How are the weights determined?

Weights reflect real-world failure-cost, not theoretical importance. Drawn from incident data across 200+ Magento stores I’ve audited or remediated since 2017.

• Weight 3 (critical): something whose failure puts the business at material risk inside a 90-day window. Missing security patches, no daily backup, no 2FA, FPC misconfigured causing TTFB spikes, no production monitoring. These are the “will hurt you in a quarter” failures.
• Weight 2 (high): something whose failure compounds over 6–12 months. Slow indexer mode on a big catalog, no hreflang on multi-region, missing Companies feature for B2B, no log alerting. Will erode revenue or operator efficiency steadily, not catastrophically.
• Weight 1 (medium): something whose failure is meaningful but recoverable, often a “could be better” rather than a “is broken.” Image alt-text below 80%, llms.txt missing, no requisition lists, image optimization not yet automated. Roadmap items, not ticket-now items.

The weights are fixed, not user-tunable. The reason: experience shows operators consistently under-weight critical security and ops items (because they haven’t personally been bitten yet) and over-weight visible front-end items (because those get noticed at the executive level). Holding the weights independent of operator opinion is the point.