CAll Us: +1 888-999-8231 Submit Ticket
How to Get 73% More Shoppers with Product Videos

How to Get 73% More Shoppers with Product Videos

How to Get 73% More Shoppers with Product Videos

Photo by Arcaion on Pixabay

Whether you’re using WooCommerce, Magento, Shopify, or any other platform, one thing remains the same: ecommerce design is about the customer. You want to design your online store around the preferences of your shoppers — that’s how to raise conversion rates. And what do shoppers want? They want product videos.

These statistics from HubSpot make a pretty compelling case. Of the people polled…

  • 71% think video explains the product better.
  • 58% view companies with product videos as more trustworthy.
  • 46% will shop at a brick-and-mortar store if a product video is unavailable.
  • 73% more shoppers buy items after watching a product video.

It makes perfect sense if you think about it: videos partially circumvent some of the biggest disadvantages of ecommerce. There’s a lot of fear around buying products online because you’re never exactly sure about what you’re getting. Photos and images are one thing, but actually holding the product in hands before buying is another.

Videos help shoppers understand the product better. They show the product from multiple angles and in motion, giving insights into size, weight, mobility, and texture that photographs alone cannot. In fact, 57% of consumers say that videos reduce ambiguity, and as a result lower both customer dissatisfaction and the rate of returns.

Moreover, how-to videos can explain how to use a product. Seeing just an image, a shopper may have a million questions about the features or controls; they may not even bother asking your customer support because they could just go examine the product at a brick-and-mortar store.

But with a product video that doubles as an instructional video, all their questions are answered. You may even earn repeat visits; after the product is ordered and delivered, the customer may return to the product page to rewatch the video (which also increases the likelihood of them giving a rating/review).

Videos are also advantageous to search engine optimization. A 2015 Searchmetrics study showed that video appears in 14% of search engine results. That means if people are searching for a product you offer, having a product video could give you an advantage over your competitors. That statistics is from 2015, too — imagine how much stronger videos have become in SEO during the last two years.

As a visual artform, videos form stronger emotional bonds with shoppers than static photos. Moving images and animated facial expressions convey the target emotional atmosphere much more effectively. Imagine a still image of a child running to their mother compared to a live-action video. Which do you think is more likely to incite the emotional spark needed to make a sale?

Last, videos are easy to share on social media. This makes them a valuable marketing tool; every new share is free advertising, not to mention a vote of confidence. People tend to trust the recommendations of their friends, so if they see someone they know sharing your video, it makes your entire brand seem more appealing.

On the downside, videos tend to be more expensive to create than other media. Still, you should create ones for as many products as you can afford. The statistics above don’t lie: more product videos means more sales.

Questions? Suggestions? We want to hear your thoughts, so share your opinions below in the comments section now.

Posted in:
eCommerce

Source link

Are WordPress Plugins Safe?

Are WordPress Plugins Safe?

Are WordPress Plugins Safe?

Photo by Renatto Mora on Unsplash

Over the last couple of months, we’ve seen several incidents of previously trusted plugins being infected with malware by malicious developers. Plugin vulnerabilities are nothing new: developers make mistakes and those mistakes have consequences for security. But many of the recent attacks involved the deliberate introduction of malicious code.

Does that mean we can’t trust WordPress plugins? I’d advocate an approach of trust, but verify — and of making sure you keep yourself apprised of the potential risk.

Earlier this month, Wordfence reported that zero-day vulnerabilities in three popular plugins were being exploited to inject SEO spam into WordPress pages. The Display Widgets plugin was sold to a developer who added a backdoor that was also used to inject SEO spam.

Anyone who had installed these plugins from the official repository would have had their site infected. Attacks of this sort are known as supply-chain attacks. Rather than trying to compromise hundreds of thousands of sites, the attackers focus on software they know is installed on those sites. It’s easier to buy a plugin or compromise a download server than it is to attack the sites directly.

It’s worth emphasizing that this is a rare occurrence. Although a cluster of malicious plugins has been discovered in the last few weeks, it’s a problem that only affects a handful of the tens of thousands of free plugins available to WordPress users.

The WordPress Plugin Repository team has a challenging set of responsibilities: there are over 50,000 free WordPress plugins and it is next to impossible to monitor every one for malicious code. In spite of those obstacles, they do a fantastic job. Malicious plugins are quickly removed from the repository when vulnerabilities are discovered. Given the popularity of WordPress, it’s a testament to the team that this doesn’t happen more often.

But that’s not especially comforting to site owners whose WordPress sites start spewing spam. The sad truth is that any popular project will be targeted by criminals. There is always a risk and anyone running a website has to be aware of that risk.

What can site owners do to keep their sites safe? Regular updating is still the best protection against security risks. Without updates, nothing gets fixed. Beyond that, keep an eye on WordPress blogs that report on plugin security vulnerabilities. Among the best are:

Additionally, a Web Application Firewall (WAF) like those provided by the WordFence Security Plugin and the Sucuri Security Plugin can mitigate the risk even when a vulnerable plugin is installed.

The WordPress team is discussing solutions that integrate security warnings into the WordPress dashboard. There is currently no way to inform site owners when a plugin is removed from the repository for security reasons. Until that initiative yields a useful solution, WordPress site owners might want to take a look at Plugin Security Scanner, a plugin that scans for vulnerable plugins and emails the site owner.

Posted in:
Security, WordPress

Source link

WordPress 4.9 Beta Is Ready For Testing

WordPress 4.9 Beta Is Ready For Testing

WordPress 4.9 Beta Is Ready For Testing

Photo by Taylor Grote on Unsplash

The next release of WordPress has entered the beta phase, which means it’s ready for testing by WordPress hosting clients who want to check out the new features, test for plugin and customization compatibility, and give the developers a hand tracking down bugs.

WordPress 4.9 focuses on improvements to the Customizer, adding some nice features that will make life easier for WordPress professionals and users alike.

If you’d like to take WordPress 4.9 for a spin, you can download the beta code or use the Beta Tester Plugin to update an existing installation. As ever, keep in mind that WordPress 4.9 is not fully cooked and will almost certainly break your site. Installing beta software on your main production site is a very bad idea. If you want to try the beta, install WordPress on your local machine or on a dedicated testing account.

If you find any bugs, take a look at the project’s guidance page for bug reporting, which includes a link to the WordPress bug tracker.

Let’s have a look at some of the new features that need testing.

Customizer Enhancements

With WordPress 4.9, the Customizer gains a new button that allows site owners to save their customizations as a draft, publish them to the site immediately, or schedule them for publishing at a later date.

If that sounds familiar, it’s because customizations (referred to as changesets by the project), now behave a lot like WordPress posts. Those working on making changes to the appearance of their site can save their work and come back to it later or discard it. Most interesting is the scheduling of changes: many WordPress professionals don’t want to apply changes to a busy site, but nor do they want to have to be available to apply them when the site is quiet — WordPress pros like sleep too.

Scheduled customizations will also be useful when design changes associated with promotions and other time-sensitive customizations need to be applied as part of a broader promotional strategy. WordPress professionals can queue up their changes and have them go live at exactly the right time.

Perhaps most interesting is the ability to share links to Customizer previews. The links allow people who aren’t logged in to preview changes on the front-end. This will be hugely useful for designers and professionals who want to give clients and other interested parties a look at the changes, without having to replicate them on a live site or provide access to the site’s back-end.

Other Changes

Enhancements to the Customizer are only the headline feature. There are many smaller changes and improvements for both WordPress users and developers, including the addition of a new gallery widget, support for shortcodes and media in text widgets, and better video embedding support. Developers will be particularly pleased with the integration of the CodeMirror code editor to the theme and plugin editor, the CSS editor in Customizer, and the Custom HTML widget.

Posted in:
WordPress

Source link

Critical Vulnerability Breaks WiFi Security And Puts Hosting Clients At Risk

Critical Vulnerability Breaks WiFi Security And Puts Hosting Clients At Risk

Critical Vulnerability Breaks WiFi Security And Puts Hosting Clients At Risk

Photo by rawpixel.com on Unsplash

A critical weakness in the protocol used to protect WiFi connections can be exploited to decrypt any data traveling between a WiFi client and the router it is connected to. Some variant of the Krack Attack vulnerability is present in nearly every WiFi device in the world. Unlike many vulnerabilities, this one isn’t the result of a bug in a specific implementation of the software, but a flaw in the WPA2 standard that developers base their implementations on.

The immediate consequence of the vulnerability to Krack Attacks is that WiFi networks cannot be trusted. Most of us are familiar with the idea that open WiFi networks we don’t control should be treated with suspicion — sending unencrypted sensitive data from a coffee shop isn’t a good idea. But the new vulnerability means that even WiFi networks we do control can’t be entirely trusted because of the flawed security protocol.

It’s not easy to exploit the vulnerability: the attackers have to be connected to the same WiFi network, but the risk is still significant.

It should be pointed out that WPA2 only handles data that travels between the client — a mobile device or laptop — and the wireless router. If data is also encrypted with a different protocol at a different level of the network stack, that encryption is unaffected. The flaw in WPA2 does not mean that people can intercept and decrypt information sent over SSL-secured connections.

Mitigating The Risk Of Krack Attacks

We expect fixes for routers and client devices and applications will be made available as soon as possible. As ever, updating your devices is the best way to mitigate the impact of this vulnerability.

As I’ve already noted, users of websites and eCommerce stores protected by SSL certificates have an additional layer of protection that will prevent an attacker from reading sensitive information even if they can decrypt the WPA2 connection.

All Magento stores should be protected by SSL certificates — payment gateway services use SSL by default, but without an SSL certificate for your Magento store, other sensitive information can be observed by an attacker. Responsible eCommerce merchants protect their customers with SSL certificates.

One scenario in which both Magento and WordPress site owners are at risk is when carrying out work on a site over an unencrypted connection: FTP is a common example. If an outside contractor or developer is working on your site from a WiFi network vulnerable to a Krack Attack, there’s nothing to protect sensitive data.

We offer OpenVPN virtual private networks for WordPress dedicated server and Magento dedicated server hosting clients to allow site and store owners to grant secure access to third-parties. Once logged in to an OpenVPN network, all communication is encrypted, protecting data even if it travels over a vulnerable WiFi network.

Learn More About Krack Attacks

Krack Attack stands for Key Reinstallation Attack, and it exploits a flaw in the 4-way handshake that takes place between a WiFi client and a router. When your device connects to a wireless router, a conversation between the devices sets up a shared encryption key that is used to encrypt subsequent traffic.

Krack Attacks trick WiFi clients into reinstalling a key that is known to the attacker. A key should only be able to be installed once: if an attacker can force the same key to be reinstalled, they can, along with other information collected from the network, decrypt the connection. You can see the full details of how this works on the Key Reinstallation Attacks website.

Posted in:
Magento, Security

Source link

WordPress.org, The WordPress Foundation, and Automattic: What’s The Difference?

WordPress.org, The WordPress Foundation, and Automattic: What’s The Difference?

WordPress.org, The WordPress Foundation, and Automattic: What’s The Difference?

Photo by matthaeus on Unsplash

Most users of WordPress aren’t interested in how the sausage is made, and rightly so. But those who are interested in the history and management of WordPress often find the many organizations and sites involved confusing. The confusion is understandable: these organizations are usually mentioned with little explanation of who is involved and what they do.

I’m talking about three organizations in particular: WordPress.org, The WordPress Foundation, and Automattic, which are frequently written about in connection with another name, Matt Mullenweg. Let’s have a look at each of these in turn.

Matt Mullenweg

Matt Mullenweg is one of the founders of WordPress, which is now developed under the auspices of the WordPress.org community. Mullenweg is the CEO of Automattic. He’s the founder and principal officer of the WordPress Foundation. And he’s currently the lead developer of the WordPress project. As you might imagine from that list of positions, Mullenweg is the single most influential person in the WordPress world, which is natural since he created WordPress (along with co-founder Mike Little, who is less prominent in the community).

Automattic

Automattic is a web services company, founded by Mullenweg to exploit the commercial potential of WordPress and related projects. WordPress itself is free and open source, but Automattic provides a number of services based on WordPress (like WordPress.com) and that serve the WordPress community, like the VaultPress backup service and the Jetpack plugin collection.

WordPress.org

WordPress.org is the home of the open source WordPress project. It’s where the development of WordPress takes place, largely powered by volunteer contributors. It’s where WordPress users go to get free themes and plugins. It’s also the best source of WordPress support for self-hosted sites, because much of the WordPress community gathers around WordPress.org.

If you host WordPress with a web hosting company like Hostdedi, you’ll interact with WordPress.org often because it’s the center of the WordPress project and the wider community.

It’s important not to confuse WordPress.org and WordPress.com. The latter is a commercial service offered by Automattic.

The WordPress Foundation

Most users of WordPress will have little to do with the WordPress Foundation, but it’s useful to understand what it is and the role it plays in the WordPress ecosystem.

The WordPress Foundation is a non-profit organization designed to oversee the development of WordPress and to ensure that WordPress and a few other projects remain free and open source.

The WordPress Foundation has another significant role in the community: it holds the trademarks for WordPress and other related trademarks. These were originally owned by Automattic, but were donated to The WordPress Foundation because Mullenweg felt that the WordPress project shouldn’t be entirely dependent on one individual or company.

It’s worth mentioning the WordPress Foundation is protective of its trademarks, and doesn’t let any other organization use “WordPress” in its domains or name. Unless you want to end up on the wrong side of the WordPress Foundation, avoid using the name “WordPress”. The Foundation encourages publishers and developers to use “WP” instead.

The average WordPress user doesn’t need to know about any of this, except perhaps WordPress.org, but hopefully we’ve answered some of your questions about the organizations you’ll see frequently mentioned in articles about WordPress.

Posted in:
WordPress

Source link

What Is A Drive-By Download Attack?

What Is A Drive-By Download Attack?

WordPress Security Basics: What Is A Drive-By Download Attack?

Photo by Caleb George on Unsplash

In previous articles we’ve talked about why criminals are interested in attacking WordPress sites and some of the methods they use. Today we’re going to look at drive-by downloads, a common category of attack used by criminals to infect site visitors with malware. Drive-by downloads are software downloads made to a device without the permission or knowledge of its owner.

Most such attacks are carried out using the compromised content managements systems of legitimate sites, infecting the site’s visitors with malware that serves the interest of the attacker.

This June, security researchers at Sucuri noticed that a large number of WordPress sites were being used by criminals to infect web users with ransomware, so it’s worth going into some detail about how attacks of this sort work.

When an attacker compromises a WordPress site – usually because the site hasn’t been updated — they’re not necessarily interested in the resources of the site. Instead, they’re interested in the site’s audience. They want to use the site’s popularity to their own advantage, infecting its audience with ransomware, botnet software, software that steals banking and credit card details, and so on.

The first stage in a drive-by download attack is to find a vulnerable WordPress site and to compromise it. When the attackers have control of the site they inject code into its pages and JavaScript files. The exact nature of the code varies, but its basic task is to cause a visitor’s browser to download and execute code installed on a domain the attacker controls. This can be done with a simple redirect to the malicious site, an iFrame, or even an innocuous-looking advert.

The code the attacker wants to load is usually part of an exploit kit. Exploit kits like Nuclear and Angler are complex applications that probe the software on a visitor’s device for vulnerabilities, often in PDF reader and Flash player software. If the exploit kit finds a vulnerability, it compromises the visitor’s device and uploads a small piece of malware, which will typically download the main malware payload. The entire process can take place in less than a second and most people never notice that their device is now controlled by criminals.

So what can WordPress site owners do to minimize the chances that their sites will be compromised and used to infect visitors with malware? Most importantly, keep WordPress (and any other internet-facing software) up-to-date. It’s hard to overstate how important this is. If your site is not updated regularly, it’s almost certainly vulnerable. Themes and plugins should also be updated regularly.

While most WordPress sites are exploited because web hosting clients don’t update, a good number are hacked via simple brute-force attacks. Brute-force attacks only work if a site has easily guessed passwords, so the second most important mitigation advice is to use long, random, complex passwords. For extra safety, think about implementing two-factor authentication on your site.

Posted in:
Security, WordPress

Source link

Tailor Your WordPress Site Based On Location

Tailor Your WordPress Site Based On Location

Geotargeting On WordPress: Tailor Your WordPress Site Based On Location

Photo by stokpic on Pixabay

You don’t need me to point out that the web is a global phenomenon, and yet many WordPress site owners don’t consider that their visitors can come from anywhere in the world. For local businesses, it might make sense to disregard all but a small population, but many WordPress websites could provide a better experience by tailoring content based on their visitors’ location. We’ve covered translating and localizing WordPress in several articles, so today we’re going to look at another way WordPress sites can be enhanced for a global audience: geotargeting.

Geotargeting is the practice of serving different content to an audience based on their location. A simple example would be a weather widget that displays the correct weather for the visitor’s location. It wouldn’t make sense to show a visitor from Beijing the weather for Chicago. Geotargeting lets site owners set conditions for which visitors see which content depending on where they are in the world.

Geotargeting works because it’s possible to find out a visitor’s location from their IP address. Every computer or router connected to the internet has an IP address, and each IP address — or block of IP addresses — is associated with a location. Geotargeting with IP addresses is not as accurate as GPS or WIFI-based location detection, but it’s usually good enough to determine which country and city a visitor is in.

Why Geotarget?

There are many reasons a site owner might want to provide a different experience to users in different locations.

  • To tailor promotions based on location.
  • To provide location-specific content. A restaurant review site might want to foreground restaurants near the user. An eCommerce retailer might want to give directions to their local brick-and-mortar store.
  • Geotargeting is often used for website security. If your WordPress site gets a lot of spam from a particular area, it might make sense to use geotargeting to deny IPs from that area access to your site’s forms. Although, for obvious reasons, care should be taken not to throw the net too wide.

Geotargeting on WordPress

For simple location-based content targeting, take a look at the GeoTargeting Lite plugin. Geotargeting Lite provides a couple of shortcodes that WordPress site owners can use to tag content that should be shown (or not shown) to visitors from a particular location. This is a fairly clumsy approach to geotargeting, so if you have more extensive geotargeting in mind, I’d suggest the premium version of this plugin, which can do page- and post-level geotargeting, can geotarget visitors through the Cloudflare CDN, and geotarget WordPress menu items and widgets.

WordPress, Geotargeting, and SEO

When I’ve discussed geotargeting with WordPress users, a question that often comes up concerns Google’s rules about cloaking. Cloaking is a black-hat SEO technique that serves different content to ordinary users than is served to Google’s crawlers. Cloaking is against Google’s Webmaster Guidelines and can result in a penalty.

When geotargeting content, a visitor from Montreal might see different content to a US-based Google crawler, which superficially resembles cloaking. In reality, geotargeting is not the same as cloaking. Sites with geotargeting serve different content to visitors depending on location, not whether they are a human visitor or Google’s web crawler. A web crawler with an IP associated with Montreal would see the same content as a human being browsing the web in Montreal, so geotargeting doesn’t cause SEO problems or breach Google’s Webmaster Guidelines.

Posted in:
WordPress

Source link

How Do CAAs Make Your Sites Safer?

How Do CAAs Make Your Sites Safer?

Certificate Authority Authorization Records Explained: How Do CAAs Make Your Sites Safer?

Photo by Anthony Martino on Unsplash

Certificate Authority Authorization records prevent SSL certificates being issued to hackers and online criminals for domains they don’t legitimately control.

When you ask a Certificate Authority to issue an SSL certificate for a domain, you have to prove that you control that domain. For Domain Validated certificates, that often involves uploading a special file to a server connected to the domain. If the file provided by the CA appears on the server, they know you’re in control.

In most cases, that’s a valid way to show who controls the domain. But, if a hacker compromised a WordPress or Magento site, they might be able to upload a verification file. There’s a flaw in the system that can be used by malicious individuals to influence a Certificate Authority to issue a certificate for a domain they don’t have legitmate control over. They have control over the site, but that control isn’t legitimate. Certificate Authority Authorization records are intended to close that loop in the verification process.

Certification Authority Authorization (CAA) records are a “new” (the RFC for the proposed standard was technically released in 2013) DNS record type, which will be used by Certificate Authorities (CAs) to add an additional layer of security for domain holders in regard to SSL certificates being provisioned under their name.

The CA/Browser forum – a voluntary group of companies such as Google, Mozilla, and Comodo – took a vote on making the use of these records mandatory, which passed earlier this year.

This means that major browsers will only trust certificates if they’re issued by a Certificate Authority that checks CAA records as part of its process. If the domain owner sets the CAA DNS record, Certificate Authorities have to respect the contents of that record.

How CAA Records Work

In order to help explain this better I’ve provided an example below:

We’ll presume Acme Company, Inc. controls example.com and only uses Comodo as their CA. The admins for their domain/DNS zone create the following CAA record:

example.com.       IN      CAA     0 issue "comodoca.com"

When the admins for example.com submit a request to Comodo to create a new SSL certificate for their domain, Comodo then runs a lookup against the domain’s existing CAA records to determine if they are permitted to issue the certificate. Upon seeing that the record exists and references them, they proceed with the creation of the certificate.

It’s worth noting that CAAs don’t take the place of current verification/validation procedures for SSL provisioning, but rather add an additional layer to cover situations that were not handled under the existing processes.

To dive into some specifics on how the records themselves are laid out, I’ve provided examples below for each “property tag” that can be specified:


issue

As shown above, the “issue” property tag specifies a specific CA that is authorized to provision certificates for the domain in question.

Example:

example.com.       IN      CAA     0 issue "comodoca.com"

issuewild

Exactly the same as issue, however this allows for wildcard certificates to be issued as well

Example:

example.com.       IN      CAA     0 issuewild "comodoca.com"

iodef

This property tag currently isn’t fully supported by all CAs, however its purpose is to provide further information such as E-Mail addresses, that can be used by CAs in situations where there’s an issue with the certificate itself or in cases where someone may have made an attempt to request a certificate be created that violates any other CAA record property tag rules.

Example:

example.com.       IN      CAA     0 iodef "mailto:[email protected]"

What Do CAAs Mean For Hostdedi Customers?

This is a good thing. There have been countless events in previous years in which malicious parties have been able to provision certificates for domains that they don’t have control over. This new enforcement tool provides companies and individuals with another layer of security for their domains and the certificates issued under them.

In addition to all of the above, CAs are only enforcing these rules if the records exist. If you’d rather not use them (though I’d highly recommend doing so) your interactions with CAs when purchasing a certificate will be the same as they always have.

We’re proud to announce that we’ve implemented full support for CAA records within Portal and you can log in and get started with creating those today.

As always, if you have any questions regarding these records or need assistance with creating them, you can contact the best Support Team in the world by opening a ticket, E-Mailing [email protected], or by contacting us via phone at any time.

Posted in:
Security, Webmaster

Source link

Deloitte’s Security Troubles Show Why Two-Factor Authentication Is So Important

Deloitte’s Security Troubles Show Why Two-Factor Authentication Is So Important

Deloitte’s Security Troubles Show Why Two-Factor Authentication Is So Important

Photo by Ray Hennessy on Unsplash

For a business with more than a handful of employees, managing authentication credentials like passwords and usernames can be a huge headache, as Deloitte, a “Big Four” accountancy firm discovered this September. A protracted breach of Deloitte’s networks, which leaked emails and other sensitive information linked to some of the biggest corporations in the world, could have been avoided if Deloitte had protected user accounts with two-factor authentication.

Deloitte boasts revenue in excess of $37 billion and is one of the largest auditing and accountancy firms in the world. It is also a leading provider of cybersecurity services. It appears Deloitte’s networks were compromised when a hacker gained access to log-in credentials for an admin account. There’s some disagreement what was leaked, but Brian Krebs suggests a large amount of highly sensitive data was exfiltrated over many months.

It’s not known how the admin account was compromised, and there could be any number of explanations, from carelessness to brute-force attacks. But one thing is clear: two-factor authentication would almost certainly have prevented the attacker from gaining access, even if they had the admin user’s username and password.

Two-factor authentication uses an additional factor of authentication in combination with a username and password. The TFA most users are familiar with involves a one-time code being sent to a device in the user’s possession — their phone or a dedicated dongle. If the user can demonstrate that they know the number, it proves they have possession of the device. Passwords and usernames leak all the time, but it’s much less likely that an attacker would have access to the password, the username, and a trusted user’s unlocked phone at the same time.

Authentication leaks are among the most dangerous security breaches because they’re so hard to spot. There are few tell-tale signs: it looks as if an authentic user has logged in. In the Deloitte case, it seems the attackers were able to access the network from the fall of 2016 until this March.

eCommerce stores and web sites can more easily be compromised if retailers and publishers make the same mistake one of biggest cybersecurity consultancies in the world made by trusting people to manage passwords properly.

Passwords are a strong form of authentication if they are managed intelligently. Long and random passwords used as part of a well-designed authentication system are next-to-impossible to discover. But most people, including developers and others you’d expect to understand the problem, don’t choose or manage passwords properly. Two-factor authentication provides a second layer of security that can keep a Magento store or WordPress site secure even if a user is careless with their password.

Magento retailers should take a look at Sentry, a Magento two-factor authentication plugin Hostdedi developed in partnership with Human Element. Sentry works with the Google Authenticator and Duo Security services to provide easy-to-use TFA for Magento eCommerce stores. WordPress user should consider WordPress Two-Factor Authentication.

Posted in:
Security

Source link

Google’s New Ads Data Hub Could Improve Advertising Data Accuracy For eCommerce Retailers

Google’s New Ads Data Hub Could Improve Advertising Data Accuracy For eCommerce Retailers

Google's New Ads Data Hub Could Improve Advertising Data Accuracy For eCommerce Retailers

Photo by Denys Nevozhai on Unsplash

Google recently announced a new cloud advertising analytics platform, Ads Data Hub, to give eCommerce merchants and other advertisers insight into the performance of advertising campaigns, with a particular focus on mobile. In recent years, brands have become increasingly dissatisfied with the quality of advertising data available from mobile campaigns, and Ads Data Hub hopes to give them a powerful tool for aggregating and analyzing advertising data from multiple sources including, but not limited to, the Google Display Network and DoubleClick.

Ads Data Hub is intended to help eCommerce advertisers to assess the value of advertising strategies and focus budgets where they’ll be most effective. Using a combination of big data analytics techniques and Google’s extensive cloud analytics infrastructure, Ads Data Hub allows retailers to collate large amounts of data from multiple channels to give advertisers insight into customer journeys in a way that has been difficult to achieve as mobile evolved to become the dominant computing and communication platform.

In the early days of eCommerce advertising, it was relatively straightforward to track the effectiveness of advertising. Most people used only one desktop machine, and tracking users from first contact with an advert to conversion didn’t present much of technical headache. On today’s mobile-centric multi-device web, it’s more difficult to establish the value of advertising campaigns and to target advertising effectively.

The lack of good data and a way to combine data from a fragmented mobile landscape discourages brands that expect to see a clear return on their advertising dollars. That’s bad news for Google: the vast majority of Google’s profits come from advertising.

Ads Data Hub is based on Google’s BigQuery platform, an industry-leading cloud big data analytics service that is capable of analyzing very large datasets very quickly. Advertisers will be able to pull together all their advertising data, including cross-device activity data and customer data from other sources, such as demographic data and search data. With the ability to collate all relevant data on a single platform, advertisers can build a complete picture of user journeys. The insights provided by Ads Data Hub can then be used to plan advertising campaigns and place advertising where it will generate the best return.

Measuring the effectiveness of mobile advertising is particularly problematic for eCommerce retailers. A common source of problems is the mismatch between advertising data and sales data, which rightly makes brands suspicious that advertising data isn’t as reliable as it might be and decreases confidence in the advertising data provided by Google’s existing tools, including Google Analytics. Without good data, advertisers have no clear idea of whether their marketing budgets are being spent effectively or where advertising should be targeted for an optimal return.

In theory, at least, Ads Data Hub will help eCommerce retailers to tie together all the relevant sources of data and gain a more complete picture of their customers’ journey to conversion. Ads Data Hub is currently in limited beta.

Posted in:
eCommerce

Source link