Implement Security Patches Immediately

April 24th, 2015 No comments

Magento takes security seriously and asks its users to do the same.

Magento Security

Maintaining thousands of ecommerce stores Magento has always been a tasty morsel for numerous online criminals and now they’ve got a real opportunity to tear off a piece of this pie.

IMPORTANT The urgency of the latest security patches implementation has increased significantly since Magento shoplift (SUPEE-5344) exploits are detected in the wild.

Remote Code Execution Vulnerability

This remote code execution (RCE) vulnerability was found by Check Point and reported to Magento on January 14, 2015. Affecting both Magento Community and Enterprise editions the vulnerability is able to compromise any Magento-based web store and allow criminals to obtain complete control over the store and its sensitive data, including personal customer information.

On February 9, 2015 Magento released the SUPEE-5344 security patch and asked store owners to download and implement it first in a test environment and then on live sites.

But, by the time of the public disclosure (April 20, 2015) the overwhelming majority of Magento sites had not yet implemented the security patch and remained vulnerable for fraud attacks.

According to Sucuri, less than in 24 hours after the discloser they started to register attacks exploiting current vulnerability. Seemingly, they come from the same criminals using 62.76.177.179 and 185.22.232.218 IP addresses in Russia.

The malicious code tries to create a fake admin user in the Magento database leveraging SQL injections. If you suspect that your Magento store became the subject of attacks, try to find next usernames in your database: admin_user and ypwq, as these are the names they are using so far.

Protect Yourself

In order to protect your store Magento recommends you to implement both SUPEE-5344 and SUPEE-1533 security patches.

The patches and installation instructions are available on Magentocommerce.com.

You can also test your site for safety using Magento Shoplift Bug Tester v1.0 by Byte.

Conclusion

The increasingly frequent use of online stores brings security issues to the fore and makes merchants to plan their business in strict compliance with security rules and recommendations.

We also try to focus on the Magento security in our blog since we consider it to be as much important as store functionality and user experience. So, we encourage you to follow Magento security recommendations and keep your customers safe.

Have any comments? Add them below, please.

Find this post worth sharing?

    How to Find Your Exclusive Brand Voice and Tone

    April 15th, 2015 No comments

    Content constitutes a big part of any marketing strategy and its role is rising constantly.

    The turn towards personal communications and the recent enthronement of useful content by Google force store owners to establish their own brand voice within the tremendous commercial polyphony. Today this mission is not just the way to improve branding, but the matter of survival.

    Brand Voice and Tone

    Usually marketers differentiate two aspects of the corporate sounding – brand voice and brand tone. The definition of brand voice given by Larsen Branding Agency is the following:

    Brand voice is the purposeful, consistent expression of a brand through words and prose styles that engage and motivate.

    Brand voice is a general concept, which includes brand tone as the way of brand expression exploiting the order of words, their rhythm, and pace.

    Actually, both brand voice and tone are equally important since they deliver the values of your brand to customers in an understandable and familiar manner.

    The customer audience and products largely shape the sound of your brand, but the exclusive features of the brand voice are the merit of your marketing strategy.

    Identify Yourself

    The first step toward a successful brand strategy and recognizable brand voice is to find out the main characteristics of your core customer audience. They do not only include their age and education, but perhaps, a specific language, human values, traditional behavior, etc.

    Your brand voice should express their feelings and be so mentally close to customers.

    The easiest way to find out the most suitable type of your brand voice is to imagine the portrait of a person or character, which embodies all values of your brand.

    Having a detailed representation of this person you will easily determine the proper language, tone and, content.

    Offer Human Values

    Regardless of their income or position, people always appreciate basic human values: friendly advice, sympathy, relations, and humor. This way, human values are the basic elements of any effective brand voice.

    But, in order to succeed you should be absolutely honest, authentic and consistent.

    IMPORTANT Always tell people about the current state of your brand, not about what it will be in a few years or about how great it was before.

    Read more…

    Find this post worth sharing?
      Categories: eCommerce Tips Tags:

      New Admin Product Grid Defeats Daily Routines

      April 10th, 2015 No comments

      Each business activity, and ecommerce is not an exception, has two different sides – creative searches of brilliant ideas and daily routines of managing inventory, customers, orders, etc. And usually, the last ones take much more time and efforts.

      Just like the bulk of the iceberg is hidden under the water the main part of each store management routine is carried out on the backend. Managing products, prices, stocks, categories, brands, vendors, etc. is so time-consuming and irritating that sooner or later you start looking for a solution to increase your productivity.

      The Admin Product Grid Magento extension

      Luckily, we have a great tool for Magento store owners able to save much time each day you manage product attributes and other product information.

      The Admin Product Grid extension allows you to edit product attributes inline and easily create a custom view of the Manage Products grid, which fully meets your commercial needs.

      Admin Product Grid Benefits

      Time Savings
      On the product page of the extension you can find a vivid use case describing the benefits provided by Admin Product Grid. In a nutshell, the use case describes the situation, when you manage 5 product attributes daily in average. It clearly shows that the process flow involving Admin Product Grid takes just 6 steps to edit the attributes, while the native Magento flow requires 12 steps to be done.

      This way, the advantages provided by the module are evident.

      Compliance with Business Objectives
      Since each business has its own and sometimes very specific commercial objectives it usually needs exclusive backend tools and grid views to perform own tasks. Using Admin Product Grid you are able to create “100% right” Manage Products grids, containing all necessary attributes and special columns organized exactly as you need.

      Advanced Control
      The module provides you with advanced control facilities, which embrace automatic data validations, the opportunities to make critical attributes not editable or undo recent changes. All these allow you to reduce the number of human errors and needless corrections.

      Read more…

      Find this post worth sharing?

        Google Mobile-Friendly Algorithm: Should We Panic or Not?

        April 9th, 2015 No comments

        This spring, webmasters and site owners with bated breath are waiting for the new algorithm update announced by Google recently.

        It greatly differs from other Google’s updates for several reasons.

        Google Mobile-Friendly Algorithm

        First of all, we exactly know the starting date of the modification – April 21. Secondly, Google announced this date publicly, explained the consequences and even provided the ways to avoid penalties. That’s not common, at least. And everything unusual usually worries.

        So, in order to dispel our own and your anxiety we tried to understand the threats and opportunities of the upcoming changes for online merchants.

        Google Mobile-Friendly Algorithm

        According to Google itself, this new algorithm is going to significantly expand the influence of “mobile friendliness as a ranking factor” and display more content from apps in search results.

        This actually means that the mobile rankings will change greatly and current leaders will apparently be deposed. The situation when high rankings in desktop search provide similar positions in mobile search will not happen again any more. This way, Google splits two kinds of rankings completely.

        The good news is that Google claims that this new algorithm won’t affect desktop search and those merchants, who mostly benefit from this type of traffic, may breathe freely for a while. But, all the rest site owners have a great piece of work to be done before the designated date.

        Moreover, Google says that the update is going to last about a week or even more, so we all have some extra time even after April 21.

        IMPORTANT At SMX West, Google’s Gary Illyes explained that site updates for this algorithm would be considered in real time. So, site owners may hope that their positive changes will be noticed fairly quickly.

        Check Your Own Mobile Status

        The specific feature of this update is that along with the delay Google provided an ad hoc tool for site owners, which helps to check mobile friendliness of your pages.

        Note: This update operates on the page level. This means that your site will not be affected by few not mobile friendly pages.

        The second way to find out the answer is to check out the Mobile Usability Report in your Webmaster Tools. In this report Google specifies the pages, which do not comply with its requirements.

        Or you can just fund the pages of you site in mobile search and discover the sign “Mobile-friendly” next to it.

        Read more…

        Find this post worth sharing?

          Product Questions 2.1: The Question of Usability

          April 2nd, 2015 No comments

          Educated customers are always wise customers and that is usually the thing each honest seller needs.

          Product Questions 2.1

          Still, much depends on you when it comes to raising the knowledge level of buyers. Especially that customers love to learn as it directly influences their shopping satisfaction and security.

          Note: 42% of online shoppers said they had contacted a retailer about an online purchase in the last 6 months.

          Many customers have certain questions regarding their purchases before they complete the order. So, provide them the opportunity to get the answers directly on the product page and prevent purchase delays.

          Your store is the easiest way and the most accessible channel of communication with customers. You can certainly organize the process in many ways, but the Product Questions extension is certainly great for Magento shops.

          Using this module you obtain both the possibility to put relevant information about your products and services in front of customers and receive their feedback. This bilateral communication is very important since it allows customers to feel a live connection, while you get valuable data about customers’ needs and preferences.

          The Product Question extension makes the process of providing information and communication with customers beneficial for both sides:

          Features for Customers

          • Enables customers to ask questions;
          • Creates the questions bank and keeps all questions and answers on product pages;
          • Allows customers to share their experience and answer questions from other visitors;
          • Allows customers to track statuses of their questions and get answers in the My Account area.

          Questions on Product Pages

          Questions on Product Pages

          Features for You

          • Allows you to answer questions from the backend;
          • Allows you to create new questions;
          • Enables you to assign questions to different products;
          • Allows you to notify customers about new questions;
          • Provides you with the opportunity to invite customers to answer questions.

          And it’s just a short list of available features provided by Product Questions.

          New Features

          The latest version brings yet more functionality to the extension and enables you to further improve the look and feel of your product questions.

          Read more…

          Find this post worth sharing?

            3 New Extensions to Import/Export Orders and Improve Your Checkout

            March 31st, 2015 No comments

            Striving to offer only an excellent service for our customers we constantly extend the product line in our store.

            Staying strictly within this strategy we’d like to offer you three new extensions in our catalog:

            The Import/Export Orders Magento extension

            Import/Export Orders

            The Import/Export Orders extension from our partners facilitates import/export order data operations and makes those procedures safe and comfortable. Not only are orders exported, but also customer related information regarding both registered and guest customers.

            Orders are the critical data of your Magento store, which have to comply with the principles of consistency and accuracy applicable to the fundamental information.

            But, sometimes we need to transfer these data outside for, e.g.:

            • Third-party software data updates;
            • Magento to Magento migrations;
            • Magento store updates, including merging, branding, etc.

            During this, possible data losses may harm the shopping process and create mistakes crucial for any business.

            Having the Import/Export Orders extension at hand you can be confident regarding data integrity and save a lot of efforts each time you transfer your order-related data to other program applications or new Magento installations.

            import3

            Import  Functionality

            Features

            • Import/export orders instantly after the extension installation (no additional configuration is required);
            • Import/export orders containing any type of products (simple, simple with custom options, configurable, grouped, bundled, downloadable, or virtual);
            • Import/export orders of any payment method, including disabled ones;
            • Export all or selected orders only;
            • Export orders in the XLS format for quick previews;
            • Eliminate any order ID conflicts assigning new IDs to orders during the import procedure or keep them old;
            • Generate order invoices and shipments at the end of the import process (optional)
            • Import/export orders from any store view.

            Read more…

            Find this post worth sharing?

              SARP 2.1 Gets the eWAY Payment Method

              March 27th, 2015 No comments

              The Subscriptions and Recurring Payments extension provides one of those great services, which are both required by customers and beneficial for merchants. Offering product subscriptions is a real chance to increase sales and improve provided customer service in your store.

              Using this extension you are able to offer subscriptions to your customers and use the extended tool set for their configuration and tracking.

              SARP 2.1

              This extension allows you to:

              • Set up periods of subscriptions and separate prices for each of them;
              • Offer trial or discounted periods of subscriptions;
              • Offer daily, weekly, monthly, or annual subscriptions or define custom periods for different products;
              • Segment customers by their subscriptions;
              • Provide infinite subscriptions;
              • Create unique subscriptions for each website;
              • Define payment days for any individual subscription (defined by customers, the moment of purchase, the last day of each month, etc.)
              • Check subscription statuses; view all subscribers and their payments.

              Your customers also enjoy advanced capabilities of the extension, including detailed information regarding their subscriptions in their Account Area and secure payment processes accomplished on the gateways’ sides.

              The SARP extension supports simple, downloadable, configurable, virtual, grouped, and bundle products for subscriptions and multiple payment methods for recurring payments.

              New Feature

              Since the 2.1 ver. of the extension your customers are able to use the eWAY payment method to pay their purchases, which is especially beneficial for the Australian customers, where this payment method is widespread.

              This way you can greatly expand the geography of your international clients and offer better customer service for your existing customers.

              IMPORTANT The eWAY payment option requires cron jobs to be set up. Please, refer to our Readme for more details.

              The Subscription and Recurring Payments Magento extensionConclusion

              On the product page of the extension in our store you will find more detailed information regarding the functionality of the module. You can also walk through the whole list of available payment methods and refer to the extension’s documentation there. In order to try the functionality online, visit our demo stores, please.

              If you have something to add to this post, share your comments below or contact our support, please.

              Find this post worth sharing?