Sorry, we were unable to find this news article.
RSS Feed
News
Jan
20
How to SAFELY regenerate blowfish encryption key in X-cart 4.x
Posted by admin on 20 January 2016 12:33 AM

If you run X-cart 4.x store for more than a year, you would get an annoying reminder to regenerate your Blowfish encryption key:

regenerate_blowfish_key_x-cart

“Your store’s Blowfish encryption key expired. You should re-generate the Blowfish encryption key to ensure security of sensitive data in your store’s database”

If you just click “regenerate” button and start the process, there is a good change it will screw up all the passwords, payment processing setup and encrypted orders data. Easiest way is just ask us to do this for you – we do this in our clients stores every other day – but if you feel optimistic and do not have anything better to do with your time, here is how to regenerate blowfish key safely:

  1. Check if you have “mcrypt” support enabled in PHP on your server. To do this, go to Tools -> Summary -> PHP : Details and search for “mcrypt”. You should see a whole section titled “mcrypt” and first line should say : “mcrypt support enabled”
    * this is important! do not start process without this.
  2. Backup your database – this is in case you will screw up – database hold your encrypted data
  3. Backup your config.php file – this is in case you will screw up – this file has current blowfish key which you will need back if you restore database
  4. Change config.php file permissions to 666 – X-cart will save new blowfish key in there
  5. Go to Tools -> Maintenance -> Re-generating the Blowfish encryption key
  6. This process will run from few seconds to several minutes unless your database has hundreds of thousands of customers in which case it will take a bit longer. Do not close your browser or click Back until it’s done!
  7. After you get “The Blowfish encryption key has been successfully re-generated.” message, logout from control panel and login again to verify your password is still working
  8. Change config.php file permissions back to 644

If you can not login after blowfish key was regenerated or your customers will complain they can not login, you need to restore the database and config.php file with old key. Do not try to regenerate key again unless you find out why it did not work the first time.

And again, the easiest way is to just ask us to do this for you.


Read more »



Jan
11
Best X-Cart module (January 2016) : Authorize.net DPM
Posted by Anton on 11 January 2016 12:05 AM

authorize.net dpm for X-cart shopping cartSince new PA/DSS compliance requirements came out some time ago, our clients were asking for simplifying credit card checkout. X-Payments module works but is expensive and complex and saving credit card feature was not working too well last time we tested.

There is an alternative and, for several months now we used  Authorize.net DPM module from BCS Engineering. This module does not need X-Payments and offer customers option to safely enter credit card number right on checkout page. Recently, Authorize.net included tokenization into DPM module to allow customers securely save credit card and reuse it later for faster checkout.

BCS Engineering added that feature into the latest version of their module and made it the best checkout option for X-cart. If you are using or considering Authorinze.net as your payment gateway, here is how we would recommend setting up your checkout options:

  • Authorize.net gateway with your merchant account configured with “Authorize.net DPM” module from BCS Engineering to accept credit card and offer “Save my card” feature to your customers;
  • Paypal Standard method to allow customers to pay with Paypal account;
  • Phone orders is recommended as well to capture any orders which had problems with using credit card or Paypal to checkout.

There are two tricks we learned about setting up Authorize.net DPM with “save credit card” feature:

  1. Authorize.net CIM has to be enabled in your Authroize.net account if you want to offer “save credit card” feature.
  2. CVV number is required by default but has to be set to optional for “save credit card” feature to work (this has to be changed in your Authorize.net account). You still need to keep CVV filter enabled and set to decline transaction if number does not match:cvv_filterThis way, first time customer is using credit card, X-cart will force CVV to be entered and Authorize.net will check it and decline if it does not match but if customer is using that card again, store will not ask for CVV and Authorize.net will not decline transaction because filter for “Should be on card, but is not indicated” is not set to decline.

You can find more information on BCS Engineering website or let us know if you are interested in this module and want us to arrange and install it in your store.


Read more »



Dec
28
Why should you upgrade your Magento store?
Posted by admin on 28 December 2015 11:55 AM

Magento is nowadays one of the leaders in the world of e-commerce for setting an online store and running it. Magento offers plenty of great features and extensions to raise the usability of your website, and to enhance the shopping experience of your consumers. As you may know in 2015 Magento has released the updates to both of its versions (Magento Community Edition 1.9.2 and Magento Enterprise Edition 1.14.2). Let us look at the improvements and discuss whether you should upgrade your store.

Magento Community Edition 1.9.2

magento managed hosting

If you are still on Magento 1.6-1.8 versions let us look up on the general improvements in 1.9 edition:

  1. The 1.9 version is mobile-responsive, which means your website will be portable-device-friendly (it will display properly on tablets and smart phones) and it will give you some additional opportunities for SEO.
  2. It supports PHP 5.4.
  3. It has a Bill me later option and several other checkout improvements to increase your conversion.
  4. It allows you to trade in different countries or states, keeping the same price, regardless of tax regulations.
  5. The version 1.9 has improvements in the operation of currency change – there is no need to change the currency when using PayPal Standard Payments.
  6. Several other improvements in terms of security (e.g. billing agreements, Magento randomness function, file system security, cross-site scripting etc.)
  7. Fixes on Payment Methods.
  8. Fixes on Shopping Cart and Web Store.
  9. Import Fixes.
  10. Fixes on Promotional Price Rule, Invoicing, Credit Memo, Administrative Ordering etc.

You should know also, the older version you have now the more improvements you will get (actually, each new version has some specific features, and Version 1.4 compared to Version 1.9 will have a really small number of working tools). Also it is very important to get the most recent updates on security patches – to make your consumers experience safe and pleasant.

Magento Community 1.9.2.1 specific updates.

This recent version has been launched on August 4, 2015 with the following security patches and updates:

  1. Zend 1 Framework support and Reddis Integration.
  2. Automated Functional Testing.
  3. Security improvements.

 

Magento Enterprise Edition 1.14.2

upgrade magento

Together with the updates to a free version of Magento the updated version of Magento Enterprise Edition has been released earlier this year.

New features of this version of hosted ecommerce solution include:

  1. The opportunity to categorize your products sorting them by color, position as the best product, the top rate product or the highest sold product, it is also now possible to put the newest products in the top category.
  2. The opportunity to use Google tag manager. It enables marketers to make the tags’ updates directly and so to save resources and time to build stronger campaigns. It also helps in Analytics and planning of further marketing campaigns.
  3. The Mobile Software Development Kit (SDK) for IOS. It will help you to create an IOS application for your ecommerce business, including such features as store credits, check out process, customer accounts etc.
  4. A great amount of other technical updates (e.g. full page caching, updated Zend 1 framework, quality enhancements).
  5. Several updates on the partnerships. New Relic Reporting and Lagrange Systems became Magento Gold Technology Partners. It will enable merchants to optimize the site speed, to track the application performance and managed Magento hosting environment health and to troubleshoot the problems faster.

 

To upgrade or not to upgrade?

The answer is – upgrade! To prevent your ecommerce store from suffering security issues and the need of a total rebuild – it needs to be updated on a regular basis.

Imagine, your best managed Magento hosting is an IPhone and you do not update your IOS version each time updates are available. If you keep on going like that for several updates, then you will get a smartphone working as a simple phone, not supporting the functions built into your device.

However, if you update regularly you receive all the new features without a need to change the smartphone itself.

Use Magento website development services and the managed website hosting to upgrade to the newest version and keep on going with all the next releases to keep your ecommerce website safe, working and bringing you joy from sales.

 

Have you upgraded already?


Read more »



Dec
21
Why Managed PCI Compliance Is Mandatory For Ecommerce Stores?
Posted by Anton on 21 December 2015 11:27 AM

ecommerce stores

To understand the importance of PCI compliance for ecommerce stores, we need to know a few facts related to Payment Card Industry Security Standards Council. This is an organization which is formed by some of the major credit card companies, with the aim of having standard common security standards with the sole intention of fraud prevention. PCI compliance is needed by any company which processes, sees or handles credit or debit cards in electronic form which applies to retail shops, websites or office. PCI compliance is important for all companies which have a merchant bank account. This is why it is mandatory now for all ecommerce stores.

PCI compliance ensures fraud prevention and customer safety whenever customers shop. Ecommerce solutions can thrive for long only when they are able to build on trust and do not compromise on any private information provided by customers which can actually ruin their relations. PCI compliance ensures there is full security for customers who feed in credit or debit card details when shopping.

It is mandatory for managed magento ecommerce stores to ensure the safety of the customers as they shop in the store. With implementation of PCI control, a full range of security solutions is implemented for ecommerce stores. Customers look forward to complete hosting security when they are spending money in an ecommerce store. Managed PCI compliance means your ecommerce store is always updated with latest security measures and customers enjoy complete peace of mind when they are shopping.

PCI compliance for ecommerce solutions involves a number of changes or implementations for the online store. Firewall configuration is maintained and installed in order to protect cardholder data. This assures the highest security level for customers so that their financial details are never compromised.

Managed SSL Certificates

Your chosen managed hosting company will provide all services of installation and also renewal of SSL Certificates from some of the best names in the industry.

Managed Anti-virus

With the support of fully managed anti-virus hosting solutions, ecommerce websites are assured of complete protection from spyware, viruses, worms, Trojans and some other malware which can cause immense harm to the website. With the installation of anti-virus, malicious code on any file server is easily identified and it is deleted before it can cause harm to the computer or before it can lead to security issues on the computer network.

Secured Authentication

With PCI compliance, there is special two tier managed magento secured authentication which assures outstanding performance and innovation at every level with the sole intention of enhancing customer security. With such updated hosting solutions and  security features, there is a unique password generation in 60 seconds. With the specialized two factor authentication and the introduction of unique PIN, the authenticator gets a token password which means more reliable authentication. Chances of frauds are avoided.

With managed PCI Compliance, you are assured that customers do not face any security threats or their financial transactions are totally safe. This helps in building customer trust which is vital for any online store to survive in this tough cut-throat competition.


Read more »



Dec
18
What is Ecommerce Hosting and How to Find a Hosting Provider
Posted by Anton on 18 December 2015 11:50 AM

managed ecommerce hosting

 

Ecommerce hosting is a type of website hosting platform used for the need of electronic commerce and online retail business. The difference between ecommerce managed hosting and standard hosting is in features and applications you need to run an electronic commerce website. Such functionalities include:

  • Online storefront (payment processing, shipping, taxes);
  • Shopping cart software;
  • Secure Sockets Layer (SSL);
  • Database support.

The main idea of ecommerce website hosting is to provide manufacturers, retailers and entrepreneurs with the tools and services required to conduct an ecommerce business (starting from a set-up and continuing with management).

Many hosting management companies offer ecommerce hosting as an option for your business, providing additional features as email support, analytics services, SEO services, up-site warranty etc.

How to find the right provider?

For an owner of a small business, it is often quite difficult to get an understanding of pros and cons of each type of a web hosting and to choose the right hosting provider (ideally matched for price and provided services). It usually requires not just to compare prices and memory space, but also to get the idea of other services, features and functionalities you need for your business (as well as those you need not). Only after deep analysis, you can make a choice.

The first thing you should pay attention to is whether the provider you consider as your best match offers packages for small businesses. Such companies are usually more experienced in terms of what small and middle-sized businesses really need and they can offer you good options on how to upgrade your package on a later stage, with no need to debug the entire website again.

When you get deeper into the question, you will find out there are plenty of unknown terms, standards and peculiarities. Let us look on the main terms you may find:

  • Managed hosting (is a hosting managed by a hosting provider);
  • Dedicated hosting (your website is the only one on the server);
  • Shared hosting (you share the server with other businesses);
  • VPS hosting (a dedicated server within a shared virtual hosting environment);
  • Cloud hosting (hosting services provided via multiple connected servers that comprise a cloud).

All the mentioned above, are different hosting types. The main differences between all of them are control, price and performance.

NB: We have already discussed the differences and peculiarities of each of hosting types in our material “Which hosting services should I use?”.

Once you have decided on a hosting type you need to consider the in-house expertise. The options here are either to have the managed hosting plan or to manage it yourself.

What does it mean?

When you choose a managed hosting for your business – your main responsibility is to provide content and be responsible for business processes (purchase, delivery, hiring, etc.) and your hosting provider is in charge of a website (and accordingly the server) set-up, bug fixing, backups, security issues, email system, up-site, etc. However, such hosting is usually more expensive.

If you decide to choose self-management of your server, be ready to get just a management software. You will be responsible for installation of a web-server, additional features and applications, backups, security issues etc. Such option will cost you less money; however, it is most likely you will need to hire additional staff (i.e. developers) to help you manage all of the above.

Another issue we would like to pay special attention to is payment systems. As we are discussing best ecommerce solutions, you need to decide on which application for a cart and methods for online payments you will have.

For a home-based small business, it is probably no need to get into technical specifications and know-hows. The easiest solution will be enough. Nevertheless, if you have a mid-sized business or plan to grow – it would be necessary to factor PCI-compliance. On a managed hosting, you will be offered PCI DDS (Payment Card Industry Data Security Standard) by default.

To conclude

Ecommerce hosting is a hosting for your ecommerce business. There are several hosting types, depending on a level of control, performance, price and number of built-in features. All the hosting types can be managed by a hosting provider or you can manage each o them yourself. The most important features to pay attention to are:

  • Payment systems;
  • Security systems;
  • Shopping cart software;
  • SEO services;
  • Database support;
  • Email software;
  • Analytics opportunities.

Read more »



Dec
15
Easy way to check if your Magento store is secured
Posted by Anton on 15 December 2015 11:48 AM

magento_commerceThere is an easy way to check if your Magento based store (both Enterprise or Community Editions) has all the security patches installed.
Just replace {domain} and {admin path} in URL below and load it in your browser:

https://magento.com/security-patch-check/{domain}/{admin path}/https

so, if your domain is “www.mysuperstore.com” and your Magento admin is “www.mysuperstore.com/super_admin”, URL will look like this:
ex: https://magento.com/security-patch-check/www.mysuperstore.com/super_admin/https

you want to see this response:

{“status”:”ok”,”message”:”SAFE: This site appears to be safe.”}

if any patches are missing, get your IT guys or hosting support to fix it as soon as possible.
You can find more details and more options to run above check here: http://magento.com/security-patch

Some latest articles on Magento security patches:

To download security patches for Magento 1.x, go to https://www.magentocommerce.com/download
in Release Archive -> Magento Community Edition Patches – 1.x
Enterprise users can download patches from their accounts.


Read more »