The biggest thing is getting it into a Docker container so that the site is made to run 100% without error which we call staging for production. This is where the code is protected by middleware built into the docker stack or the website code against exploits and only certain amounts of data are made peristiable/writeable such as media/images and database. Everything else is made unwriteable all the way down to the server code. This is called an image and it’s uninfectable and unwritable by malware and because the website is also behind a modern-day http proxy all the underlying web server code is further protected and then the MySQL database is inside a private network that only the website can access. This allows a website to run 100% for extreme amounts of time like 10 -20 years uninterrupted, the same way it also has and without requiring updates. That’s not to say that things cant penetrate the security as they can but it is much more secure and requires fewer updates so long as the primary container os is uninfected. The primary os that runs the containers are ultra-secure and very tiny having very few points of vulnerability. This os does get updated but it does not have any services except ssh. All services are provided by the website containers and they only have single points of entry as in the web page itself.
Login to your Matamo panel and you can find it it in Behaviour -> pages it will show you what pages people have been on . Count how many people were on your cart page vs how many checked out.