CAll Us: +1 888-999-8231 Submit Ticket
The Best BigCommerce for WordPress Themes Out There Right Now

The Best BigCommerce for WordPress Themes Out There Right Now

You may have heard of BigCommerce the SaaS platform. An ecommerce platform that has gained popularity in recent years. But forget about the SaaS platform for a second, because what we’re talking about here is BigCommerce for WordPress (BC4WP): a headless ecommerce solution that lets merchants get started quickly by uploading products, setting prices, and finding the perfect BigCommerce for WordPress theme. 

BigCommerce for WordPress works with any modern WordPress theme. This is because it was engineered in accordance with WordPress development guidelines.  As a result, it’s straightforward for WordPress developers to build custom themes or to use one of the thousands of pre-built premium and free themes available for WordPress. The trick is finding one that lets you visualize the right ecommerce components in the best way possible. 

We’d like to highlight some of the more flexible and user-friendly WordPress themes compatible with BigCommerce. Each of these themes is an ideal choice for an online retailer getting started with BigCommerce and WordPress on our BigCommerce for WordPress hosting platform.

 

What Is BigCommerce for WordPress?

BigCommerce is a headless cloud ecommerce platform that provides inventory management, a shopping cart, a PCI-compliant shopping cart, and built-in analytics.

As a headless ecommerce platform, BigCommerce handles the heavy lifting of online retail but relies on a front-end application to provide the store’s interface. As a result, the BigCommerce for WordPress plugin transforms WordPress into a BigCommerce front-end. 

BigCommerce for WordPress offers the best of both ecommerce and content worlds. But to make the most of that, you’ll need the right theme. 

WordPress is known for its capable content management features. So the combination of both applications means that merchants are able to make the most of ecommerce and content functionality; creating both an incredible storefront and an incredible content marketing platform. 

However, to truly make the most of these features, you’ll need a WordPress theme that’s compatible with BigCommerce and provides an attractive platform for content delivery. 

 

How to Choose a Good BigCommerce Theme

Choosing the right BigCommerce theme for your WordPress frontend can mean browsing through thousands of different options to narrow down the right one.  Luckily, we’ve assembled a list of the four best themes available. 

Previously, we talked about WordPress themes and what makes any specific one better than another. Yet those themes were more aimed at content sites and didn’t provide a user experience optimized for product delivery. 

When it comes to choosing the right theme for a BC4WP site, there are five main areas you should consider. That way, you’ll end up with a site that delivers results for both ecommerce and content. 

 

Navigation

The most important factor you’ll want to keep an eye on is navigation. More specifically, how easy it is to find the right product. 

Firstly, take a look at the menu. Is it prominent on the site? Does it come with accessibility features? Would you like using it to  navigate around a site?

Bad navigation instantly turns customers away; or forces them to leave after they can’t find what they’re looking for. Remember, ecommerce navigation isn’t just about the nav, it’s also about paying attention to ecommerce SEO and categories. Categories make finding and navigating a site easier. 

Beyond that, search is also vital. 70% of people rely on ecommerce product search, and searchers are 200% more likely to make a purchase than a browser. 

When choosing a theme, it’s important to pay attention to the placement and clarity of the search experience. We’ve seen themes that don’t make it clear and this can have hard-hitting effects on conversion rates. 

 

Loading Time

Your next key focus should be loading time. More specifically, how long does it take for assets and code to allow a user to browse content on a site? 

A 1-second delay in page load time can lead to a 7% decrease in sales. So even the slightest delay as a result of load time can mean fewer sales. 

What this means is making sure that  time to interactivity is as quick as possible. Some theme developers talk about time to first byte (TTFB). We question this, and think it’s more important to look at time to interactivity (a measure of how long before a user can actually engage with a page).  

There are a number of tools available to site owners for testing page speed. Tools like GTmetrix are a good start. You can even test site speed with tools built into your browser, like Lighthouse.  

If you’ve tried everything and you site is still slow, then it’s worth reaching out to your hosting provider to see if there are any configuration problems. 

In some cases, your site may be slow as a result of your hosting provider. If you’ve tried optimizing code, cutting down on plugins and trying these speed optimization trends,  and your site is still slow, then it’s a good idea to contact your provider and their support team to see if there is a problem with your server. 

 

Responsiveness

If you’re not offering a mobile responsive website yet, then you’re doing it wrong. Not only because it means you’re probably offering a terrible user experience, but also because it means you’re SEO is suffering.

Remember, Google now indexes sites based on a mobile-first policy. According to Google, that began July 1st, 2019.  This means that all sites now not only have to offer a mobile version, but also provides an excellent user experience for those using it. 

This ripples out into several different areas of site development; from UX to code, and more. 

BigCommerce for WordPress is a headless application, so there’s no reason you shouldn’t be offering a mobile-optimized frontend. Being headless, BC4WP means you have complete control over the front-end. So take a look at the competition and make sure your site design isn’t out of date. 

 

Security

Bad themes are an easy goldmine for hackers looking to exploit vulnerabilities. Whether it’s bad coding practices, something missed by accident, or just simple laziness, a theme with security vulnerabilities can mean the end of your online store.  

Yes, theme vulnerabilities are not as frequent as plugin or core vulnerabilities. But they still make up a sizeable amount in terms of numbers. And all it takes is one exploited vulnerability for you to find your store quickly losing the business and trust of your customers. 

Sticking to official and officially supported themes means you’re picking a theme that complies to WordPress coding standards and is a lot safer. 

Try sticking to themes that are either available in the official WordPress theme bank, or that have official support from BigCommerce. Stay away from anything you have to download and install manually. 

If you’ve already decided on a theme and want to know how secure it is, we recommend taking a look at the WPScan Vulnerability Database. Here, you’ll be able to see a list of vulnerabilities identified from not just themes, but also plugins, and core. 

 

Code

Code links into pretty much everything we’ve just said. Bad theme coding means problems with design, security, and the user experience.

For most non-technical merchants, you’re probably not able to check the code for yourself. So just like with themes, the best option is to take a look at the creator of the theme. If it’s a trusted source, chances are they have followed coding standards. Remember, any themes available through the WordPress theme bank have been checked to make sure they match up to the WordPress theme standards

If you really want to check the theme code for yourself, there are tools available to help. These will generally help you see if the theme will cause problems in terms of user experience or security.

Four BigCommerce for WordPress Themes We Recommend

Divi, by Elegant Themes, is one of the most popular premium WordPress themes on the market. Divi is billed as a “website building platform” rather than simply a theme. The highlight feature is a powerful page builder that allows WordPress users to visually construct pages from the wide selection of elements that are built into the theme.

A true drag-and-drop solution, Divi incorporates over 40 different page elements, including sliders, galleries, and forms. Divi can be used to create any type of site, but it includes several features aimed at ecommerce retailers, including pricing tables.

WordPress users who buy a Divi license also gain access to over 100 layout packs, including ecommerce designs with page layouts, images, and graphics.

Make is a free theme that aims to make it simple to build an attractive WordPress site. It has fewer features than all-in-one plugins like Divi, but that’s deliberate, and it has made Make a favorite of WordPress users who have downloaded the theme more than a million times.

The free version of Make includes a page layout engine with several built-in layouts. Make integrates well with the Customizer, providing over a hundred settings that can be visually tweaked.

For users who need access to advanced features, the Make Plus premium tier includes additional ecommerce features and advanced layout options.

Shapely is an elegant one-page theme suitable for simple stores with a handful of products. Unlike the other themes we’ve looked at, Shapely is intended for store owners who want to choose a pixel-perfect design and stick with it. It doesn’t include a heavy page-builder, but there are plenty of Customizer options to bring the theme in-line with a store’s branding.

We’ll conclude our theme round-up with Generate Press, a free, lightweight theme that loads less than 30KB of assets on a default WordPress installation. It’s a simple, elegant theme that makes it easy to build a beautiful ecommerce front-end without loading product pages down with superfluous JavaScript.

We have looked at just four of the thousands of WordPress themes that are compatible with BigCommerce for WordPress. To learn more about BigCommerce for WordPress, check out “Introduction to BigCommerce for WordPress, Important Concepts” by BigCommerce WordPress Evangelist Topher DeRosia.

Source link

A Modern Web Application Stack From Hostdedi

A Modern Web Application Stack From Hostdedi

Modern web applications are large, complex, and resource-intensive. The methods of hosting these applications have changed drastically as as result. It is no longer ideal to simply host a modern web application on a Linux/Apache/MySQL/PHP (LAMP) stack, as doing so will severely limit the performance capabilities of modern web applications.  

A web application stack is a collection of software that works together to provide modern, secure, and fast application delivery. These modern application stacks go beyond a typical LAMP stack and include additional components such as Nginx and Varnish. Extensive tuning keeps these components working together for the best end user experience.

This article covers the different applications and technology that make up our Hostdedi Cloud web application stack, focusing specifically on application delivery.

Discover the Hostdedi Stack

 

Nginx 

Nginx is a full-featured, high-performance web server that we use as a reverse proxy within our web application stack. Favored by many websites, Nginx has been a popular replacement for the Apache Web Server because it excels at serving static content. 

With this in mind, we use Nginx together with Apache web server in our application stack. The use of Nginx in front of Apache as a reverse proxy allows each to focus on their respective strengths. 

Object Caching

Nginx includes a built-in cache called a micro cache. While a micro cache has many potential applications, we focus its caching on small static objects like images, CSS templates, JavaScript, and other small files. 

This benefits low-traffic and high-traffic sites, as cached objects prevent the need to retrieve the object from the web server with every request. Many modern CMSs can have well over 100 static objects per page load, all of which can be served by the Nginx micro cache. This removes significant load from the dynamic content web server, noticeably so during peak web traffic times.

TLS Termination

TLS terminators handle the decryption of HTTPS connections. Typically, the web server application handles TLS decryption, although this is often not ideal. Varnish and other caching proxies do not currently support HTTPS connections, and so require decryption of TLS connections before they reach your caching layer. Load-balanced solutions also require the TLS certificate to be installed on every application server when not using a TLS terminator. 

A solution to these limitations is to let Nginx handle TLS decryption. While alternatives such as Pound and HAProxy exist, Nginx handles it natively and can also provide load balancing if necessary, removing the need for additional load balancer services. 

Modern TLS Support

Transport Layer Security (TLS) is the successor to the older encryption protocol, Secure Sockets Layer (SSL). TLS provides the encryption for HTTPS connections, which is nearly a requirement for all modern websites. 

Current security standards (most notably, PCI DSS) have flagged older SSL and even some early TLS as inadequate, and only modern TLS ciphers make it possible to meet these evolving standards. 

Like SSL, TLS has several versions, the most recent being TLS 1.3. As a PCI-compliant hosting provider, we enable only secure ciphers according to the Mozilla Modern standards. 

HTTP/2 Support

Nginx fully supports the latest HTTP/2 protocol. HTTP/2 is a revision of the original HTTP 1.1 protocol released in 1999. It focuses on improved performance, perceived end-user latency, and use of a multiplex connection between web servers and browsers. HTTP/2 is currently supported by all major browsers and is enabled by default in Nginx on Hostdedi Cloud solutions.

Nginx also has plans to support the new QUIC – HTTP/3 protocol, which we will also support as soon as it becomes available.

Content Compression

Data compression is not a new idea. If site data can be quickly compressed on the server and uncompressed in the browser, this reduces the size of transferred data, thereby saving time. 

Web servers and browsers have supported several compression algorithms such as gzip and deflate for years. While both of these have historically worked well for content delivery, a modern and more efficient option is available: Brotil.

Brotli is a data specification that uses a dictionary-based compression algorithm designed specifically for the transfer of text-based web application static files such as HTML and CSS. Due to its specialized role, it offers significant upgrades over other common web compression algorithms in both compression ratio and compression speed. All modern browsers and web servers now support Brotli including Nginx, which is enabled in our configuration.

Apache

Apache is an industry-standard open source web server that first saw the light of day in 1995. In 2012, the release of version 2.4 began the support of a significant feature set that continues to improve to this day. 

One of Apache’s strengths is the ability to deliver dynamic content at high concurrencies through various application interfaces like the FastCGI Process Manager (FPM). We utilize PHP-FPM for all PHP-based applications on our cloud application stack. Beyond fast dynamic application support, Apache 2.4 has several other notable features, as described below. 

The Event MPM

Apache 2.4 saw the release of the event multiprocessing module (MPM), which provided significant performance gains over previous prefork and worker MPMs of previous versions.  The event MPM makes Apache much more efficient with memory usage and increases thread handling for incoming connections in a manner similar to Nginx. Hostdedi Cloud plans use a carefully tuned event MPM configuration as part of our application stack.

Web Application Firewall

A web application firewall (WAF) is an essential security feature for any website. Their purpose is to provide an HTTP content filter for common vulnerabilities, including SQL injection, cross-site scripting, and request forgeries, among others. WAFs also provide protection for known application vulnerabilities and backdoors, protecting known remote shells and unpatched software from being exploited. 

Our application stack uses ModSecurity, an open source WAF for application protection. Having ModSecurity in place with Apache provides additional protection to web applications, and helps meet security and compliance requirements such as PCI DSS. 

Content Optimization

Created by Google, Mod_Pagespeed is an open source module designed to optimize content on the server and decrease site load times. This module performs a set of front-end optimizations to static content, including HTML, JavaScript, CSS, and images. These optimizations include static code inlining, combining, and minifying, which reduces the size of these files and the number of total requests. 

While front end optimizations are smart for site development, time constraints sometimes kick these to the wayside. In these cases, Mod_Pagespeed is invaluable. 

While Mod_Pagespeed is available for both Nginx and Apache, we have enabled it with Apache web server. This allows it to optimize the code as part of Apache, when it then can be cached optimally in the Nginx micro cache.

Application Compatibility

As mentioned earlier, any web application can be configured under Nginx or Apache, but the latter’s support of .htaccess sometimes makes Apache a more suitable candidate. Some CMSs use .htaccess configurations not fully supported by Nginx. While there are pros and cons to using .htaccess files as a whole, it is generally preferable to make them available, rather than force our clients to modify their site to Nginx standards. 

Varnish

Varnish is a caching HTTP accelerator that provides high-performance static and dynamic content delivery. When enabled and properly configured, content requests normally handled by Apache and Nginx are now handled by Varnish, which directly delivers cached assets from memory to users’ browsers. Dynamic sites with complex back ends that require considerable PHP interpretation (such as Magento) can benefit greatly from the use of Varnish.

One downside to Varnish is its complexity in implementation. Controlling which content is cached can be tricky, especially with dynamic content. Extra care must be taken when dealing with session-based eCommerce sites to keep shopping carts updating properly. Varnish handles these configurations using its Varnish Configuration Language (VCL). The VCL can be customized for websites, and some applications such as Magento 2 provide a base VCL file to get the application up and running.

Currently, Varnish only supports the HTTP protocol, not HTTPS. This requires the use of an SSL terminator in front of Varnish, which is handled by Nginx in our web application stack.

PHP – Software Collections

Our web application stack utilizes RedHat’s Software Collections (SCL) for application language support. SCL allows multiple languages and versions such as PHP, Ruby, and Node.js immediately available for any given site. SCL also makes it easy to switch language versions. As an example, our clients may set their PHP version for any given account to any version between 5.6 and 7.3 from their Client Portal. 

PHP Opcache

Opcache is a PHP-caching accelerator that increases performance by optimizing and storing precompiled script bytecode in shared memory. The integration of a properly tuned Opcache instance with PHP allows frequently used scripts to be read directly from memory, skipping the intensive compilation process. This has dramatically reduces load times for most applications. 

Opcache is included with modern versions of PHP and the latest release of 7.3, and has replaced older PHP script-caching methods such as eAccelerator and APC. To fully realize the benefits of Opcache, we have spent considerable time tuning the Opcache default variables within our application stack. This is frequently overlooked but nonetheless critical, as neglecting to tune the default Opcache configuration to the size of the hosted application can negate any performance gains.

CDN

While not a local part of our application stack, nearly any website will benefit from using a content delivery network (CDN). A CDN caches frequently used static content on servers around the globe, thus giving users’ browsers a local option for retrieving site content and reducing latency. We offer a CDN solution with our cloud solutions and strongly recommend its use.

 

Tying It All Together

Modern web applications are mammoth and have considerable system requirements for best performance. While it is possible to host an application on a simple Apache or Nginx instance, it sacrifices performance for convenience. Apache, Nginx, and Varnish have complementary strengths, and using them together grants the best results for performance and scalability. 

While our application stack is complex, it has been engineered with two decades of experience using these systems, and was tested and tuned for a variety of applications. It is also constantly evolving. As new technology and features becomes available for respective components of our application stack, we test these new elements before rolling them out.

The first of these considerations are the various headers used across the different services, each of which must be carefully managed. Nginx, Apace, and Varnish each provide default and custom headers for content control, cache control, and debugging information. Headers from external CDN or accelerator services can complicate this even further. Configuring headers properly ensures proper placement of caching and streamlines the flow of data through the stack. 

Logging also presents a challenge, both for debugging and compliance requirements. Each service in the stack generates a log, all of which must be stored in a secure remote location to facilitate tracking of each request and response through these various components.

Threading, connection limits, and resource utilization must also be taken into account. Any component in this application stack can be a bottleneck if not properly tuned.. Many of these configurations are outlined in our paper, The Definitive Guide to Magento 2 Optimization.

Source link

What Is a PCI DSS Audit?

What Is a PCI DSS Audit?

Officially known as an annual PCI DSS assessment, this annual audit is required for Level 1 merchants and recently breached merchants to maintain PCI compliance. These assessments can only be performed by a qualified security assessor (QSA). Read on to learn what you, the merchant, should expect from the audit and how to prepare for it.

Top Reasons to Become PCI DSS Compliant

PCI DSS refers to Payment Card Industry Data Security Standards, and it is required for any store that accepts credit cards as payment. This applies both to stores that process credit cards, and stores that limit themselves to transmitting card data to third party payment gateways like PayPal and others. 

The case for “why PCI compliance” is two-fold:

  1. The five major credit card companies on the PCI Council (Visa, MasterCard, American Express, Discover, JCB) say it is.
  2. PCI-compliant merchants are more effective at protecting their customers’ data than merchants that are non-compliant. 

Or, as a third argument for the merchants unmoved by the first two: PCI DSS helps prevent breaches, and breaches cause downtime and lost revenue. 

For a more detailed breakdown of PCI compliance, see How Hostdedi Helps Your Store Stay PCI Compliant.

PCI DSS Risks

Only 29 percent of companies remain compliant a year after their initial validation because they pass once, then drift into complacency. pci storefront

Auditing is a required component of compliance for larger merchants, and it may be tempting to wonder about the consequences for non-compliance. Some might resent what they perceive as the credit card’s stranglehold on ecommerce. Others might just “have better things to do with my time, like run my business.” 

What’s the worst that could happen?

The short answer is non-compliant merchants can be fined, audited, breached, and suffer damage to their brand reputation. The longer answer is that PCI compliance is the beginning of security, not the end. It’s best to consider it as the “minimum acceptable standard” for securing your customers’ data.

How Much Does a PCI Audit Cost?

On average, a typical PCI audit for a smaller merchant costs about $15,000. This adds to other factors influencing PCI DSS certification cost, which usually relate to infrastructure and paying qualified personnel to apply and maintain best practices of data security. While this is not insignificant, the cost of ignoring compliance is far greater.

Beyond ethical concerns, failure to comply can result in:nexcess pci lock

  • Fines by credit card companies ranging between $5000—$100,000
  • Security breaches, which often involve downtime to resolve
  • Legal action by endangered customers and third parties
  • Damaged reputation and loss of consumer trust
  • Loss of revenue
  • Federal audits

How Does a PCI DSS Audit Work?

If you’re facing an upcoming audit, then you’re either a level 1 merchant with more than 6 million credit card transactions per year, or a merchant from lower PCI compliance levels (2–4) that suffered a recent data breach. Merchants on the lower PCI compliance levels (2The central goal of the audit find non-compliance, provide guidance on how to fix it, and verify you’ve addressed any and all issues. 

The first step is finding a Qualified Security Assessor (QSA) to perform the audit. Only QSAs are licensed to perform the audits, as these organizations are certified by the PCI council to understand their data security standards. 

The simplest way to find a QSA is by choosing one from the list on the PCI website. As with any service, it is usually wise to talk to a few, as not all are created equal. Never hire a company claiming to be a QSA if not present on the PCI list; these companies are either outsourcing your request, or planning to sell you other services. 

Once onsite, the auditor will assess multiple areas of your business. As you might expect, this includes your cardholder data environment (CDE), defined as any device, component, network, or application that stores, processes, or transmits cardholder data. It also includes your policies and procedures surrounding your use of these systems.

PCI Audit Requirements

  • Transparency and cooperation
  • Completed PCI audit checklist
  • Understanding of current PCI DSS
  • Your printed copy of your Report on Compliance (ROC) from the previous year
  • Evidence of quarterly scanning and penetration testing
  • Evidence of regular event log checks
  • Documentation on how you handle third party vulnerabilities

Remember: the role of the auditor is to prevent the compromise of cardholder data, not to punish your company. As long as you’re cooperative and vested, the auditor will explain where you need to improve and help you do it. To execute these changes efficiently, consider appointing a compliance leader within your organization. This individual takes responsibility for compliance efforts, but also should have the authority to compel change across your team.

9 Common PCI Mistakes Revealed by PCI Audits

nexcess data centerIf you care enough about PCI compliance to read this article, then you’re on the right track. Following are nine common mistakes for merchants undergoing audit, though your experience may vary according to your business needs and PCI compliance level. 

Hiring a PCI compliant hosting provider like Hostdedi will go a long way toward preventing these mistakes, but it’s not a magic bullet. Merchants must do their part as well, but most hosting providers can assist you in this task.

Reminder: CDE, or cardholder data environment, refers to any device, component, network, or application that stores, processes, or transmits cardholder data.

Unnecessary storage of credit card data 

As a general rule, you should take every reasonable step to avoid storing credit card data, and never store CVV numbers for any reason. Many merchants choose to store data to accelerate their customers’ checkout process without fully understanding the implications for compliance. Don’t be one of them.

Failure to separate the CDE network from rest the organization’s IT infrastructure

The key phrase to remember in PCI-compliance and access to cardholder data is “as-needed.” Make it your mantra. This applies more so to sub-networks within your organization. When applied to your network, it is known as “network segmentation,” though it usually applies to sub-networks within your organization. Sub-networks used for internal office communications should have no access—direct or indirect—to the sub-networks with access to the CDE.

Failure to restrict access to the CDE to only those employees that need it 

Once again, only employees needing access should have it. This refers both to physical access to areas housing devices within the CDE, but also permissions and passwords.

Insufficient training and security awareness

This extends to your team as well as yourself. If you employ a team, consider appointing someone as a Compliance Officer to take responsibility for training efforts, and give them enough authority to get the job done.

Weak password security policy

Passwords to any system within the CDE should be unique, complex, and never shared between employees. Password managers like LastPass, Zoho, 1Password, and many others are invaluable for safely generating and storing complex passwords. If your team isn’t using one, then it’s a red flag for your security practices. Two-factor authentication for any CDE system is likewise essential, whether Google Authenticator, Duo, or something similar.

Missing web application firewall (WAF) 

A web application firewall (WAF) identifies and interrupts malicious activity and exploits. Most merchants don’t use one in their infrastructure. You can pass a PCI assessment without, but it requires a code audit any time you make changes to your application (Magento, WordPress, and so on). Most hosting providers can provide a WAF solution, or you can use a cloud-based one, which will increase security and simplify PCI compliance.

Inadequate network activity logs 

A network log is a record of events, and is crucial for identifying and tracking the efforts of bad actors attempting to gain access. Again, if you’re a level 1 merchant that processes millions of credit card transactions per year, you’re an inviting target and likely have a network administrator in place. If you’re not a Level 1 merchant and you’re facing audit, then it means you were recently breached 

Missing or poorly configured firewalls and routers 

The security of a network firewall (not to be confused with web application firewall) or router is only as good as the person configuring it. Know your stuff or employ someone that does.

Unclear or outdated security incident response procedures 

Whether you use Magento, WooCommerce, or any other platform, you or your system administrator should take great pains to stay current on the latest vulnerabilities. Have a plan to respond to exploits when—not if, but when—they occur.

Don’t Wait for Your Audit to Get Started

As a final point, never forget that PCI compliance is an ongoing effort. Annual audits are only one component of compliance, but a proactive approach with upcoming changes to your CDE will often pay dividends. Engage your QSA about these changes well before they happen, as they can provide sage advice about maintaining compliance. 

 

For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.  

Source link

ElasticSearch Makes Magento Search Faster and More Accurate

ElasticSearch Makes Magento Search Faster and More Accurate

Search is an essential feature of an ecommerce store. And for any store with more than a handful of products, it’s one of a handful of ways that customers can narrow product selection to a manageable number. So finding the right search engine for your store is vital. For Magento merchants and developers, that search engine is Elasticsearch. 

Despite the advantages of Elasticsearch, many Magento merchants still run their stores on obsolete and outdated search software. In fact, 42% of companies don’t try to optimize search as all.

Originally developed in 2010, Elasticsearch has grown to become one of the biggest players in search offerings. It has largely replaced rivals SOLR and Sphinx. For Magento sites, it’s now become the default search option, replacing MySQL which has been deprecated. 

How Elasticsearch Works for Ecommerce

Magento includes built-in search functionality that previously, by default,  used a MySQL database. MySQL and its variants are powerful, but they aren’t the ideal back-end for a search engine. We use search engines every day and we are accustomed to a sophisticated search interface that can turn our vague and often badly spelled queries into useful results.

MySQL isn’t well-optimized for that use case, which is why Magento previously would – on occasion – return less-than-useful search results.

ElasticSearch, on the other hand, is highly optimized for fast and accurate search. As a Java-based document store – what used to be called a NoSQL database – it’s engineered to store huge numbers of JSON documents and retrieve them according to criteria supplied by the user. 

Imagine wanting to find a specific set of headphones which have something to do with Master Class about them, but it’s not their name. You type it in and you’re given a large selection of products you really aren’t interested in.

Frustrated with Magento search experiences?

Customers frustrated with their Magento search experiences?

Don’t worry, Elasticsearch is here! ES allows for a merchant to specify different criteria the user may be searching for – beyond just the name. This may include the description, the manufacturer, the release date, and more. 

In short, it makes an ideal search engine back-end for ecommerce stores and many other types of website. It also makes the ecommerce search experience just that much better.  

And when combined with Magento, ElasticSearch’s built-in functionality augments ecommerce search with a host of useful improvements.

 

Extremely Fast Search

ElasticSearch is much faster than Magento’s default search, especially when searching through large product catalogs. It can run searches over millions of products without breaking a sweat, and it’s a rare ecommerce store that approaches that number of products.

The speed at which ElasticSearch returns results can be used for features such as continuously updating results: as the user types their query, the search results update immediately because ElasticSearch searches faster than users can type.

 

More Accurate Results

Shoppers don’t want to have to carefully craft search queries. They want to enter a vaguely appropriate query and have the search engine to figure out what they mean. ElasticSearch is packed with features that help match queries to relevant results, even when the queries aren’t especially well-formed.

Among the features is fuzzy searching, which matches products similar to the query but not exactly the same with a technique called the Damerau-Levenshtein distance formula. Fuzzy searching helps stores to surface and rank the right products from their catalog even when the shopper mistypes or searches for a related product that isn’t in the catalog.

 

Easy to Use

Given the complexity of what ElasticSearch does, you might expect that it would be difficult to use. In fact, it couldn’t be easier. Once you hook ElasticSearch up to Magento, search is immediately improved without any complicated configuration. ElasticSearch ships with sensible indexing defaults and can begin returning better results in no time at all.

 

Improves UX

The average user spends just 8 seconds looking at a search results page. That’s 8 seconds to provide them with the right answers – in this case, products. Miss that time frame and you’re at risk of them looking somewhere else. After all, would you stay in a store if the attendant kept trying to sell you something you didn’t want?

It’s for this reason that product search is so vital. And with that browsing time only decreasing, the benefits of Elasticsearch give merchants less to worry about. 

Elasticsearch improves Magento UX by combining all of the features mentioned above. Faster speed means customers are able to find products faster. More accurate results mean they’re able to find the right products. And ease of use means merchants are able to enable it without too much extra work. 

 

Get Started with Elasticsearch for Magento the Easy Way

With Hostdedi ElasticSearch cloud hosting, Magento retailers can deploy a scalable and secure ElasticSearch instance in minutes. 

We’re happy to help Magento hosting customers to integrate their ElasticSearch instance with Magento. Get in touch today to learn more about Magento and ElasticSearch.

Source link

Is the End Near for EV SSL Certificates?

Is the End Near for EV SSL Certificates?

Google, Firefox, and Apple certainly think so. Extended Validation (EV) SSLs are effectively being put out to pasture. Upcoming changes to Chrome and Firefox will soon remove the EV badge from their browsers, citing concerns with its diminished reputation for protecting consumers. 

Standard vs. EV SSL certificates

If you’re already familiar with SSL certificates and the difference between Standard and Extended Validation (EV) varieties, skip ahead to the Why Are Browsers Burying EV SSL Certificates? section. 

SSL certificates are digital certificates that authenticate the identity of a website and allow for secure transmission of credit card data, login credentials, and other sensitive information. Though many types are available, standard SSL certificates provide the padlock icon in most browsers, help make your site PCI-compliant, and are a good choice for most merchants. 

Gray SSL Padlock

In most browsers, sites without SSL certification receive the “Not Secure” label, and anyone clicking on it will read a dire warning. 

Not Secure SSL warning

Furthermore, most browsers also will warn the user before entering any credit card information. Even if they don’t notice the lock, it’s almost impossible to miss the alert upon checkout. This tends to have a chilling effect on most users’ buying experience.

SSL warning

EV SSL certificates attempt to enhance this authentication with a more rigorous (and expensive) validation process. The end result is the addition of the merchant’s established legal identity just to the left of the web address.

In theory, this provides an additional visual cue for consumers, which makes them feel safer and more likely to spend their money on the site. In practice, most consumers don’t notice the absence of a site’s “legal identity,” meaning the EV SSL certificate provide little value to anyone other than the organization selling it.

Why Are Browsers Burying EV SSL Certificates?

In cyber security circles, criticism of EV SSL is not new. The stated goals for EV SSL are 1) to make it harder for phishing scams to fake their online identity, and 2) make consumers feel more safe. Their argument is that EV SSLs are only marginally effective at #1, and utterly ineffective at #2. 

The core failing in the “legal identity” tactic against phishing scams is the relative fluidity of those legal identities. The phrase itself is a misnomer, one that falsely invokes images of face-to-face authentication and triple-checked claims. As demonstrated by one industry professional, the methods of identity verification vary by state, with many ranging between “woefully inadequate” and “cursory.” A determined bad actor would have little trouble registering “Identity Verified” or some other devious “legal identity” to dupe unsuspecting consumers into feeling secure.

However, such efforts would likely be wasted, because the same experts claim most users simply fail to notice the presence or absence of the legal identity. Apple has alread removed the visual cue from Safari and Mojave  for this very reason. Recently, Chrome and Firefox announced their intent to follow suit, with the former stating: 

Users do not appear to make choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection.

For Chrome, this takes effect on September 10. The change comes to Firefox on October 22. The legal identifier will still be available, but buried in the interface and only accessible to the determined clicks of a knowledgeable user. 

Despite the exaggerated claims of organizations eager to sell EV certificates, most users are content to see the padlock and not see any warnings at checkout, both of which are provided by other, less expensive SSL certificates.  

 

If you have questions about which SSL certificate is right for you, contact our sales team for assistance.

The post Is the End Near for EV SSL Certificates? appeared first on Hostdedi Blog.

Source link

How Hostdedi Helps Your Store Stay PCI Compliant

How Hostdedi Helps Your Store Stay PCI Compliant

Having a PCI compliant store requires the sustained efforts of both yourself and your hosting provider. Although there are no shortcuts, choosing a credible web hosting provider is an effective place to start. Even so, most PCI requirements can only be met by you, the merchant. Read on to learn more about the dividing line between host and merchant, and why it can be worthwhile to go beyond PCI for your customers.

 

What Is PCI?

nexcess locked safeIn ecommerce, PCI is shorthand for Payment Card Industry Data Security Standards (PCI DSS). Created in 2004, PCI DSS aim to help protect consumers and prevent credit card fraud. It is required for any organization that receives, processes, or stores credit card data of any of the five members of the PCI Security Council: VISA, MasterCard, American Express, Discover, and JCB.

The list of requirements is extensive, to put it mildly. The requirements span six categories, and each category is divided into several hundred specific requirements. Some fall exclusively under the domain of either merchants or hosting providers, while some extend to both. PCI compliance is also not a one-time requirement, as the Security Council makes periodic adjustments to address new threats to consumers.

Compliance is not a “one-and-done” event. It requires daily, weekly, monthly, and annual tasks to maintain compliance. There are 12 general requirements divided among six categories. For illustrative purposes, we’ve listed these same categories, but also included more specific requirements from within PCI DSS. 

6 Key Categories for PCI Compliance

Build and maintain a secure network. Install and maintain a firewall. Use unique, high-security passwords with special care to replace default passwords.

Protect cardholder data. Whenever possible, do not store cardholder data. If there is a business need to store cardholder data, then you must protect this data. Encrypt any data passed across public networks, including data passed between your shopping cart, your Web-hosting provider, and your customers.

Maintain a vulnerability management program. Use antivirus software and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure your antivirus software applications are compliant with your chosen card companies.

Implement strong access control measures. Access to cardholder data, both electronic and physical, should be on a need-to-know basis. Ensure those people with electronic access have a unique ID and password. Do not allow people to share login credentials. Educate yourself and your employees on data security, and specifically the PCI Data Security Standard (DSS).

Regularly monitor and test networks. Track and monitor all access to networks and cardholder data. Maintain a regular testing schedule for security systems and processes, including: firewalls, patches, web servers, email servers, and antivirus.

Maintain an information security policy. Establish a clear and thorough organizational data security policy. Disseminate and update this policy regularly.

PCI non-compliance can result in fines ranging between $5000—$100,000 per month, depending on the size of the offending organization, its severity, and other factors. Non-compliance can also result in legal action, security breaches, and lost revenue.

PCI Requirements for Hosting Providers 

nexcess monitoringIt is virtually impossible for the typical merchant to be PCI compliant without enlisting the services of a compliant hosting provider. Merchants that host their own websites must meet hosting provider requirements in addition to meeting those for merchants. Such a model works for massive enterprises like Amazon and WalMart, but few others. 

Following are some of the highlights of our systems and policies that uphold our status as a PCI compliant hosting provider. The term “cardholder data environment” refers to any system that stores, processes, or transmits credit card data as well as any system that has access to cardholder data environment itself.

We maintain a web application firewall (WAF), which monitors all connections between the cardholder data environment and other networks. ModSec prohibits public access to sensitive areas, identifies untrusted connections, and hides IP addresses and routing information from unauthorized parties. 

We apply industry-accepted configuration standards for all system components that address all known security vulnerabilities. This extends to our internal and external network, our operating systems, and hardware required to host web services.

We apply cryptography and security protocols that encrypt and protect cardholder data even when transmitted across public networks. SSL certificates and other trusted security keys are unilaterally enforced. Only modern TLS ciphers are permitted.

We restrict physical access to our data center with 24-hour security policies and a team trained to implement them. This includes, but is not limited to:

  • Video surveillance with 90-day footage history
  • Secured entry with at least two-factor authentication (PIN, access card) in most areas, and three-factor authentication (PIN, access card, thumbprint) in areas housing the cardholder data environment
  • Visible identification on all team members
  • Visitor policy that prevents unauthorized public access; authorized external individuals have access only to required areas and are escorted at all times 
  • Team members are given access to the cardholder data environment only if their role requires it
  • Restricted access to network jacks, wireless access points, gateways, networks, and other lines of communication

We track and monitor access to network resources and cardholder data, though it falls to clients to maintain logs and monitor logins for their own applications (Magento, WordPress, and so on).  

We regularly test our security systems and processes, and perform internal penetration testing at regular intervals as well as after any significant infrastructure upgrade. 

PCI Requirements for Merchants

Secure store with HostdediProperly implemented, PCI compliance helps merchants adhere to commonly accepted best practices of data security. Hosting with a PCI compliant provider is a solid first step, but becoming compliant still requires action on your part.

If your store accepts credit cards as payment, it must be PCI compliant whether you store that data or not. Choosing a PCI Compliant web host is only the first step. Most credible web hosts can provide merchants with materials outlining their respective responsibilities upon request, but ultimately it is on merchants to understand and meet these requirements. 

Regrettably, there is no “one size fits all” checklist. Your specific responsibilities will vary according to your merchant level (1–4, with 1 being the highest), which is generally determined by the number of credit card transactions your store processes annually. 

The general process for most merchants is:

  1. Identify, understand, and implement the appropriate PCI DSS requirements. 
  2. Complete a Self Assessment Questionnaire (SAQ). The SAQ is a checklist outlining the requirements. Depending on your level, some or all of them will apply to you. Level 1 merchants have the most requirements; level 4, the least.
    Resist the temptation to simply “check every box” in the SAQ. Doing so endangers your customers and exposes your business to liability. The PCI stands to lose money from breaches, and in response may investigate your SAQ and AOC.
  3. Submit to a quarterly scan by an Approved Scanning Vendor (ASV), an independent, qualified authority that performs external vulnerability scans on your systems. 
  4. Complete the Attestation of Compliance (AOC), a document asserting that you are both eligible to perform and have in fact performed the SAQ to the best of your ability.
  5. If classified as a level 1 merchant, you must take additional steps, including an on-site assessment. 

If climbing the considerable hurdle of PCI compliance doesn’t appeal to you, you’re not alone. Your hosting provider can answer questions related to overlapping responsibility, and third party Qualified Security Assessors (QSAs) can help businesses run the PCI gauntlet (for a price). 

Even businesses offering only PayPal, Auth.net, and other payment services as payment options must be PCI compliant because those businesses must still transmit credit card data.

One universal component is the need to confirm that all of your service providers are PCI compliant. This includes your hosting provider, but also extends to payment processors, payment gateways, POS providers, and any other entities that touch your customers’ cardholder data. 

Some PCI Essentials for Merchants

  • Maintain PCI compliance. Compliance requires ongoing awareness and daily application. Tasks range between daily and annual, but all are recurring.
  • Don’t just check “Yes” to every question in the SAQ. Due diligence protects your business and your customers.
  • Know your code, or use a developer that does. Implement best practices of deployment using staging and dev sites without exception.
  • Establish a secure password policy. Use complex, unique passwords and never allow your staff to share login credentials or use default passwords.
  • Enable two-factor authentication for all of your internal users, and consider providing it as an option for customers logging in to your site.
  • Use a web application firewall (WAF). At Hostdedi, we provide one for all clients and it’s enabled by default.
  • Don’t just take your hosting provider’s word for it. Confirm they’re PCI Compliant and competent by asking for (and getting) their Attestation of Compliance (AOC).
  • Keep your applications and extensions current to the latest stable release, and actively monitor for new threats and versions.

Beyond PCI

If PCI compliance were enough, breaches of high-profile organizations would be far less common. Compliant should not mean complacent.

In reality, PCI compliance is “Cardholder Data Security 101.” It is the minimum acceptable standard and a reasonable introduction, but PCI is far from infallible. Credit card companies require compliance. Merchants adhering to PCI standards will be more effective at protecting consumers than businesses that just pay them lip service, but PCI compliance is only the first step. 

The very nature of PCI — a large, curated document updated only periodically — makes it vulnerable. Standards deemed sufficient in the “current” version are often exposed as inadequate. It can take months or even years for PCI to “catch up,” and bad actors are well aware of its limitations.

The best protection is knowledge. At Hostdedi, we have team members that specialize in web security who stay well-versed in the newest threats, breaches, and countermeasures. Many merchants may be reluctant to enlist the services of a security expert. At the very least, we recommend subscribing to security notifications for your ecommerce application and following at least one credible web security news source. Both sources react much faster than the PCI, and following them will help you “spot the smoke” before it becomes a fire. 

We’re on the List!

Don’t forget, we’re “On the List” of PCI compliant providers officially recognized by the Visa Global Registry. That means we’ve shown a continued commitment to reviewing and improving our security policies to match and exceed PCI compliance requirements. If you’re looking for a PCI compliant provider, hosting with Hostdedi means you’re hosting with an approved and recognized provider. Learn more about the PCI compliant hosting with Hostdedi. 

For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.  

Source link

Hostdedi Amsterdam Data Center Launches Cloud Servers

Hostdedi Amsterdam Data Center Launches Cloud Servers

Four years ago, we expanded our European hosting services to include Amsterdam, arguably one of best-connected cities in the world. Now, we’re bringing the scalability and versatility of Hostdedi Cloud to our Amsterdam data center!

Why Amsterdam Matters for Ecommerce

Amsterdam hosts about one-third of Europe’s data center capacity, and for good reason. In North Holland (Netherlands) and near the Amsterdam Internet Exchange (AMS-IX), the combination of geography and technology provides reliable low-latency connections to France, Germany, Scandinavia, and much of eastern Europe. 

The city continues to stand as a center of information technology and ecommerce entrepreneurship, with proven network infrastructure and expansive connectivity to key EU markets. Amsterdam’s history as an international trade hub played will see further exposure this October, when the city hosts MagentoLive Europe, a gathering of 2,000 merchants and developers from around the world.

A Closer Look at the Amsterdam Facility

As a PCI-compliant hosting provider, we apply the same high standards of reliability and security that we apply to all of our data centers. The Amsterdam facility occupies a state-of-the-art data center only minutes away from AMS-IX and uses redundant Tier 1 carriers for dependable connectivity and speed. 

Sixteen generators and 2N redundancy keep the data center ready for nearly every power-loss scenario. As for security, the facility upholds triple-authentication access with biometric readers, as well as 24-hour manned security stations, intrusion detection, and camera surveillance. 

Cloud Services

With the launch of Amsterdam Cloud Services, our clients can expect the same security and performance already present in all of our global data centers. We built this platform to make it easier than ever for your service to grow with your business.All Hostdedi Cloud services include:

  • 24-hour support and monitoring
  • Free migration
  • PCI-compliant cloud hosting
  •  optimized application hosting for Magento, WooCommerce, WordPress, Drupal, and others. 

If you’re a Hostdedi Cloud client, you may also add:

  • Auto Scaling: Ensure your site stays online during foreseen and unforeseen traffic spikes. Be billed only for what you use, when you use it.
  • Cloud Accelerator: Boost your site’s delivery of static content (.jpg, .gif, .png, .bmp, .js, .css, among many others) to deliver a near-instant experience to your site visitors.
  • Instant Dev Sites: Create dev and staging environments at the touch of a button. Test changes without fear and maintain user security with auto-scrubbing of personally identifiable information (PII).


Questions? Our sales team has answers! Contact them at
[email protected] between 9 a.m.– 5 p.m. eastern, Monday to Friday.

 

Source link

Installing BigCommerce for WordPress, Step by Step

Installing BigCommerce for WordPress, Step by Step

In this post we’re going to go through installing the BigCommerce for WordPress plugin, starting with a mostly empty WordPress install. But before we begin, I want to briefly note that if you’re new to Hostdedi and/or want to add a BigCommerce for WordPress retail plan to your existing Hostdedi hosting account, you can do so by visiting this page, selecting a plan and auto-installing BigCommerce for WordPress in one click. For those who need an enterprise-level solution, you’ll follow the steps outlined in this blog to manually install.

The BigCommerce for WordPress plugin is available on WordPress.org, like most plugins. This makes it easy to install, right from within the WordPress admin interface.

Start by logging into WordPress and in the left admin menu, choose Plugins ➞ Add New.

Easy to install bigcommerce from the plugin directory

 

Then in the top right search area search for BigCommerce. When the results appear, click on Install Now on the BigCommerce plugin.

Once it’s installed you’ll need to activate it.

To get started just click activate

As soon as the plugin is activated it will take you to an Onboarding Wizard to help you configure it properly. Your first step will be to either connect your WordPress site to an existing BigCommerce store or create a new BigCommerce store from right within WordPress.

The BigCommerce onboarding wizard starts automatically

For this post we’ll choose Create New Account.

BigCommerce just needs a few details to create your store

The form is longer than what you see in the screenshot, but it asks for normal contact information like address, city, state, zip, phone, etc.

When creating a new account like this it’s creating a free 15-day trial. If you decide you don’t like it, you can simply let it expire. If you decide you’d like to sign up for BigCommerce you may do that in your Account page in the BigCommerce admin area.

and set up a channel

Once you’ve created an account you’ll need to make a Channel.  Channels in BigCommerce allow you to specify what products appear in what storefront.  For example, Amazon can be a channel, and you can say “These products appear in Amazon”.

With WordPress, each WordPress instance in a channel, so you can show certain products on one WordPress site, and other products on another WordPress site.

Of course if you wish you may show all products on your WordPress site, but this Channel we’re making is the method by which that happens.

As shown in the screenshot above you may choose to have all products immediately imported or have none so that you may go back later and specifically choose which products get imported.

then select how to want to use the bigcommerce plugin

The next option is to choose a Full Featured Store or set up a Blogging store. If you choose Simple Blogging then it will skip helping you set up a Navigation Menu and disable the Cart and the Embedded Checkout. So customers will click to Buy a product and it will send them to the BigCommerce store. If you choose this and change your mind it’s easy to switch back later.

For this post we’re going to choose Full Featured Store.

Once you’ve chosen Full Featured Store, the next step is to optionally set up a WordPress Navigation Menu. Checkboxes are provided for all of the pages that BigCommerce creates during this install, including Product Listing Pages, Brand Pages, Category Pages, Shopping Cart, Checkout, etc. You can also choose a Menu Location, exactly like in the default WordPress menu builder.

After you complete the Navigation configuration you’re essentially done with setting up WordPress.  If you wish you can go into BigCommerce ➞ Settings and make some changes, but that’s not required.

The final page of the Setup Wizard offers some links to finish setting up your store, and these must be done before your store will function properly.  These things include setting up your payment gateway, taxes, and shipping.

Once these last admin things have been set up you’re ready to sell!

Learn more about the BC4WP plugin with Hostdedi here.

Source link

The 2019 Black Friday Ecommerce Prep Guide

The 2019 Black Friday Ecommerce Prep Guide

Every year, on the fourth Friday of November, shopping chaos unfolds.

Stores cut their prices, customers flock to their nearest outlets, and deals are had by everyone.

But not anymore. Thanks to ecommerce, customers no longer have to leave the comfort of their home to take part in Black Friday. Keeping an eye on advertisements and pre-event newsletters, customers can easily turn on their laptop, click add to cart, and checkout as soon as the clock strikes twelve.

For customers, this is great. For merchants, it means competition has only gotten more fierce (if you thought that possible). It’s no longer just about having the best deals; it’s about having the best visibility. 

Why Black Friday Matters

Black Friday is the busiest shopping day of the year, with American shoppers spending a record $5 billion in 2017. In 2018, this number then grew by 19%, with over 14.8 million online transactions recorded. With so much money up for grabs, Black Friday can be one of the most profitable days of the year for some businesses. In some cases, it even defines a stores annual profit. 

In the jewelry industry, for example, Black Friday can account for 40% of a business’s annual revenue. With such a large percentage from only a single day, these merchants are often forced to ensure their Black Friday campaigns do better year-over-year. The alternative is something many can’t think about. 

Hopefully, your sales are not so dependent on Black Friday. However, there’s still a lot of money available to those savvy enough to take advantage of the digital opportunities available to merchants. 

But with more demand and more customers, the chance of something going wrong only increases. If you want to be successful this Black Friday, you can’t treat it like any other sales day, or even any other sales event. 

Black Friday Ecommerce Statistics

According to NRF, shoppers who took part both online and in-store were up 40% from 2017, with multi-channel shoppers outspending single-channel shoppers by $93. This year, ecommerce merchants can expect to see another huge increase in online shoppers, following on from 2018’s substantial growth.

With Black Friday now online, shoppers no longer have to venture outside to chaotic shopping centers and can instead make their purchases from the comfort of their sofa. 

This is despite in-store shoppers declining by roughly 1%, and 44% of consumers saying they would shop online in 2017 vs just 42% in 2018. 

Industry Ecommerce Benchmarks for Black Friday

Prior to the 2018 Black Friday event, Blackfriday.com questioned their users on what they planned to look for in the sales. 

Industry Breakdown of Black Friday Ecommerce Interest

Clothing took top spot, with 23% of consumers aiming to score a good deal on fashion items. This was quickly followed by tech, with 22% of consumers looking for their next gadget. 

Towards the bottom of the pile was travel. With it being less of an impulse buy, just 9% of consumers aimed to find some travel deals for the coming year.

If you’re a clothes or tech merchants, Black Friday and Cyber Monday are going to be the days you want to get ready for. 

Getting Your Site Ready for Black Friday

Getting ready for Black Friday means getting ready for more than just the products you’re going to sell. Expect to see:

  • An increase in traffic
  • An increase in server strain
  • An increase in the potential for things to go wrong

We’ve seen it all too many times. Merchants who wait until the last second to address these potential pitfalls, and as a result: they fall. 

Getting yourself ready for Black Friday doesn’t have to be complicated, and it doesn’t have to be a lengthy process. But it will mean that you’re able to maximize ROI from the event, and secure your place among the Black Friday customer go-tos for years to come. 

Get Started Early

The earlier you start targeting Black Friday shoppers, the better results you’re going to have. Getting started early means ramping up everything from prep work to marketing strategy. 

Some merchants start their Black Friday marketing efforts as early as October, with others beginning to ramp up marketing in early September. 

When considering how early you will begin your marketing strategy, take a step back and analyze these factors.

 

  • Budget: How much do you have to spend on Black Friday marketing? Where should that budget be spent? Will you increase adwords spend, ramp up email products, or instead focus on more traditional print-media?
  • Resources: November is a resource-intensive time. Christmas is just around the corner, and depending on where you’re located, Singles Day is just a few short weeks ahead of Black Friday. Calculating ROI on resource spend is going to make a huge difference. You don’t want to run out of money before Black Friday has even started. 
  • Potential: While it would be great if we all had unlimited products and opportunities, that’s more often not the case. Perhaps you’re limited in terms of stock or fulfillment processes. The less potential for your Black Friday campaign, the less time should be dedicated to it. 

 

Once you’ve drawn a clear picture of these areas, it’s a good idea to outline the different channels and audiences your aiming to target and assign any associated dates. 

Getting Your Ecommerce Site (and hosting) Ready for Black Friday

If you’re running a Black Friday sale, that means you can all but guarantee an influx of traffic. That means more opportunities for something to go wrong. Don’t let it be your hosting platform. 

As the foundation of your site, hosting problems can mean slow user experiences, broken page elements, and, in the most extreme cases, site-wide outages. Luckily, there are specific steps you can take to ensure a smooth Black Friday experience for your customers and keep those conversions rolling in. 

What’s Your Limit?

How much can your hosting actually take? 

Every hosting package you purchase will have its limits. If your site is seeing more visitors than those limits can handle, then your site won’t crash. Instead, it will slow to a crawl, queuing page load requests until it eventually becomes long enough for the dreaded timeout. 

If you’re already seeing traffic hover around your limit, it’s definitely worth upgrading your hosting to the next level. If you’re running on the Hostdedi Cloud, you can also enable auto scaling in your Client Portal. Just a flick of a button and you’ll be set for any unexpected (or expected) traffic spikes. 

Prepare for International Sales

International sales can add a whole new level of complexity to a store. For the merchant, alternate payment options, different order fulfillment choices, and tweaks to content are only the start. On top of those, delivering digital assets to countries halfway around the world presents its own problem. 

Yes, digital transfer speeds are fast, but running your website through cables located under the Atlantic is going to lead to some lag, especially if demand is high (like on Black Friday). How can you solve this?

For most stores looking to serve international customers, purchasing a CDN add-on for their store will allow static assets such as images to be held in server locations around the world. This way, regardless of where your customers are coming from, they’re going to be able to access high-bandwidth assets from a local location. That means faster load times and more conversions. 

Check in with Our Support Techs… Why Not?

Our philosophy is that it’s always worth exploring every avenue available to you, to see if there’s something you’ve been missing. That’s why we recommend all of our clients expecting an influx of traffic during Black Friday to check in and see if there’s anything we can do to help.

There may not be. Perhaps you’ve already prepared your store for any eventuality. But what if you’ve missed something and it ends up coming back to haunt you? We’ll often reach out to clients we expect to encounter a problem, so keep an eye on your inbox. Or, start the conversation yourself. 

At the very least, it’s worth letting the team here know that you’re planning to run a sale over those dates, that way our team can take extra steps to keep an eye on your hosting platform and how it’s performing. 

Black Friday Ecommerce Strategy

Start Marketing Early

Any good Black Friday ecommerce strategy means ramping up interest before Black Friday actually begins. After all, some customers spend weeks looking for deals they’re going to jump on during the sales. 

Getting started early means promoting your company’s email newsletter through organic and paid channels. This will give you a lot of leads to follow up with once your really start marketing your discounts. 

The earlier you start marketing your Black Friday discounts, the more customers are going to come knocking on the big day.

Start promotions with enticing statements about how your sales event is unique. Statements like “Over 80% off this Black Friday, sign up to stay ahead of the curve” work well to draw in subscriptions, especially when they’re paired with tantalizing artwork. 

Get Creating Niche Gift Guides

You’ve got awesome products so why not let them market themselves? Your Black Friday marketing strategy doesn’t have to only be about target Black Friday shoppers. There’s a whole internet of customers you have access to. 

This means creating marketing material that will draw in those interested in your niche, but not Black Friday. 

Gift guides are a great way to target long tail ecommerce SEO keywords. They not only target Black Friday Shoppers, but everyone looking for your products. 

One of the best ways to do this is by creating a gift guide that suits your target audience. If you sell shoes, how about creating the ultimate gift guide to Men’s Fashion in 2019? If you sell hats, do the same thing. If you have a larger product range, make your gift guide broader. The possibilities are limitless. 

Prepare Upsells and Cross-sells

With the average person spending $289.19 during Black Friday in 2018, it’s the perfect opportunity to push upsells and cross-sells. This may be grouping items for an improved discount, or providing recommendations for related products during checkout. 

Just remember, a good upsell and cross-sell strategy revolves around providing your buyer value. Don’t just indiscriminately group items together, think of how grouping multiple items provides buyers with a benefit. 

For example, if you’re selling shoes, shoe care products are a great upsell. They can potentially increase the longevity of a product, fitting perfectly within the buyer narrative of saving money. 

If you’re selling a specific type of gift, think about other products that complement it. The more you think about and push the narrative of buyer benefit, the more you’re going to be successful here. 

Prepare Your Email Strategy

Did you know that 25% of Black Friday sales start with an email? At least, that’s what Custora says

That means you should be jumping on the email bandwagon if you want to maximize ROI. But how?

Great email campaigns start with two things: timing and subject lines. 

If you haven’t already, begin testing what times are best for sending emails to your customers. Which days of the week work best and when are they going to check their inbox? 

If you spend 1 hour creating the perfect email, spend 2 crafting the subject line. 

Then work on your subject lines. These sentences should be the core of your content. If you spend 1 hour creating the perfect email content, spend 2 crafting the subject line. The subject line will encourage opens, click-throughs, and sales. 

Learn how to tailor your emails to the customers with our guide to email personalization

Go Beyond Black Friday

There are four days of shopping to be had around Black Friday: not just Black Friday itself. Make sure to target each of these days individually.

Then, think about how your Black Friday marketing strategy can continue to bring sales in even after the sales event is over. Use it as an opportunity to increase reach, and audience knowledge of your brand. 

Don’t Shrug Off Black Friday in 2019

We’ve seen it all too often: merchants not preparing their stores for Black Friday and then suffering from site slowdowns and outages. Don’t let that be you. 

Talking to a sales rep to ensure you’re ready is one of the most crucial steps merchants can make in the run up to November 29th this year.

Interested in learning more about how Hostdedi solutions can benefit you? See some more benefits we’re offering merchants this year and get 75% off of new services or upgrades with code HolidayPrep19.

Source link

Hostdedi Amsterdam Data Center Launches Cloud Servers

Hostdedi Amsterdam Data Center Launches Cloud Servers

Four years ago, we expanded our European hosting services to include Amsterdam, arguably one of best-connected cities in the world. Now, we’re bringing the scalability and versatility of Hostdedi Cloud to our Amsterdam data center!

Why Amsterdam Matters for Ecommerce

Amsterdam hosts about one-third of Europe’s data center capacity, and for good reason. In North Holland (Netherlands) and near the Amsterdam Internet Exchange (AMS-IX), the combination of geography and technology provides reliable low-latency connections to France, Germany, Scandinavia, and much of eastern Europe. 

The city continues to stand as a center of information technology and ecommerce entrepreneurship, with proven network infrastructure and expansive connectivity to key EU markets. Amsterdam’s history as an international trade hub played will see further exposure this October, when the city hosts MagentoLive Europe, a gathering of 2,000 merchants and developers from around the world.

A Closer Look at the Amsterdam Facility

As a PCI-compliant hosting provider, we apply the same high standards of reliability and security that we apply to all of our data centers. The Amsterdam facility occupies a state-of-the-art data center only minutes away from AMS-IX and uses redundant Tier 1 carriers for dependable connectivity and speed. 

Sixteen generators and 2N redundancy keep the data center ready for nearly every power-loss scenario. As for security, the facility upholds triple-authentication access with biometric readers, as well as 24-hour manned security stations, intrusion detection, and camera surveillance. 

Cloud Services

With the launch of Amsterdam Cloud Services, our clients can expect the same security and performance already present in all of our global data centers. We built this platform to make it easier than ever for your service to grow with your business.All Hostdedi Cloud services include:

  • 24-hour support and monitoring
  • Free migration
  • PCI-compliant cloud hosting
  •  optimized application hosting for Magento, WooCommerce, WordPress, Drupal, and others. 

If you’re a Hostdedi Cloud client, you may also add:

  • Auto Scaling: Ensure your site stays online during foreseen and unforeseen traffic spikes. Be billed only for what you use, when you use it.
  • Cloud Accelerator: Boost your site’s delivery of static content (.jpg, .gif, .png, .bmp, .js, .css, among many others) to deliver a near-instant experience to your site visitors.
  • Instant Dev Sites: Create dev and staging environments at the touch of a button. Test changes without fear and maintain user security with auto-scrubbing of personally identifiable information (PII).


Questions? Our sales team has answers! Contact them at
[email protected] between 9 a.m.– 5 p.m. eastern, Monday to Friday.

 

Source link