Category Archives: Blog

Last Minute Prep for Black Friday & Cyber Monday

Are YOU ready for Black Friday and Cyber Monday?!Thanksgiving is next week, which means the e-commerce world is frantically preparing for Black Friday and Cyber Monday. While others prepare to gorge on turkey and spend some serious dough, are you sure your store is ready for the rush? Here’s some quick tips to get your store in shape for the busiest shopping days of the year!

Prepare Your Store

Do you have your Black Friday and Cyber Monday graphics ready to go? Do you know the plan for pushing them live? Have you tested the look-and-feel out in a development environment?

Are your offers ready? Do the coupon codes work? Have you checked to make sure the appropriate limitations on those codes are in place? And, most importantly, is your site secured?

Optimize Search

If you don’t already have robust keywords in your store, now is the time to add some! Have you properly configured Google Search Console and Bing Webmaster Tools? These tools provide starting points for seeing what the major search engines know about your site. You can then use a good SEO mod, or tools built-in to your cart to make sure your key words have been properly added and are positively affecting your search standings.

If your business is tight on cash flow, that doesn’t mean there’s nothing you can do! A little bit goes a long way, and since SEO should be a major component of any sales strategy in e-Commerce, if you’ve neglected this, there’s no time like the present to step up and make your site search-friendly.

Prepare for the Worst

What’s your Black Friday disaster plan? Do you have support staff on standby? What will do you if you run out of stock? Is your fulfillment team ready to get those Black Friday and Cyber Monday orders to customers?

And what about technical problems? Do you know what to do if the store is crashing on Black Friday? Do you have site backups? What about the database? One small error can massively mess that up for the whole weekend if you don’t have a contingency plan in place.

Your most likely source of problems on Black Friday or Cyber Monday will be the customers. Do you lay out your store policies on returns and shipping, and list your Holiday delivery deadlines in a clear manner on your site? Making sure your policies are clear can make working with unhappy customers easier and less time consuming post-holiday.

Aim for the Best

You should aim to give your customers a great shopping experience on Black Friday and Cyber Monday. If you haven’t refreshed your store’s look and feel in some time, now is not the time to try radical changes, but small quality of life improvements can go a long way.

  • Do you have mobile friendly pages? Will your Black Friday / Cyber Monday images and promotions look nice on mobile devices?
  • Do you have abandoned cart reminders enabled, so that you can re-capture those customers that are on the fence about their purchase?
  • Are you offering a loyalty program, and rewarding your loyal customers?

And, last but not least… social media. Are you engaging with your customers about what deals you’re bringing to them this Black Friday / Cyber Monday? Much of your attention this week and in the run-up to Black Friday should be on how you can capture your (future) customer’s attention next weekend. Here are some tips:

Appeal to the vanishing deal!

Black Friday and Cyber Monday are over fast… encourage quick purchases by appealing to your customers sense of urgency and implying scarcity of your products.

Update Your Profiles

Give your social media presence a quick make-over with new graphics, and make sure your information and correct and concise.

Use Your Blog

Write guides (like this one) in the run-up to your Black Friday / Cyber Monday deals. Review products you want to sell, or create short tutorial videos to soak up the customer’s attention.

Research

Do your homework. There’s tons of amazing guides! Her’s just a few to get you started:

When in doubt, seek help!

BCS Engineering is staffed with e-Commerce experts that have been working in the field since 2004. If you’re not sure you’re ready, or if you just want to get some feedback about a particular issue, we’re here to help you survive Black Friday and BEYOND! Contact us today to see how we can help you!

This entry was posted in Blog, Ecommerce and tagged , on by .

X-cart 4.7.10 Released

X-cart 4.7.10 has been released! Contact BCSE today for help with your upgrade!

X-cart 4.7.10, the latest update to the “Classic” branch, just announced . This version brings several improvements for site speed and reliability, as well as enhancements for SEO, GDPR, and third-party integrations.

Major Changes

  • Improvements for Site Speed and Optimization (native CSS and JS minification, widget improvements).
  • Security Improvements (including changes to cookies to ensure PCI compliance).
  • X-cart now supports Guest Checkout for the Paypal Module.
  • X-cart 4.7.10 now fully supports PHP 7.

Ready to Update?

How to go about updating your store to X-cart 4.7.10 highly depends upon your current environment. If you are using a version prior to 4.7.0, you will need to consider reaching out to a professional for help with your upgrade.

If your store is currently running one of the previous 4.7.x releases, upgrading should go relatively smoothly, however we still recommend that you take some precautions:

  • Never upgrade a live store. You should maintain a development environment for your store, so that you can try out upgrades in a test mode, and ensure that nothing breaks.
  • Always have a backup. Both your site’s file and database should be copied before you apply the patch.

You can obtain the upgrade packs from your customer area. Make sure you following the instructions for applying the file and database patches precisely. More information on upgrading is available on the Wiki.

We strongly encourage you to seek assistance from an experienced X-cart developer when upgrading. This is especially true if your store is currently running version 4.7.0 or earlier.

Need Help?

Our team has been developing custom modules, hosting and maintaining X-cart sites, and helping stores grow since 2002! We’re ready to help you upgrade today. Contact us now to discuss how we can bring your store up to the latest X-cart 4.7.10.

This entry was posted in Blog, X-Cart and tagged on by .

PHP 5 Deprecated This December!

PHP 5.x will be deprecated at the end of 2018!

One of the most popular platforms on the web — PHP 5 — will stop receiving security updates at the end of the year.

According to The PHP Group, security updates will only be issued for the popular PHP 5.6 branch through the end of this year.

This will have a huge impact on the web at-large and the e-commerce community more specifically. Many popular cart solutions rely upon PHP, including X-cart, Magento, and WooCommerce. Many stores also rely on PHP to run their blogging/news components in the form of CMS tools like WordPress.

“This is a huge problem for the PHP ecosystem,” Scott Arciszewski, Chief Development Officer at Paragon Initiative Enterprise, told ZDNet in an interview. “While many feel that they can ‘get away with’ running PHP 5 in 2019, the simplest way to describe this choice is: Negligent.”

from “Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks” (ZDNet, 14 Oct 2018)

What do I do?

If your site is currently operating on PHP 5, you should determine which of the 5.x branches you’re currently using. Updates have ceased for the 5.4 and 5.5 branches of PHP 5 since September 2015 and July 2016 respectively.

PHP Calendar from https://secure.php.net/supported-versions.php [Retrieved 15 Oct 2018]

How quickly you need to deploy a new version on your site depends upon just how out-of-date you are. Generally speaking, anyone using any branch of PHP 5 should update as soon as possible. If you’re on 5.4 or 5.5, you should contact your hosting provider ASAP.

However, our experience is the moving from PHP 5 to PHP 7 is a non-trivial process. A lot has changed. Some of those changes are very fundamental. Therefore it’s not at all uncommon for us to see sites break when site move from 5 to 7.

Don’t host your site with a provider that automatically
updates major versions of PHP without warning!

BCSE will be migrating our hosted clients to PHP 7 in the coming weeks. We encourage our customers to monitor their inboxes for notification of pending updates. And, as always, don’t hesitate to reach out to us with any questions along the way.

This entry was posted in Blog, Ecommerce on by .

Preparing Your Store for the Holidays 2018

It’s beginning to look a lot like… October?

Now that it’s October, it’s time to start thinking about the upcoming holiday 2018 rush. Black Friday! Cyber Monday! Giving Tuesday! Now is the time to start getting ready, or else you may have to deal with ‘Weeping Wednesday’ when you take a look at your sales.

$335 is the average amount spent online per person in the US during the five day period between Thanksgiving and Cyber Monday last Holiday season.

Why prepare now?

Simply put, the holiday season is the biggest retail sales period of the year, and you don’t want to miss out. If you have an online presence, you should expect people to be shopping your store on Black Friday and Cyber Monday, and that there’s going to be a large, active shopping presence throughout the holiday season.

Take advantage of the months before November and December, when sales are steady and stable, to look over last year’s sales data.

  • What areas did you do well in?
  • Where do you need improvement?
  • Are there features you’ve been putting off implementing that you’d like to have for this year’s busy season?

Some typical issues that site owner see are site functionality that could be improved, your logistics and product delivery pipeline, and poor marketing positions. Is your store lacking in one (or all) of these areas?

43% of US internet users are shopped online on Cyber Monday 2017 via mobile.

Mobile Matters

Mobile sales are shattering records year-after-year. Does your mobile presence inspire trust in your brand among your customers? Is your mobile site easy to navigate? Are you accessibility friendly?

It can take two months or more to develop mobile enhancements to an existing e-Commerce site that doesn’t natively support mobile. Often, an entire site theme needs to be rebuilt and adapted to your store. The middle of November is not a good time to think about a major redesign. Start early, reap the rewards this holiday season.

58 million Americans are shopping online only this holiday season.

Smooth Stores Make More

How does your site perform? Have you tested it? There a tons of website performance calculators out there… is your site up to par? If your performance isn’t where you want it, your customers could be experiencing frustration while using your site, and that could turn them away from your shop when there are deals to be had literally everywhere.

Things you can do now:

  • Have a professional performance audit — Let one of our engineers evaluate your site’s configuration and actual performance in real world testing, to determine whether there are any changes that can optimize your content delivery.
  • Compression — Reduce the size of your content (especially images) by compressing it before delivery. This will make your site faster and, therefore, more friendly to customers. You can also minify CSS and JS, and deploy your site over a content delivery network to improve performance further.
  • Load Balancing — When your service capacity is too small for the amount of traffic your site generates, you start to see “connection refused” errors. Using multiple servers sitting a load-balancer to evenly distribute the traffic can keep your site snappy even under intense load.
  • Is your code efficient? — Are you using 50 plugins? Do you have a spaghetti mess of customizations that have been built over years and year of tweaks? Maybe you’re running an older platform that needs upgraded? All of these things can lead to inefficent, ugly, and insecure code. This one is best left to professionals to handle… contact us today!

51% of US internet users would shop digitally at the Thanksgiving table to "get an amazing deal."

But Deals Matter Most

Fundamentally, shoppers on Black Friday and Cyber Monday are out for deals. Now is a good time to sit down, look at your product offerings and margins, and develop a sales strategy for the holiday season. Furthermore, figuring out what you really want to sell this holiday season can tell you how to sell it.

Starting now, you have a solid 6 week period for getting together new graphics, marketing materials, and planning a strategy for enticing customers into your store.

Ideally, you’ll have a solid strategy in place a few weeks before the holiday season starts. If you couple this with a site that’s been checked out by a professional, with any issues fixed or maybe even updated a bit, you’re sure to have a stellar holiday season.

Holiday Help

Let BCS Engineering ease some of the stress of operating an e-commerce store this holiday season. Our engineers have been designing, building, maintaining, and building custom enhancements for e-Commerce sites of all flavors since 2002! We’ve got what it takes to get your site in shape for the holidays, and we’re here to help. Contact us today!

This entry was posted in Blog, Ecommerce on by .

Magento 1 to be Supported Through 2020

Magento 1 long-term support through June 2020

Magento announced today a long-term strategy for the Magento franchise.

According to the post:

For Magento Commerce 1, we are providing software support through June 2020. Depending on your version, software support may include both quality fixes and security patches. Please review our Magento Software Lifecycle Policy to see how your version of Magento Commerce 1 is supported.
(Source)

and regarding the open-source edition (formerly known as the Community Edition):

For Magento Open Source 1, we are providing software security patches through June 2020 to ensure those sites remain secure and compliant. Please visit our Legal Terms page and review our Magento Open Source Software Maintenance Policy to see which versions of Magento Open Source 1 continue to receive software security maintenance.
(Source)

Therefore, it is of vital importance that e-commerce stores who are currently using Magento 1 begin the process of transitioning. This could be either via an upgrade to Magento 2, or via migration to another cart provider.

Need to Upgrade from Magento 1 to Magento 2?

At BCS Engineering, our e-Commerce focus is customer-centric. Our aim is provide you with the simplest path from where you are to where you need to be. If you’re currently hosting a Magento 1 e-commerce website, our Magento experts can assist you in multiple ways:

  • We’ll move your store from Magento 1 to Magento 2 — or any other platform — for you; let us do it all!
  • Do you just need some custom functionality ported to your new store? Our certified developers are ready to help.
  • Or, are you so completely overwhelmed with the idea of moving your store that you don’t even know where to begin? Don’t worry, we’ve been doing this since 2002… this isn’t our first rodeo.

Contact BCS Engineering today! We can help you navigate the upgrade process and keep your store working smooth… until 2020 and beyond!

This entry was posted in Blog, Magento on by .

Magento 2.2.6 Released!

The latest release of Magento — version 2.2.6 — is out now and includes multiple bug fixes. New enhancements designed to increase the overall security of the platform include:

  • 25 critical security fixes (addressing cross-site scripting and other vulnerabilities)
  • 7 major performance improvements (including product indexing and improvements for multi-site)
  • Updated Amazon Pay, Google Tag Manager, and dotmailer integrations
  • Over 150 product quality enhancements

Further notable enhancements include:

  • improved reliability of the checkout process,
  • CAPTCHA improvements, and
  • sales/payments improvements (including Braintree and Paypal integrations).

There are multiple other enhancements to improvements in shipping, sitemap, themes, as well as minor code and interface corrections. You can find the complete list of changes in the release notes for 2.2.6 Open Source or 2.2.6 Commerce. From Magento:

Although this release includes these security enhancements, no confirmed attacks related to these issues have occurred to date.

A minor patch is also available for Magento 2.1 — version 2.1.15 — that addresses these security concerns. For a full discussion of the vulnerabilities that have been addressed, see this discussion at the Security Center.

Do You Need Help with Your Magento Upgrade?

BCS Engineering’s certified Magento developers are standing by and ready to assist your e-commerce store with upgrading to the latest version of Magento! Our team are experts at deploying new major and minor upgrades, as well as assisting with your store’s theme, adding custom features to your store, or addressing security and performance issues. Contact us to find out how we can help with your store today!

This entry was posted in Blog, Magento on by .

X-cart 5 Tips: Stuck Deploying Changes?

Adding or upgrading a module to your X-cart 5 store will deploy these changes to it’s code-base. During the “deploying changes”  process, X-cart performs several additional maintenance tasks that keep your site functioning.

For example, rather than serving up the files from the main “classes” and “skins” directory, a snapshot is created. This snapshot represents the actual code that’s served to users when they request pages within your store. While it does this, it runs a series of special calculations and optimizations on that code, so that your store is a fast as possible.

Sometimes, during this process, something goes awry. During the “deploying changes” process you’ll see a text scroll of what phase of the process you’re in. When that stream stops, hangs, or throws an error something has gone wrong.

Sometimes “deploying changes” goes REALLY wrong; your entire site is down, and visitors will be greeted with the spinning gear of death…

What the store looks like to customers when deploying changes goes wrong.

When this happens, what are you supposed to do? Here’s a few tips:

Try The Back Button

X-cart 5 can be finicky at times. It’s a complex piece of software. Sometimes, deploying changes will appear to stall for no obvious reasons. When this happens to me the first thing I always try is to just jump back to the previous admin page using the back button.

Many times this will re-start the “deploying changes” process and it’ll finish with no problems whatsoever!

Delete Your Site’s Cache

If something really went wrong, you can delete the site’s current snapshot and reload. There are two ways to do this:

If you have FTP/SSH Access

Log into your store via FTP/SSH, and delete the files in the <X-Cart Directory>/var/run folder, and the file  <X-Cart Directory>/var/.rebuildStarted. Here <X-cart Directory> is the location of admin.php for your store. Then go to the admin area of your store. X-cart will detect the absence of the cache and attempt to rebuild it.

If you do NOT have SSH Access

You can access your store’s “drop cache” function at:

https://<YOUR_XCART_URL>/admin.php?drop_cache&access_key=<YOUR_SAFEMODE_KEY>

 

where <YOUR_XCART_URL> is the main page for your store, such as “https://www.example.com/x-cart/” and <YOUR_SAFEMODE_KEY> is a special key that allows this functionality to be invoked. You can find the value of the key in the file var/data/.safeModeAccessKey in your X-Cart installation folder.

Last Resort: Safe Mode

Before you get into this situation, you should go to Admin > System Tools > Safe Mode to generate the various safe-mode links for your store. This will allow you one set of steps you can take when deploying changes goes wrong.

When deploying changes goes really wrong, safe mode can save you!

You can see that these links have the same structure as the “Drop Cache” link above… you can replace site URL with <YOUR_XCART_URL> and the example access key with <YOUR_SAFEMODE_KEY>as described above, and use the URLs from this image to access your store’s reset features.

It is best to try them in order, first attempting to restore the add-on’s current state. Then if that doesn’t work, try the soft reset. And, lastly, if that fails, the hard reset.

  • Restoring the Current State of All-Ons basically is a simple re-deploy. All code from the modules will be re-set, and the store will try to re-build the cache.
  • Soft Reset removes all modules except those developed by the X-cart directly. You can then go back and re-enable any custom modules using normal means.
  • Hard Reset removes all modules, except for those developed by X-cart (including custom code that X-cart has developed for you), and including those provided by the X-cart Marketplace. Your site will need some serious work re-enabling your modules one-by-one if your undertake this reset… so it’s not to be done lightly.

When All Else Has Failed…

Sometimes, you’re just in such a pickle that you’re not going to be able to get out of it yourself. When that happens, trust the experience X-cart developers at BCS Engineering to get your store back together for you quickly and easily.

Contact BCS Engineering today to find out about our many support options, including emergency support for when your store is stuck deploying changes. We’re here to help!

This entry was posted in Blog, X-cart 5 and tagged , on by .

Securing Magento 101: The Basics

Securing Magento

“It takes 20 years to build a reputation and five minutes to ruin it.”

— Warren Buffett

In the age of e-commerce that five minutes could be considerably shorter. Your e-Commerce business hinges upon your customer’s trusting your site completely.

With an install base of nearly 100,000 live websites, and a market share that’s surpassed 13%, Magento sites around the globe represent a huge target for malicious actors looking to compromise a sites for profit.

Just last week, a “massive website hacking campaign that has infected 7,339 Magento stores” was announced. Would you want to be one of those site owners? Would you want to explain to your customers that their credit card info was stolen.

Nope.

That’s why securing Magento is an absolutely critical step for your e-commerce business.

Typically the way that hackers compromise a Magento site is a cyclical process. It looks something like this:

The four stages of an eCommerce attack; you need to understand this process in order for effectively securing Magento.

  1. Identify a specific vulnerability in the e-commerce platform (Magento).
  2. Target an e-commerce store with this vulnerability.
  3. Attack the store with this vulnerability.
  4. Exploit the vulnerability until it’s found and patched; then repeat.

So our goal is simple… we prevent the cycle show above from ever starting. Here are some super-simple basic rules that every Magento site-operation should follow.

Ten Tips for Securing Magento

1. Regularly Apply Patches

Patches remove security holes regularly, and provide critical improvements to your Magento store that can prevent holes from being found by forcing a “moving target.”

2. Use Modules/Extensions from Authentic Sources

One of the reasons that your probably chose Magento was it’s sensibility and the large number of modules and extensions available for the platform. Make sure you only install modules and extensions from Magento Marketplace. You should also investigate the background of a module’s developer, and thoroughly read the module’s reviews, before you trust installing it to your store.

3. Change Passwords Before and After you Seek Any External Assistance

Any time you ask a developer to work on your store — even us — you’ll need to share credentials with them. You should always provide the minimal set of credentials needed for the work. This usually amounts to a Magento admin username and password. The proper way to do this is to make a new administrator account for the developer, with a random password, and once they have finished the work they set out to do you should disable that account and/or change that account’s password. In some circumstances, they’ll need SSH access, and the same principle holds there… disable that SSH user account and/or change the account’s password.

Bonus tip: restrict only certain IP addresses from connecting to your store via SSH, and use a non-standard TCP port number for added security. Your hosting provider can assist you with configuring this aspect.

4. Schedule a Recurring Security Review

We highly recommended not becoming complacent about securing Magento; that is, just because you’re safe today doesn’t mean you’re safe tomorrow. With that in mind you aren’t a security expert, either, so it makes sense to have an independent review of your store regularly to ensure that everything is working smoothly and, most important, securely.

Schedule a recurring security review of the Magento e-commerce store with a certified Magento developer to ensure that your store is always as safe as it can be.

5. Use SSL/HTTPS

SSL is to encrypts all data that passes between browsers and servers; this ensures that a third-party can’t view or manipulate the data as it passes from the user to the server. It’s absolutely essential to securing your store and is a strict requirement for PCI compliance.

6. Use SFTP

SFTP uses encryption to upload data to your Magento store. Like SSL/HTTPS, using SFTP prevents third parties from intercepting or manipulating data that you upload to your store.

7. Change the Administrative URL, Username and Password

One of the commonly exploited vulnerabilities across web is using default administrative URLs and credentials. You’re in a hurry to get your store up-and-running, you don’t have a good way to store a password, so you just leave things set to the default. Making just a few small changes — setting the admin URL to something that only you know, specifying a robust admin username, and using a secure password — can change your store from a soft target to a hard target instantly.

8. Consider Using a WAF for Added Security

A Web Application Firewall (WAF) works differently than a traditional firewall. A “regular” firewall typically only looks at network traffic at a very low-level; for example, to allow TCP port 80 (web traffic), or deny TCP port 22 (SSH traffic).

A WAF works at the layer closest to the user, looking at the actual HTTP requests, and can be used to block attempts at injecting SQL, preventing Cross-Site Scripting (XSS), and other complex attacks that no traditional firewall would ever detect.

Therefore WAFs assist in securing Magento by providing an added layer of protection to your threat reduction model and could very easily save your business someday.

10. Have a Disaster Recovery and Backup Plan in Place

An often unrecognized aspect of securing Magento is knowing what to do when something goes wrong. Think about how you would recover from a hack before it happens and have a plan in place. You’ll react quicker when you discover a problem, and won’t have to worry about what to do; just follow the plan and solve the problem. Having a good backup strategy, talking through with a developer what to do if you discover a problem, and staying calm because you have a plan can mean the difference between your site being down for a few hours and a few days.

Time spent preparing now will work out in the long run to be much less expensive than the lost revenue of an extending downtime event.

Conclusion

Because Magento is a robust platform, it has many safeguards to keep your e-Commerce store safe, but no piece of software is ever 100% invulnerable. The best thing that you can do is to implement a security-first mindset, follow expert advice on securing Magento, and never hesitate to ask questions about what’s best for your e-Commerce environment.

If you’d like to discuss your Magento store’s security, contact BCS Engineering: our professional, Magento-certified staff can assist you with improving your site’s speed and security today!

This entry was posted in Blog, Magento and tagged , on by .

Authorize.Net Implementing Changes

Authorize.net Implementing Changes

Authorize.net is implementing changes:
Any customers having the Authorize.net DPM prior to November 10, 2016 for versions 4.4.x through 4.7.x will need to get an updated module before July 19, 2019. More information can be found at https://developer.authorize.net/api/upgrade_guide/

Anyone running the Authorize.net DPM module on 4.0.x through 4.3.x will need to contact us for customization so your module will continue to work past July 2019.

Please contact us to receive a quote for the update or customization!

This entry was posted in Blog, Ecommerce on by .

Using an SSH Tunnel to Connect to MySQL with PuTTY

For our hosting clients, we do not generally open the default TCP Port for MySQL (port 3306) for security reasons. A consequence of this is that users cannot connect directly to MySQL databases for their sites. However, by using an SSH tunnel, one can forward the traffic securely over the SSH connection and connect.

The following instructions describe how to establish an SSH tunnel for port 3306 to your server. Before you can proceed, you’ll need the following:

  • working SSH login credentials for your server,
  • PuTTY – a free terminal emulator.

Instructions

  1. Step #1: Launch PuTTY.
  2.  
  3. Step #2: Enter your server’s hostname or IP address in the “Host Name” field.

  1. Step #3: Navigate to Connection → SSH → Tunnels
  2.  
  3. Step #4: Fill in 3306 as the “Source port”, and fill in 127.0.0.1:3306 as the “Destination”. This tunnels all traffic to the local host (IP address 127.0.0.1) over port 3306, to port 3306 on the SSH connection. Make sure you click “Add” and that the entry appears in the list of Forwarded ports as in the screenshot below:

  1. Step #5: Connect to the server by selecting “Open”. You will need to provide credentials and may need to accept the host’s SSH key if this is your first time connecting.
  2.  
  3. Step #6: You can now connect to your database using a client of your choice, such as MySQL Workbench (free). You must direct your client to connect to the host 127.0.0.1 and port 3306.
This entry was posted in Blog, Support on by .