CAll Us: +1 888-999-8231 Submit Ticket

Magento Introduces Magento DevBox — A New Local Development Environment

DevBoxLocal development of any web application can be complex, especially if the developer works on several projects at the same time. To make it easier for developers to get up-and-running with a standardized Magento installation on their local machine, Magento has released Magento DevBox Beta, a Docker-based tool for local Magento development.

If you’re not familiar with Docker, it’s a lightweight alternative to virtual machines. Each Docker container is a complete isolated server environment with its own filesystem, libraries, and applications, but sharing the kernel of the host operating system (or in the case of non-Linux machines, a lightweight virtual machine running on the host).

Containers are very fast to start and consume fewer of the host machine’s resources, making them the perfect option for building replicable, isolated development environments that can be shared.

The benefits of using a tool like Magento DevBox instead of installing Magento onto the developer’s laptop include:

  • Fast creation of a development environment that doesn’t interfere with the developer’s local environment, something that can be a real headache when you need to install different versions of libraries than those the host system relies on.
  • A consistent and easily replicated development environment that can be shared between everyone working on a project. This is a big win for teams working on a Magento site. Every developer can have exactly the same development environment, avoiding all the “but it works on my laptop!” problems.
  • Everything the developer needs, installed in seconds. That includes Magento itself, the web server, database, Redis, Varnish, Elastic search, RabbitMQ, and everything else that might be needed by a project. Because the containers are entirely self-contained, developers are free to choose which versions they install.

DevBox configuration is handled via a web interface. Developers choose the mix of settings they want and the result is a zipped file that can be used to launch a local Magento environment. The project source files — everything needed to recreate the site in testing and production — are kept outside of the container on the local file system.

Although there are already plenty of tools that achieve more-or-less the same thing as Magento DevBox, its introduction is a positive move for the Magento developer community. As Magento grows more complex, significant amounts of developer time are wasted creating and maintaining local development environments. DevBox is built by the people who know Magento best and will be promptly updated as Magento development continues.

It’s worth stressing that Magento DevBox is still in beta, although I experienced no problems with it. If you’re a Magento developer, or anyone interested in having a Magento installation to play with on your local machine, Magento DevBox is definitely worth a look.

Posted in:
eCommerce, Magento

Source link

Google AMP Adds Automatic Image And Low-Bandwidth Optimizations

Google AMPGoogle’s Accelerated Mobile Pages has been widely adopted by news sites, blogs, and eCommerce merchants. There is a thirst for faster sites, and AMP fills the niche nicely, offering publishers and retailers a ready-made solution to slow mobile sites.

AMP is still under active development, and Google recently released a new version with features that depend on Google’s caching of AMP content. In addition to specifying the content a page can include, AMP also provides a global caching mechanism using Google’s vast network. Because the files are cached on Google’s servers, the company can process them and serve optimized versions that further improve performance.

The most important new feature is image optimization. Images make up a large proportion of the bandwidth consumed by most web pages and many aren’t properly configured and optimized for mobile devices.

AMP now takes care of optimization when serving images to mobile devices. The optimizations are the same as those implemented by tools like ImageOptim. JPEGs are re-encoded with a quality rating of 80, which can significantly reduce their size without degrading their appearance substantially.

Some metadata and extraneous features like embedded thumbnails are removed, and the images are aggressively compressed. In some cases, the images are converted from JPEG to WebP, a format that often produces smaller images than equivalent quality JPEGs. WebP isn’t supported on all browsers and AMP will only serve WebP images where it makes sense.

If the site doesn’t already implement the srcset attribute on images — allowing browsers to choose the most suitable image size for the device — Google will add the right srcset attributes, ensuring that devices don’t download larger images than necessary.

For most AMP users, this is good news: their sites will be faster and their users benefit from lower bandwidth consumption. Some site owners, though, may want to take a close look at what AMP is doing to images, particularly photographers and those who prefer to have complete control over the appearance of images.

In addition to the introduction of image optimization, Google has also introduced AMP Lite, an even stricter version of AMP intended to be used in areas with very low bandwidth availability. AMP Lite optimizes images even more aggressively (50% quality) and performs other bandwidth reducing measures like the optimization of external font loading so that pages become usable more quickly.

As I’ve said before, Google AMP does nothing site owners can’t do themselves if they’re serious about performance optimization. A well-optimized website coupled with a content distribution network and caching can achieve much the same results, but AMP does offer a shortcut to a faster site, reducing the amount of work site-owners have to do.

If you’re a WordPress user interested in using AMP on your site, Automattic develops the Google AMP WordPress Plugin, which integrates well with existing sites and themes.

Posted in:

Source link

WordPress Update Fixes Critical PHPMailer Vulnerability

PHPMailer VulnerabilityWordPress 4.7 was released towards the end of last year and brought with it a host of new features, including a new default theme, theme starter content, and REST API content endpoints.

As is usually the case with a major new WordPress version, WordPress 4.7 was closely followed by a minor release with bugfixes. WordPress 4.7.1 also includes a number of fixes for potentially serious vulnerabilities. WordPress users should update at their earliest convenience to ensure that their sites are safe.

The headline vulnerability is one that has caused serious problems for a number of PHP-based applications, but which left WordPress largely unscathed. PHPMailer is an email library used on millions of servers — in fact, it’s billed as the most popular email sending library in the world and almost every major PHP application that includes email functionality uses it, including Drupal, Joomla!, and WordPress.

Late last year it was discovered that PHPMailer contained a serious remote code execution vulnerability. I want to emphasize that there’s no evidence this vulnerability is being (or could be) actively used against WordPress sites. Major plugins have been checked and they’re unaffected too.

Nevertheless, it’s never a good idea to leave known vulnerabilities in play; it’s entirely possible that less-popular plugins aren’t so resilient, so a speedy update is the best course of action.

The vulnerability had the potential to allow anyone to remotely execute code on a server by sending an email. PHPMailer did not properly sanitize input and passed some parts of emails to the shell without making any code it contained inert. By embedding shell script in the sender field of an email, an attacker could cause it to be executed on the server.

In addition to the PHPMailer problem, several other vulnerabilities were fixed, including a couple of cross-site scripting vulnerabilities. Cross-site scripting vulnerabilities could allow an attacker to embed JavaScript code within a web page. When a user opens the page, the code is executed and has access to session information for that user, including their authentication cookie. If an admin user runs the code, the attacker may be able to take control of the site.

Finally, WordPress 4.7.1 fixes a information leak problem with the REST API.

If your site has automatic updates turned on, you don’t have to do anything — minor updates are applied automatically. But if you have automatic updates turned off, be sure to manually update to the most recent version of WordPress.

Posted in:
Security, WordPress

Source link

Google’s Interstitial And Pop-Up “Penalty” Is Live

GoogleLast year, Google announced it would downrank web pages that obscure content when users arrive from search results on mobile. In September, Google said it would implement the changes in January 2017, and here we are.

Google doesn’t want to send mobile users to sites that offer a poor experience. They already have signals to alter the ranking of slow sites and sites that aren’t designed to function well on mobile. The move against elements that obscure content is another plank in Google’s strategy to nudge site owners towards prioritizing the mobile web experience.

Although the new signal is being called a penalty, it isn’t really. It’s one signal of page quality among hundreds Google uses to decide where a page should appear in mobile search results.

Google has been unusually clear about what will cause a page to take a ranking hit. It includes interstitials, pop-ups, and anything that pushes content off the screen. The goal is mobile web pages that immediately present the content users visited the site for in the first place.

As advertising revenues decline and users adopt ad-blockers, publishers are desperate for other sources of revenue, which often leads them to implement promotional strategies that annoy users.

Interstitials are a prime example. Interstitial pages are web pages presented to the visitor before they can move to their intended destination. The Forbes website is a famous example of interstitial pages used to display advertising. Many site owners also use interstitials to promote their mobile apps.

We’re all familiar with pop-ups, although today they’re more likely to be modal pop-ups than the windowed pop-ups of old. Pop-ups are an effective way to gather user information like email addresses — they’ve proven to have higher conversion rates than forms in sidebars and elsewhere on the page.

Also included is content that appears at the top of a page and pushes the other content below the fold. A number of prominent media sites allow the page to load, and then display what’s essentially a full-page ad by pushing the rest of the content off the screen, forcing users to scroll or click to close the ad.

For the most part, Google will downrank sites that obscure content when users transition from search results pages. Exit intent pop-ups — displayed when a user makes a sign they’re about to leave the page — don’t attract Google’s ire. But site owners should be careful. The wording of Google’s announcement implies that delayed pop-ups that obscure content while the visitor is reading or watching it are also verboten. Site owners are unlikely to get around the rules by waiting a few seconds and then showing a pop-up.

The new signal is applied on a per-page basis, which means publishers can be judicious about which pages they display popups on. They might choose to remove interstitials and pop-ups from particularly important or popular pages.

Posted in:

Source link

Drizzle Is A Micropayments Platform For WordPress

DrizzleMonetizing WordPress blogs has become increasingly difficult over the last few years. If you want to blog for a living, throwing up a few Google AdWords units next to your content is unlikely to cut it unless you have a huge audience — and even if you do, ad-blockers will take a bite.

There are, of course, plenty of alternatives. Native advertising — of which sponsored posts are a popular example for bloggers — has the potential to earn decent revenue. Membership sites with subscriptions are another option. Some of my favorite bloggers have taken this route and are doing well with it. And then there are the less savory techniques like paid reviews.


Micropayments are another option bloggers have to monetize content. Users pay a small amount, typically less than a dollar, to access premium content. There are no recurring fees, which is both good and bad. It’s good for users who don’t want to increase the number of site memberships they’re paying for. But for bloggers, it may not be so great: recurring revenue is hugely important to anyone who makes a living blogging — it helps create at least a little consistency and security.

Micropayments don’t work for every blogger. If you’re a blogger who publishes frequent, short articles, it’s unlikely users will be willing to pay by the article. But, if you publish longer, in-depth articles, or articles that are particularly valuable within your niche, micropayments may be a viable option.


Drizzle is a micropayments platform that aims to make it easy for bloggers to set up micropayment paywalls on their site. Drizzle provides a plugin for WordPress users, and once it’s installed and you have created a Drizzle account, implementing micropayments is as simple as setting a few options and wrapping content in a shortcode. It works for any content you publish on your WordPress blog, including text, podcasts, and video.

Drizzle is a third-party service, which means users have to sign up for a Drizzle account to access paywalled content. The sign-up process is simple, but it might be off-putting to users who just want to support your blog.

A quirk of using Drizzle is that you don’t get to set your own price for access to content. The price charged by Drizzle is determined by the popularity of your content within the Drizzle platform. All articles start at $0.20, and, if they prove popular, the price is hiked to $0.40, or $0.80 for the most popular content. Drizzle doesn’t take a cut of that, but it does add a fee on top which is charged to the user.

Drizzle also allows users to pay a regular subscription if they’d like to access all paywalled content.

If you think micropayments are a viable option for your site and you don’t want to deal with the technicalities of managing them, Drizzle is worth looking at. If you’d prefer to retain full control of the process, and don’t like the idea of asking your users to sign-up to a third-party service, check out Pay Per View from WPMU Dev.

Posted in:
Content, WordPress

Source link

WordPress Asks For Feedback On Rewritten Plugin Guidelines

WordPress Plugin GuidelinesIf you develop plugins for WordPress, you’ll be aware of the controversy caused by the removal of plugins from the repository for breaches of its guidelines.

Many such incidents are caused by developers stepping over the line with “growth-hacking” or data collection, a prime example being incentivized reviews. Some developers offer free or discount premium upgrades if users agree to review their plugins. Obviously, incentivized reviews are harmful — who can trust a review that’s been paid for.

However, the guidelines have never been sufficiently clear about what constitutes unacceptable behavior and enforcement has been inconsistent. In the absence of clear guidelines, enforcement by the repository team can seem arbitrary.

In an effort to help plugin developers understand what is and is not acceptable, the repository team has revised and expanded the guidelines. The new guidelines have been published on GitHub so developers and other interested parties can review them and submit commentary and pull requests.

The content of the guidelines won’t come as any surprise to experienced developers — plugin code must be GPL compatible, for example — but they make concrete rules that were previously vague or implied.

Some of the guidelines developers should be aware of include:

  • No use of external JavaScript. With the exception of SaaS plugins, Javascript and other resources should be part of the plugin rather than being loaded from an external server or CDN.
  • Don’t push updates too frequently. The WordPress Subversion repository should be considered a release repo, not a development repo. Excessive updates may be considered an attempt to game the Recently Updated list.
  • No user tracking without explicit opt-in. This issue has caused problems for a number of plugins of late. The message here is simple: don’t do anything to to track users without their explicit permission.
  • No illegal, dishonest, or morally offensive behavior. This is the broadest guideline, and it includes behavior like incentivized or fake reviews, attempting to exploit loopholes in the guidelines, and SEO trickery.

Explicit and comprehensive guidelines have been a long time coming, but better late than never. The vast majority of WordPress plugin developers understand the limits of reasonable behavior. But an ecosystem as big as WordPress’ is bound to attract bad apples who want to exploit the enormous user base.

The clarified guidelines give moderators and the repository team a useful tool to combat malicious behavior without getting involved in endless logic-chopping arguments about what is acceptable.

Posted in:
Content, WordPress

Source link

Why Are So Many WordPress Users Stuck With Old Versions Of PHP?

PHP 7PHP 7 is a clear win compared to earlier versions of PHP, yet, unlike Hostdedi, many WordPress hosts haven’t upgraded. It’s difficult to get a clear view of the exact adoption rates of PHP 7, but according to figures from Jordi Boggiano, developer of Composer, PHP 7 adoption rates are hovering around 20 percent, with nearly 40 percent of PHP sites based on PHP 5.6, 30 percent on PHP 5.5, and, worryingly, a substantial number based on even older versions.

WordPress accounts for about a quarter of all sites on the web, far more than any other PHP-based content management system or web framework. Many of the PHP 5.6 and older deployments are hosting WordPress sites.

PHP 7 offers numerous benefits compared to older versions of PHP. It’s faster, it introduces new features, and by the end of this year, it’ll be only actively developed version. There are a few reasons the vast majority of WordPress users are stuck on older versions, and most of them have to do with shared hosting companies not doing their job properly.

The speed benefits PHP 7 brings are not negligible. We should always take benchmarks with a pinch of salt, but testing has shown a 2-3 times performance increase for a WordPress site based on PHP 7 compared to one based on WordPress 5.6. That doesn’t mean your WordPress site’s pages will load three times faster, server-side processing is only one part of getting a web page loaded in a browser, but it’s a big part.

WordPress has occasionally been criticized as intrinsically slow, but that’s never been the case for a properly configured WordPress installation, especially when compared to the other benefits it brings. WordPress was limited by the performance of the underlying PHP engine, but with the release of PHP7 , many of the historic problems with PHP were solved.

The web is always slow to change. The vast majority of WordPress sites use low-cost shared hosting, and many hosting providers don’t have the right incentives to upgrade their platform. Even though PHP 7 is more-or-less a drop-in replacement for earlier versions, there’s some work to be done, and the majority of shared hosting providers simply haven’t made the effort, in spite of the obvious advantages to their users.

PHP 5.5 support ended last July, which means it’s no longer under active development, and, even worse, it’s no longer getting security updates. Any vulnerabilities in that version of PHP will not be fixed. PHP 5.6 will be actively supported until the end of this year, and will receive security updates for another a couple of years, but given the obvious benefits of upgrading, why are WordPress hosting providers holding back?

Hostdedi cares deeply about the performance of all of its WordPress hosting plans, which is why we’ve supported PHP 7 on WordPress (and Magento) since it was released.

Posted in:
Content, WordPress

Source link

You Should Invest In Longform Content In 2017 — Here’s Why

Longform ContentWeb content wisdom has long held that shorter content is better because web users have limited attention spans – something that supposedly applied even more strongly for mobile web users. But over the last couple of years long-form content has garnered significant attention.

Long-form is a fuzzy category, spanning everything from 20,000-word ebooks to 3,000-word blog articles, but there’s one thing that long-form isn’t: the typical 500-word blog post.

Blogging, especially on business blogs, seems to have settled at around 500 words as a standard length. I’m a freelance writer, and many of the clients I work for prefer content of this length. It’s quick to write, doesn’t require a lot of research, and, perhaps most importantly, it’s not as expensive as long-form content.

However, there are definite advantages to investing in longer content, not the least of which of is that there are many thousands of short blog posts published every day, but long, in-depth writing is still something of a rarity in the business blogging world. Longer, more valuable posts stand out from the crowd.

It’s worth mentioning upfront that it’s not the length of long-form that makes it effective, it’s the opportunities having more space affords. Taking a blog topic and research suitable for a short post and inserting waffling filler text so that it looks like long-form content won’t be effective.

Greater Opportunity To Establish Authority

There’s only so much you can do or say in 500 words. If you’re an expert in your subject, or have researched it deeply, 500 words can be incredibly limiting. It gives you no room to make complex arguments and explore ideas fully. The best you can hope for is a simple assertions and a gesture in the direction of some data. That’s not ideal if your aim is to demonstrate expertise and authority to attract users or customers.

Longer Content Ranks Better

According to recent research from Backlinko, pages in the first place on Google’s search results have an average length of 1890 words and longer content tends to rank higher.

Intuitively, that makes sense. Google prefers to send its users to valuable in-depth content, and longer articles are more likely to have those qualities. Longer articles also give Google more information for indexing, allowing its algorithms to get a clearer idea what the text is about.

Additionally, the longer content is – providing it’s of sufficient quality – the longer people will stay on your site.

Long Content Is More Shareable

Which would you rather share, a short and shallow article or a long and considered article that offers novel insights and genuinely useful information? Short content is sharable, but longer content is more likely to be shared by educated, well-off people – exactly the people many businesses want to reach.

Long-form Isn’t the Only Good Content

Although I’m definitely on the cheering squad for long-form content, I should make it clear that there’s nothing intrinsically wrong with short content. There’s a place for everything from tweets to tomes, but each category has distinct advantages, and it’s a mistake for businesses and content marketers to fail to exploit those advantages because short content is “the way it’s done” or because it demands a greater investment.

Posted in:

Source link

What Does the Bluefoot Page Builder Acquisition Mean For Magento Enterprise Users?

Bluefoot Page BuilderTowards the end of last year, Magento announced that it had acquired the technology behind the Bluefoot CMS and page builder. The acquisition is intended to enhance Magento’s existing page-creation features and make it easier for eCommerce merchants to build and deploy bespoke product and landing pages on their stores.

Bluefoot, a young project which was launched early last year, has proven popular with the Magento community. There are several alternative page-builder extensions available for Magento, but Bluefoot combines an intuitive experience with deep integration into Magento’s product management features.

If you’re familiar with page builders, you won’t have much trouble envisioning the functionality Bluefoot provides. The interface offers a number of content blocks, including blocks for arbitrary content and media, as well as blocks for products in the store’s catalog.

Building a new page is as simple as dragging blocks onto the page and arranging them as appropriate.

The major benefit of a page builder is that it allows merchants to quickly create and deploy bespoke pages without requiring any understanding of PHP or Magento’s template system. Without a page builder, merchants were fairly limited in how creative they could be with page layouts unless they were able to edit their theme directly.

This is particularly useful for building pages related to ongoing promotions. A store owner might, for example, choose to build a bespoke landing page for a Facebook promotion, integrating the content and products displayed on the the page with promotional creative displayed in posts on Facebook. The ability to quickly build and deploy new custom pages empowers merchants to implement cohesive promotional strategies.

Bluefoot is designed to be extensible, so if you do have an understanding of PHP, it’s straightforward to modify the content blocks and functionality on offer through the drag-and-drop interface. That’s particularly useful for agencies, who can add new functionality to Bluefoot and make it available to their clients.

The functionality exposed by Bluefoot won’t make Magento developers and professionals superfluous, but it will make it much easier for Magento merchants to create compelling and creative pages without having to call in a developer.

It’s not yet clear exactly when the functionality will be available in Magento Enterprise Edition or whether it’s coming to Magneto Community edition at all, but we can expect to see the drag-and-drop technology made available in Magento EE in the near future.

The acquisition of Bluefoot is an interesting example of Magento’s initiative to invest in technologies the company believes can enhance the experience of Magento users and shoppers. The goal of the investment strategy is to accelerate Magento along the company’s roadmap, and this most recent acquisition bodes well for the future of Magento and the company’s dedication to creating a modern and flexible eCommerce experience.

Posted in:
eCommerce, Magento

Source link

Amazon’s Holiday Lockdown Of FBA Was Great For Established Retailers

AmazonTowards the end of 2016, Amazon announced that the company’s Fulfillment by Amazon service would not be available to new retailers during the holiday season. If a retailer hadn’t sent their first shipment by October 10th, they had to wait until December 19th to start shipping. The restrictions meant that new and seasonal retailers missed out on the bulk of holiday season shopping.

Fulfillment By Amazon is a hugely popular service for smaller eCommerce retailers. It allows retailers to outsource one the most time-consuming and tricky-to-manage aspects of eCommerce to a company with extensive infrastructure and an established reputation for getting fulfillment right. And, of course, it allows Amazon to generate revenue from goods sold by other merchants.

But even Amazon can’t cope with the huge increase in demand for its warehousing services during the holiday season. That’s partly because demand from established retailers sky-rockets in November and December. But it’s also because many new retailers that only sell during the holiday season create ephemeral eCommerce businesses that leverage Fulfillment By Amazon.

In previous years, the combination has meant that Amazon had limited ability to store goods from established retailers and seasonal retailers alike, directly impacting their ability to order, store, and deliver goods to customers.

But, last year, established merchants had a clear run. Because the new rules were announced fairly late in the year, many ephemeral retailers were caught out and were unable or unwilling to start making shipments much earlier in the year. Although, unavoidably, FBA was pushed to its limits during the holiday season, established merchants enjoyed a better experience than in previous years.

The limitations on seasonal retailers weren’t entirely new last year; Amazon has had the same rules for products in the toys category for a number of years, but this was the first year those rules had been applied more widely. Amazon has signaled that it’s likely to implement the same arrangement in the future.

Seasonal eCommerce merchants are a huge part of the eCommerce economy. For many retailers, it simply doesn’t make sense to run and manage a store all year round — especially when there’s almost no chance of that store generating a profit for most of the year. In fact, the myth of Black Friday’s origin focuses on this: Black Friday is the day stores that are usually in the red balance the books.

Setting up a complex fulfillment operation for seasonal eCommerce isn’t economically viable, which is why FBA is so popular with seasonal merchants. It’s likely that if Amazon continues this policy, seasonal merchants will look elsewhere for fulfillment or be forced to alter their business model.

Posted in:

Source link