Ecommerce merchants are usually very quiet about their servers getting hacked. Obviously, they face some serious legal liabilities in situations like this, and the potential for lost sales if their customers lose faith in them. This may be good for business on the one hand, but it’s really bad for business on the other. Sharing security information with people who need it helps us all. We just faced a hack that didn't impact our business in any way, so I want to share it to help other people. I hope it's useful to other merchants.
I’m working on our Magento 2 upgrade right now, two months before its release. Why am I so bullish, when so many other merchants and agencies are taking a “wait and see” approach? Risk and return. It’s that simple.
Anyone who’s lived through as many painful upgrades as I have is nervous about change. When your business depends on an operating system or software platform, you never rush to upgrade. The initial version will be buggy. Once you upgrade, it’s hard to roll back. You don’t know what the new version is really like before it’s released. So you wait until the release. Then you check it out. And you wait. You wait for all the idiots who rush in to find the bugs. You wait for the company to issue patches. Then you start to plan an upgrade. You roll out slowly. No rush. Why break what’s working?
I recently discovered the great little gem. Pop in your Magento store URL and hit 'Scan' and it will check for known security issues that can be determined by hitting your website.
The great thing is that, since it was released, the authors have expanded it to add additional checks, and there's e...
Another wonderful Magento security resource! This spreadsheet lists Magento CE and EE versions and shows which patches need to be applied to keep your store secure.
Note that there are separate tabs for Enterprise Edition and Community Edition at the bottom. Make sure you pick the right one, as...
We implemented the TrustPilot review system this year. When evaluating review systems, there were a lot of claims of how great they were. But it was difficult to really know what the impact would be, and costs varied wildly. Our primary aim was to increase clicks on our Google AdWords ads, but clearly there was no way to know the outcome in advance. Would it be worth it?