Monthly ArchivesOctober 2016

The payment processing industry will stop accepting payments from sites that use versions of TLS older than 1.2.

WordPress is an excellent eCommerce solution for smaller online retailers and for selling digital products. eCommerce on WordPress usually requires the use of a payment processor. It’s almost never a good idea to take money directly — payment processors like PayPal and Stripe are experts at the complexities of handling money online, and they take care of making sure you’re able to offer credit card transactions that conform to PCI DSS regulations.

To use a payment processor, WordPress sites must offer encrypted connections to the browsers of their customers. To do that, retailers use SSL certificates so they can offer encryption and identity validation to eCommerce customers.

SSL (which should really be called TLS) relies on a complex architecture of certificate authorities and cryptographic technologies. At the heart of SSL is an algorithm crucial to keeping connections secure. Over the years, that algorithm has evolved. Each generation is replaced by a better algorithm, because weaknesses are discovered in the earlier versions. There’s at least a theoretical chance that an attacker could breach the security of early versions of the algorithm, allowing them to trick eCommerce customers.

Because of that risk, PCI DSS has mandated the older versions of the algorithm are phased out. Originally, it mandated that versions older than TLS 1.2 should not be used after June of this year. Payment processors like PayPal, which require PCI DSS certification, will follow through on the PCI DSS regulations — stores using old versions of TLS will not be able to make credit card transactions.

That’s a problem for the WordPress store owners who are still using the older version. Before you panic, you’ve got a bit of wiggle room. The PCI DSS has extended the deadline to July 2017, but some payment processors will stop accepting payments over insecure connections earlier than that.

PayPal has extended its deadline in line with the PCI DSS deadline. Stripe however, intends to stop processing payments made over “insecure” connections from July 1st 2016 for new users. Existing users get until the end of the year to make the necessary changes. Other payment processors have their own timelines, and sellers using WordPress should investigate for themselves.

If you are unsure whether your WordPress eCommerce store uses an older version of the TLS algorithm, you can use the TLS 1.2 Compatibility Test plugin to find out. The plugin, developed by Jason Coleman of Paid Memberships Pro, will check that your WordPress site uses a recent version of OpenSSL (or another library that supports TLS 1.2), runs on a recent enough version of PHP, and has other requirements in place.

Posted in:
WordPress

At some point in the life of a WordPress site, its owner will want to make changes significant enough to justify blocking access to the site. It’s not a good idea to leave a site online when major changes are being implemented. A site with rough edges looks unprofessional and visitors won’t know that it’s because you’re renovating — they’ll think that’s just how your site looks. Also, when changes are being implemented, the site is in an unpredictable state — if you’re changing code while users are attempting to execute it, the results will not be pretty.

That said, taking a site offline should be the option of last resort. It inconveniences users and can result in lost revenue. In many cases, manually entering a maintenance mode isn’t necessary. Let’s look at the alternatives, and then discuss the best options for when taking a site offline is unavoidable.

WordPress’ Built-In Maintenance Mode

When you update a plugin or theme, WordPress enters a built-in maintenance mode. It will present a brief message to inform users that the site is unavailable. You don’t have to do anything; it’s automatic. Usually updates happen so quickly that your site will only be in maintenance mode for a few seconds. If you have a very busy site, that’s a significant amount of time, but, for the most part, it’s the best way to avoid showing users inconsistent state.

As an aside, if you do an update and something goes wrong, it’s possible that your site will get “stuck” in maintenance mode. To unstick it, delete the “.maintenance” file from the root directory of your site.

Use A Staging Site

A staging site is a copy of your WordPress site on which changes are made before they’re integrated with the live site. A staging site is usually a better option than putting a live site in maintenance mode, because you’ll be able to test any changes before showing them users.

If you plan on a long process of renovation, using a staging site will allow you to play with new designs and functionality while the old site continues to serve users.

Both WP Stagecoach and VersionPress make creating staging sites straightforward.

Maintenance Mode Plugins

If you’re absolutely determined to put your site into a maintenance mode, there are plugins that will help you. WP Maintenance Mode and the pithily named Coming Soon Page & Maintenance Mode let you design an attractive maintenance mode page with a custom message. They’ll also take care of making sure WordPress sends the right response codes to web browsers and search crawlers, letting them know that the down-time is only temporary.

If you do need to take your site offline, it’s better to use a plugin than blocking access by some other method, because a completely unavailable site has negative consequences for SEO.

Posted in:
WordPress

Fall has officially started, which means one thing. You should have already started preparing your eCommerce store for the 2016 holiday shopping season. For those who haven’t started, we got together with our friends at Groove to create The Ultimate Guide to Prepping Your Magento Store for Around-the-Clock Holiday Sales. When you’re done reading the roundup, make sure to go download your free copy. Without further ado, get into the best from September below, and if you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+. Enjoy and let us know if we missed anything important in the comment section.

WordPress and Blogging

• New Guide on How to Fix Hacked WordPress Sites – Our involvement in WordPress security has always been a core part of our mission here at Sucuri. We have teams who actively lend advice on WordPress support forums to hacked webmasters. We’ve taken a leadership role by creating sections of the official WordPress Codex relevant to security.
• How to Get Your WordPress Site Indexed By Google Quickly – You’ve done it. After a lot of decisions, time and effort, you’ve managed to launch a new website, and you’re ready for the world to see it.
• 7 Things You Need to Know for WordPress Development – WordPress never fails to surprise the web development community. Over time, it has evolved into one of the best Content Management Systems (CMS) out there. And currently, it powers more than 25% of the web. Besides its popularity, WordPress is also known for usability and an easy-to-develop environment.
• A Brief Timeline of the History of Blogging – Greetings, readers. Welcome to the HubSpot Marketing Blog. We’re very happy to have you here. You might not realize it, but getting here was no easy task. Today, in 2016, I blog for a living, which is pretty great. But were it not for the long, twisty journey that got blogging to its current state, I might not be here. You might not be reading this.
• 4 Most Common WordPress Attacks, and How to Defend – WordPress is the foundation of about a quarter of the sites on the web. As such, it’s a juicy target for hackers and other criminals. If they can find a vulnerability in WordPress, they have the key to millions of sites.

ExpressionEngine

• 10 Things Every ExpressionEngine Developer Should Know – “Do they know what they are talking about?” It doesn’t matter if it’s a plumber, surgeon or web developer – if you’re looking to farm out some work the first thing you worry about is finding someone who knows how to do the job.
• Extended End-of-Life for ExpressionEngine 2 – When we released ExpressionEngine 3, ExpressionEngine 2 was scheduled for end-of-life on October 13. In this past year, we continued to offer v2 as an alternative for all new purchases, in case you had a v2 project already planned.
• Prelude to ExpressionEngine Conference – In this episode, TJ and John Henry introduce themselves, talk about what Content Managed will be about, then they look forward to the upcoming ExpressionEngine conference and talk about how important community is to developers.
• ExpressionEngine 3.4.3 Released – ExpressionEngine 3.4.3 is available today. This is a patch release with over a dozen bug fixes, some optimization, and a couple of security-minded improvements. Take a look at the changelog for the full list and download 3.4.3 today!

Magento and eCommerce

• A Technical Guide to the Magento 2 Checkout – The checkout in Magento 2 has undergone a number of improvements and changes to its visual appeal and general flow. What’s more, a total overhaul means it’s now driven with Javascript and KnockoutJS.
• 10 Proven Ways to Increase ECommerce Conversions Using Magento & Beyond – Increasing conversions. It’s what every organization wants. There are literally dozens if not hundreds of ways to improve conversions and it can become overwhelming knowing where to start. So we wanted to offer a few ideas that we’ve tried with our clients that have seen success, many specifically with Magento, but will work with any ecommerce system.
• More Than 50% of Shoppers Turn First to Amazon in Product Search – More than half of U.S. online consumers begin their product searches on Amazon.com Inc.’s website or mobile app, a survey found. That means that heading into the busy holiday season, the company is advancing its lead over major retailers like Wal-Mart Stores Inc. and search engines as the starting point for online shopping.
• New E-Commerce Checkout Research – Why 68% of Users Abandon Their Cart – We have now tracked the global average cart abandonment rate for 7 years. Sadly, little has improved in those years, and the average cart abandonment rate currently sits at 68.8%.
• Former Magento CTO and Co-Founder Yoav Kutner Talks About Magento Development – Yoav Kutner is who you will call a serial entrepreneur, a person that creates solutions in order to solve problems. His name is synonymous with Magento. Together with Roy Rubin, they created a revolution in ecommerce industry by creating Magento.
• The Countdown To The eCommerce Holiday Season Starts Today – The holiday season is the busiest time of the year for eCommerce retailers. As we head into Fall, it’s time to start preparing your eCommerce business to make the most of the biggest shopping season of the year.

This month we’ll leave you with a video that reimagines what Excel can be.

Posted in:
Monthly Roundups