We’re at the doorstep to a new year, so there’s no better time than the present to check your site for security risks and brush up on your security habits.
Areas to focus on to get you started:
- Have all security patches been applied? (ask us to check or start with a free patch scanner at magereport.com)
- Have you changed your password recently?
- Have you run anti-virus/anti-malware scans on all computers/devices that access your store’s backend?
- Is your store’s backend URL unique?
- Do you have a backup plan in place?
- Is all the software in your site’s software stack updated/patched? (including Magento, WordPress, server side code such as PHP, etc)
- Are you adhering to the appropriate PCI Compliance level?
- Have you run, at the very least, an external malware scan on your site? (running one from the server side is always recommended, but a quick scan from Quttera or similar tool will quickly show you if you have any major problems)
- Have you been blacklisted? (here’s a good tool)
Hope that helps! Contact us if we can help out with anything or if you have any questions. Here’s to a safe & secure 2017!
Ps – Here’s some more security tips from a previous blog post: Magento Security Tips
Congratulations on our very own, Daryl Gochnauer, for becoming certified as a Magento Certified Solution Specialist this past Saturday!
If you’re unaware of what a certified Magento Solutions Specialist is, here’s how Magento defines the role (quoted directly from their site):
“A Magento Solution Specialist is an expert user of the Magento ecommerce platform. Drawing on a deep background in business and ecommerce, the Magento Solution Specialist can efficiently align business objectives with Magento functionality, optimize use of native features, and avoid unnecessary customization. Whether as a merchant, a manager, a consultant, or an analyst, the Magento Solution Specialist knows how to make the best use of Magento technology.”
With a certified Magento Solutions Specialist officially onboard, we look forward to supporting & growing your business with excellence now & into the future.
We’re pretty excited about unboxing our new NFC reader from Square!
This is Square’s first foray into the contactless payment world, and as usual, it’s beautifully executed with the great UX elements. From the small details like including a sticker with Apple Pay and Android Pay featured on it, to also an extra original Square reader so you can still accept non-chipped credit and debit cards, it’s been a pleasure to use.
The setup process took about 2 minutes total, including downloading some updates to the Square Register app (in our case, it was installed on a Galaxy Note 5). You have to charge the reader via the included USB cord, which only took a few minutes.
The other day, I was on a site the other for an organization I was considering visiting. The branding was beautiful, the site design was clean, bold and responsive.
And it told me hardly anything. There were no social media links, no contact forms, no message archives and barely any pictures of leadership or the building itself.
It struck me because at first glance, everything looked great: I WANTED it to be great, but it was missing some key UX elements.
As Creative Director here at Wex Marketing, my job is to not just make pretty designs, but create them with data-based decision making and the user in mind. In other words, make things that make sense and get you the information you actually want, all wrapped up in a design that looks good.
Here at Wex Marketing, our goal is to help you navigate the User Experience aspect of building your ecommerce store. Sometimes the latest UI trend in web design won’t fit with your branding and if it doesn’t, we will let you know. Your business is unique and our job is to balance modernity with effectiveness.
On November 17th, 2015 Magento took off the reins & released Magento 2.0 into the wild — and we’re excited more than ever for what this means for the future of ecommerce!
While we’re not yet recommending that clients upgrade until the initial kinks are worked out (1.8x & 1.9x are stable & will be supported for a couple more years), we wanted to give you guys an opportunity to take a look around the new backend. WARNING: It may or may not be addicting. 🙂
If you haven’t gotten a chance yet to read through our quick overview of what’s new in Magento 2.0, take a moment to familiarize yourself a bit first.
Note: This demo is running the default “Luma” theme. The only thing we did aside from tweaking a few of the products is enabling GZIP compression. Otherwise, this is a stock install & is what you should be expecting from a fresh install in terms of content, features, and performance. (We also hid a few backend features for this demo account: because internet.)
The Magento name, logo, and branding are copyright of Magento, Inc. All right reserved.
Back on July 15, 2015 Magento 2 hit a large milestone in its quest to release into the wild the much anticipated General Availability (GA) release in Q4 2015.
Magento 2 was originally announced in 2010 (yes, you read that right) & was scheduled to be released in Q4 of 2011, but they decided last minute to scrap their plans of building on top of the v1.x codebase & instead decided it needed a major overhaul to support future growth. So here we are, a few years later, and the biggest ecommerce platform is set to release its much anticipated version 2.0!
- Performance Improvements — For Example: Fullpage cache is now baked into Community Edition (can I get an amen?)
- Improved Scalability
- Upgrades will be much easier (leading to less costs for you!)
- Leverages HTML 5 (finally) and an improved CSS Preprocessor
- Customization process is streamlined
- Front-end portion of the software is decoupled from the backend store logic (making updates much easier to test and reducing much of the risk incurred in earlier versions when updating storefront designs)
- And of course, visual updates for the backend! (See below)
New Admin Login Page:
(The backend menus have now been moved to the left hand side, simplified, and visual cues added)
Cleaner Product Edit Page
(including easy enable/disable product in top right hand corner, drag & drop images, and the most used settings at the top w/ the advanced setting collapsed so you’re not overwhelmed)
It’s pretty hawt! We feel like a kid in a candy store and we can’t wait for the official release! That is all 🙂
Ps – Wanna stay in the know? Follow us on Facebook/Twitter or check out this site. (& no we didn’t create that site)
Recently Magento released a major security patch (SUPEE-6788) which closes up holes that could lead to remote code execution, information leaks and cross-site scripting. However, this particular patch has been affecting many, many extensions. This is not a complete list, but if you have installed anything above & beyond the default Magento install, please check out this crowd-sourced Google Doc & then do your research (contact the extension developer directly if you can) about whether your extension may be affected — and take action accordingly before installing the patch.
Note: once you apply the patch, compatibility mode is turned on by default (meaning you’re not protected until this is switched). To enable the security patch once installed, you’ll need to go to system > configuration > advanced > admin …and change “Admin routing compatibility mode for extensions” to “disable”.
Another Note: make sure you have the previous patches applied.
This is how we’d proceed with applying the patch:
- Research all your extensions/custom code
- Backup both live & dev sites
- Apply SUPPE-6788 patch (download here) on dev site & turn off compatibility mode. Dump Magento cache. Test all appropriate functions. Apply extension updates. If everything bodes well, continue on to next step.
- Apply SUPEE-6788 patch on production site & turn off compatibility mode
- Apply extension updates (if appropriate)
- Dump Magento cache
- Test everything from CMS pages, to transaction emails
This is a very simple overview — as always, if you have any questions, let us know!
On November 2, Magento CEO Mark Lavelle announced, that their parent company Ebay has sold Magento (along with eBay Enterprise) to a consortium of buyers led by Permira Funds & formed a new independent company called Magento Commerce.
Back in 2010, eBay invested in Magento (then an in-house product of Varien), and was quickly spun off into a stand-alone venture. One year later (June 2011), eBay purchased the remaining stake of Magento. While under the eBay umbrella, Magento’s revenue grew five-fold, they made large investments in the core platform, and added mobile and omnichannel products. Magento, more focused than ever, began looking for partners/buyers in early 2015 to be able to take them to the next level. And it looks like they’ve found a solid backing! Permira Funds has funded big brands like Hugo Boss, Teamviewer, and Pharmaq. It’ll be exciting to see what Magento does now that they’re fully focused, backed, and have gained “big time player” enterprise experience underneath the ecommerce behemoth eBay.
Read more about this exciting change here.
What’s more sobering that realizing that one of the earliest successful internet companies is 1 year shy of being able to drink?
20 years ago, on Labor Day Weekend, Pierre Omidyar began what eventually evolved into what we know as ebay today. Yes, that’s right, one of the earliest Silicon Valley e-commerce success stories, now turns to its third decade of business operation.
Some stats to blow your mind:
- It’s estimated around 800 million items are being offered for sale on any given day.
- iPhone/Android apps have been downloaded 279 million times
- Ebay Motors has sold enough cars to encircle the moon more than 4 times
- The number of paintings ebay has sold could fill the Louvre over 45 times
- Originally called “AuctionWeb”, changed to eBay 2 years later
- The eBay name comes from Omidyar’s consultancy firm Echo Bay Technology Group. he settled on ebay.com because he discovered that his desired domain echobay.com was taken by a gold mining company. #TheStruggleIsReal
- One of the 1st items sold was a broken laser pointer for $14.83
Security is a hot topic these days. Below we have compiled a list of tips for both Magento & general all-around computer security to help put your best foot forward in securing your sensitive data.
Magento Site Login / Password Management
- Know and limit who has access to your computer, your site’s backend and your sensitive data. (Would you trust them to watch your child? If the answer isn’t “Yes”, then don’t give them access.)
- Change the default Magento login URL from /admin/ to something that isn’t easy to guess (will help avoid brute-force attacks)
- Never use Admin, your store name, or something else that can be easily guessed as your username.
- Don’t display or use the admin email address anywhere on the frontend of your site.
- When creating a password, make sure it’s at least 8-10 characters, contains a capital letter, and doesn’t include any full words (the more “random” and less it relates with your business, the better!)
- Although it’s tempting, never use the same password. For anything. Ever.
- It’s best to change your password on a regular basis – we recommend once a month.
- Never email, message, or in any way transfer passwords in plain text. If you must send it to someone, encrypt and password-protect that file. As inconvenient as it is to call and give the new password over the phone, this is a much more secure way of handling things.
- Never save your username/password on your computer, mobile device, or on an online storage service (unless it’s encrypted/password protected)
- Handle your hosting & FTP logins the same way – protect them like your child!
General Computer/Network Practices
- Update and scan for viruses and malware on all computers that access the backend on a regular basis.
- Never access your backend or work with any file that contains sensitive data on an unsecured WIFI connection.
- Update your business WIFI password, as well as home or wherever you access your store’s backend, on a semi-regular basis. We suggest if you live in a well-populated area, it’s best practice to do this more frequently.
- Password protect your computer’s user account.
- Keep your computer’s operating system and programs updated.
- If you work in a public place, lock or log out of your computer’s user account every time you walk away from the computer.
- If you work on a network, know who is on that network and follow any further security practices your IT department may have in place or recommend.
- Turn off Remote Access. If you don’t need it, we strongly recommend turning this off.
- Turn on and use firewalls.
- Backup your most important data (site database/files & computers) on a regular basis.
- Don’t have your site hosted on shared hosting. Yes, it is more cost-effective at first, but not only is it generally slower — you can be affected by other sites that are attacked on that server. It’s best to make the investment and host your site on a VPS or dedicated server.