How to Check up on Your TYPO3 Website

Bugs in your code may be unavoidable, but a carefully-designed QA process should catch the bulk of them. If you’re a developer, CTO, or system administrator, you need to know what kind of quality assurance is built into your CMS platform. What’s the testing coverage like? How can you minimize bugs and breaking changes?

Here we’ve collected the assorted wisdom from our network of TYPO3 agencies and freelancers—the people who’ve seen it all (or at least, almost all). Read ahead to learn how QA is built into TYPO3 and afterwards, if you’re still looking for some help, know that we offer a range of project review options to help your TYPO3 site run smoothly.

It’s usually obvious when you need to update your QA process— the website breaks one too many times, a page won’t load, or your customers keep landing on dreaded 404s. But sometimes these problems are the result of a buildup of smaller, more insidious issues. TYPO3 agency Browserwerk put together a list of top ten errors in websites, and another one, NITSAN Technologies, put together a site maintenance checklist.

Borrowing from them and other TYPO3 agencies and freelancers, we’ve rounded up the telltale signs of poor website quality, below:

• Infrastructure

  • Use of expired or outdated software versions
  • Downtime
  • Backups not running
  • Slow load times
  • Can’t scale with traffic peaks

• Bugs, errors, security issues

  • 404 errors, broken links, and redirects
  • Illegible URL structures
  • Security Issues

• Poor user experience

  • Increased customer support calls and complaints
  • Display or response bugs in forms and interactive page elements
  • Lack of mobile optimization
  • Poor UX and layout

• Lack of conversion

  • SEO-unfriendly headings, keywords, and images
  • Missing calls-to-action
  • Missing or incomplete website analytics

The good news is these issues are preventable with the right analysis. “Evaluating internal processes, the level of quality, and evaluating if programming meets best-practice standards, can help establish a benchmark for operational procedures,” says Susanne Moog, CTO of TYPO3 GmbH. A project review can prevent many would-be problems from ever surfacing, so long as it’s done early enough.

As secure as TYPO3 is at the code-level, security issues can be introduced at the point of configuration. OWASP, a non-profit focused on software security, put together a list of the 10 most critical security vulnerabilities in 2020. The list states that “security misconfiguration is the most commonly seen issue,” with 4 out of 10 issues (emphasized below) related to operator error and misconfigurations. 

• Injection
• Broken Authentication
• Sensitive Data Exposure
• XML External Entities (XXE)
• Broken Access control
• Security misconfigurations
• Cross Site Scripting (XSS)
• Insecure Deserialization
• Using Components with known vulnerabilities
• Insufficient logging and monitoring

In v10, TYPO3 addressed some of these issues by improving the security user experience around site access, user groups, and data. Sensible defaults, clear UIs, and better at-a-glance views can make secure configuration easier.

Desirée Lochner of TYPO3 agency b13 GmbH describes how the backend user group management made it easy to manage inheritance structures of different user groups. “It helps you set up a well-designed system for your editors—and that helps your client by preventing security mishaps,” she says. 

Here are some other case studies in which TYPO3 created more secure websites: 

• When TYPO3 agency Browserwerk, was tasked with creating a landing page for Degussa Bank AG, “the technical infrastructure [had to meet] the high security standards of the customer and ensure its compliance.” They implemented a workflow that closed security gaps quickly, automated testing, and allowed for faster page loading.
• When comforte AG, a provider of data security solutions, launched two new product lines, they needed a website that supported their software’s focus: “ensuring secure communication between business-critical systems” and chose to upgrade their TYPO3 Extended Long Term Support (ELTS).

While automated testing is easy enough to set up on the backend, the front-end often gets neglected because the tests are browser dependent, and can behave a bit finicky. One of the benefits of TYPO3 is how easily it is to integrate other open-source testing tools.

Digital agency dkd Internet Service GmbH have started using the open source testing framework Cypress for “UI tests, integration tests, and unit tests,” which they explain in Testing made easy: Automated tests with Cypress | Part 1 (German). 

TYPO3 agency Beech recommends using Test Café, an open source tool because it’s easy to use, saves time, and quickly detects errors. They say that once you run it, “there is no need for human intervention, so we have more time to work on other projects / services.”

Christian Keuerleber of punkt.de created his own tool based on Codeception for front-end, browser-based tests in TYPO3. “While most developers are very familiar with function and unit tests, they often shy away from front-end tests. I want to show how easy it can be to set up and run browser-based tests with Codeception,” he says.

Certain analyses of your website should be habitual (like speed, traffic, functionality, etc.) while at other points, a new regulation or technology requires a specific analysis. Our TYPO3 founding partners are a font of resources when it comes to structuring these analysis so review processes are built into your workflows. 

DoD Reviews:

Sanjay Chauhan from NITSAN put together a helpful guide to 15 types of reviews you might want to perform before considering your website DoD (Definition of Done).  The thorough checklist includes everything from code review to system health checks. NITSAN also offers 10 DIY tips and tools for analyzing your website, once it is up and running. 

GDPR:

Thomas Janke at dkd helped build a tool which allows their TYPO3 clients to do an audit for the EU’s GDPR rules. The tool “allows us to ‘surf’ your website like a ‘real visitor’ and the tool behaves exactly as a human would. It enters the home page and visits the subpages linked there,” he says.

It can be helpful to have an objective third party review your process. “Sometimes a second opinion is just what you need to clear up a misunderstanding or to make up for gaps in your knowledge,” says Susanne Moog, CTO of TYPO3 GmbH. 

If you’re looking for a project review, we’re available to help, and can tailor our offerings to your needs and expertise-levels. 

 We offer: 

• Basic Project Reviews:
  the quickest option, looks into upgradability, API usage, assessment of future problems, and other best practice recommendations.

• In-Depth Project Review:
  basic project review + thorough review of extensions, performance, testing, maintenance, deployment, and scalability.
• Extension Review:
  a deep review of a specific extension.

An expert review can help at any stage of the process, so you don’t wait until things are broken to incorporate QA and testing into your workflow. While a thorough review might take some time up front, it will save you time in the long run.