releases - they find out at the same time as you, and they might have a large number of extensions to test and update. (Magento 2 promises improvements in this area with Release Candidates and Semantic Versioning, but we aren’t quite there yet)
- You’ll need to budget for possible upgrade fees for any extensions which were purchased some time ago. Check what upgrade period was included in your purchase (90 days to 1 year is common)
What I hope you take from this article
Don’t fear Magento extensions - but don’t just trust them blindly either. Not all extensions are created equal. As long as you follow these guidelines and are strict about which modules you allow onto your site, you can happily use as many as you like to customise your ultimate store.