CAll Us: +1 888-999-8231 Submit Ticket
The Ultimate Magento 2 Performance Checklist

The Ultimate Magento 2 Performance Checklist



At Hostdedi, we spend a considerable amount of time optimizing our infrastructure to make your Magento 2 store faster. After years of research and development, we’ve pulled together the ultimate Magento 2 performance checklist:

  1. Remove unused modules: Magento 2 comes with many pre installed modules that aren’t always needed. Yireo created a great module to disable the optional modules you don’t need through composer. The idea behind the module is quite simple: you replace any unused module with nothing to avoid loading unused modules and classes. This module and a complete how-to can be found here: https://github.com/yireo/magento2-replace-tools
  1. Enable CSS/JS minification and merging: Minifying and merging CSS files can greatly improve load times and the general performance of your store by cutting the number of requests your site makes when loading a page. You can minify and merge CSS and JS files from the admin panel by navigating to the Developer tab under Stores > Configuration > Advanced (keep in mind this tab will only show if you are using developer mode). Magento recommends using a 3rd party plugin like Baler or MagePack for JS bundling given that Magento’s bundling mechanisms are not optimal and should only be used as fallback alternatives.
  1. Enable production mode: While this one might seem simple, the number of sites we see using a different mode in Magento is staggering. No one should be running Magento 2 in production in a different mode, but we still see too many stores running on either default or developer mode. The best way to switch modes is via CLI: 

php bin/magento:deploy:mode:show

to see which mode is your store using and 

php bin/magento deploy:mode:set production

to set production mode

  1. Use Redis for session/default and full page cache: Redis is one of the most used key/value database engines and Magento 2 comes with integrated support to use it as a both session storage and default/full page. To configure your store to use Redis, run the following commands from your root folder:

bin/magento setup:config:set --cache-backend=redis --cache-backend-redis-<parameter_name>=<parameter_value>...

bin/magento setup:config:set --session-save=redis --session-save-redis-<parameter_name>=<parameter_value>...

You can find a complete list of Redis configuration parameters and values for sessions here and for the full page cache here

  1. Use Elasticsearch for Magento’s catalog search: Since Magento 2.4, MySql was deprecated (and removed) and Elasticsearch was introduced as the catalog search engine, greatly improving the speed and results of the searches. To enable Elasticsearch, navigate to your admin panel and under Stores > Settings > Configuration > Catalog > Catalog > Catalog Search you will find a tab called Search Engine. Configure your store to use your Elasticsearch endpoint, click Test connection and if everything worked, you’re all set. You can find the complete list of parameters to configure Elasticsearch here.
  1. Use Varnish to speed up your response time/TTFB: You either love or hate Varnish but at the end of the day, it greatly improves the TTFB, and if configured correctly, it can do wonders for the general usability and user experience of your site. Magento 2 features an out of the box integration, making Varnish configuration really simple. To configure Varnish, navigate to Stores > Settings > Configuration > Advanced > System > Full Page Cache, select Varnish from the Caching Application list and configure the rest of the options. A full list of all the parameters you can use to configure Varnish can be found here

You can also configure Varnish from the CLI by running:

php bin/magento config:set --scope=default --scope-code=0 system/full_page_cache/caching_application 2

  1. Use a CDN: A content delivery network is normally used to store media and static assets at edge servers near your customers for faster delivery. This means your assets are physically closer to your customer, resulting in faster response times. Configuring a CDN for Magento is not as straightforward as it should be but it can be achieved by using the admin and navigating to Stores > Settings > Configuration. Under General, click on Web and expand the Base URL sections. Once there, update the Base URL for Static View Files and Base URL for User Media Files with the URL of your CDN endpoint where static view and javascript files are stored. Do the same for Base URLs (Secure) and once done, click Save config. You might need to flush/clean your cache for this change to take effect. If everything worked as expected, you should be seeing your CDN url being used to serve most of your site’s static files.
  1. Enabling the Asynchronous email notifications, Asynchronous order data processing: during times of high concurrency, you might want to move processes that handle checkout, order processing email notifications and stock updates to the background. To enable async email notifications, go to Stores > Settings > Configuration > Sales > Sales Emails > General Settings > Asynchronous Sending

You can activate Asynchronous order data processing from Stores > Settings > Configuration > Advanced > Developer > Grid Settings > Asynchronous indexing

When enabled, orders will be placed in temporary storage and moved in batch to the Order grid without any collisions.

While there are no real magic tricks, we tried this guide in our cloudhosts and ended up with an A and a page load under 2 seconds on GTMetrix 🥳

If you’d like assistance enacting these changes, or are interested in our Managed Magento offering, please reach out to our award-winning support team 24/7/365 at [email protected].

Source link

What Is PCI Compliance? – Hostdedi Blog

What Is PCI Compliance? – Hostdedi Blog

When it comes to processing payments online these days, most people don’t even bat an eye. Shoppers are paying with credit cards, over email, and through Facebook, but for ecommerce sites, payment security risk aversion is integral to how they do business.

Here’s how to make sure that your clients’ sites are staying compliant, and what to do when you’re dealing with an out of date application that’s reached end-of-life.

What does it mean?

First of all, let’s get our heads around what PCI compliance even means.

Originally set by the major credit card companies, the PCI Security Standards Council formed these parameters for payment processing compliance to protect their cardholders from security threats and fraud.

Using a set of qualifications to determine the safety of a point of sale terminal or ecommerce website, these standards are now mandatory best practices between businesses who process card payments and their customers.

The standards for PCI compliance are as follows:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks 
  • Use and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

For developers, a separate set of standards has been set by the PCI SSC to ensure websites are processing electronic payments securely:

  1. Do not retain full magnetic stripe, card verification code or value (CAV2, CID, CVC2, CVV2), or PIN block data
  2. Protect stored cardholder data 
  3. Provide secure authentication features 
  4. Log payment application activity
  5. Develop secure payment applications
  6. Protect wireless transmissions
  7. Test payment applications to address vulnerabilities
  8. Facilitate secure network implementation
  9. Cardholder data must never be stored on a server connected to the Internet
  10. Facilitate secure remote access to payment application
  11. Encrypt sensitive traffic over public networks
  12. Encrypt all non-console administrative access
  13. Maintain instructional documentation and training programs for customers, resellers, and integrators
  14. Maintain instructional documentation and training prog

Penalty fines for non compliance can range between $5,000 and $100,000 a month, and inevitably wind up being the merchant’s responsibility. Additionally, merchants can face steeper transaction processing fees, or even the inability to process electronic payments for their customers in the future for non-compliance.

What Developers Need to Know About PCI Compliance

Thankfully, payment applications and payment gateways have taken care of much of the technical side of ensuring that payments are processed securely. As a developer or site builder, your primary responsibility where PCI compliance is concerned is to ensure that your applications meet the PCI SSC’s standards and stay up to date.

PCI compliance standards are determined by the volume of transactions which a merchant processes. The merchant is assigned a compliance level requirement based on the volume of business that he or she does, and the security of their sites may be tested by an approved scanning vendor, or ASV.

Source

Ecommerce sites fall under PCI SAQ 3.1 and have the following standards:

Whether your client requires an ASV really depends on which payment processors and ecommerce applications you’re running their site on. These charts depict the flow of data, so that you can determine whether your client’s site will need an ASV or not.

The burden of site security is ultimately on the site administrator, which may be you. If that’s the case, the strongest prevention for noncompliance is pretty straightforward:

  • Make sure plugins stay up to date
  • Ensure that software updates and security patches get installed
  • Maintain stringent server security standards
  • Make sure ecommerce applications are up to date

What End of Life Means for PCI Compliance

Recently, Magento 1 reached end-of-life, putting thousands of ecommerce sites into a compliance grey area when Adobe stopped issuing official security updates.

While the ecommerce application itself represents only a small part of what PCI compliance truly entails, for merchants still running their ecommerce sites on Magento 1, the important thing to note is there will no longer be security patches and updates issued for the platform. They’re on their own unless they’ve invested in a solution like Hostdedi Safe Harbor

This primarily applies to number seven in the list of PCI compliance measures for developers:

Test payment applications to address vulnerabilities.

With Magento no longer looking after security updates for Magento 1 users, it begs the question: can an ecommerce site be PCI compliant on an ecommerce application that’s reached end of life?

Yes. Hostdedi has done it with Safe Harbor. 

What to Do When a Platform Reaches End of Life

Magento was built on Hostdedi servers. When Magento 1 started approaching end of life, our engineering team jumped to work developing a solution that would allow merchants to decide for themselves when to migrate.

For many Magento 1 store owners, making the move to Magento 2 in the wake of COVID-19 wasn’t financially realistic. Site migrations are expensive and complex, and with so much upheaval and uncertainty, many were understandably scared to make the leap.

So the engineering team at Hostdedi came up with a compromise. Hostdedi Safe Harbor was built to address Magento 1 end-of-life, keeping ecommerce sites and stores owners PCI compliant until at LEAST the end of 2021, so they can migrate on their own time.

With regular security patches made by the team who literally started with Magento, Hostdedi is able to keep Magento 1 sites and stores PCI compliant until they’re ready to make the switch.

End of life doesn’t have to mean the end of PCI compliance.

Get more time, and keep customer data safe with Hostdedi Safe Harbor.

Click here to learn more about Hostdedi Safe Harbor, or open the chat window at the bottom right of your screen to speak to sales.

Source link

Magecart Attacks Again: the Latest on CardBleed

Magecart Attacks Again: the Latest on CardBleed

Only a couple of weeks after the first vulnerability with an associated CVE was discovered for Magento 1 after its end of life, reports about a large scale Magento 1 hack attempt surfaced. 

While stats are not definitive, as of today, around 3,000 sites were hacked. This attack, usually referred to as MageCart, is the most common type of attack against Magento 1 and it’s typically used to collect user credentials and credit card information from the application inputs and exfiltrate data to remote servers.

After carefully reviewing public reports and our WAF logs, Hostdedi identified the threat and swiftly added a fleet-wide block for /downloader. We also isolated the malicious content added to this prototype.js file and have removed it from every file, leaving the original malicious file as backup (prototype.js.bk) for the client’s reference. 

We already had filters for this, mostly against brute force attacks. But given that Magento discontinued Magento Connect after June 2020, we decided to block access and only re-enable it upon request for certain IPs. 

This is one of the biggest differences between a code based Magento 1 maintenance package versus a hosting-based approach. While almost every project issued notices and recommendations, they all required user intervention. 

Our approach was to deploy a fix to the entire server fleet without any user intervention.

While a few stores were impacted, the immense majority remained safe because of the infrastructure and systems we already had put in place. This foundation, plus our swift action, helped thousands of Hostdedi stores and customers to remain secure.

In addition, we released Nexcess_CSP for our Safe Harbor users. Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of attacks including Cross Site Scripting (XSS) and data injection attacks usually known as MageCart. This module helps any Magento 1 store to set CSP policies, avoid and report XSS attacks and has 2 main objectives:

  • Mitigate cross site scripting: disallowing the communication to certain URLs by specifying the domains that the browser should consider to be safe sources of scripts.
  • Mitigating package sniffing attacks: specifying which protocols are allowed to be used; a server can specify that all content must be loaded using HTTPS.

We did not find any intrusion for stores that had CSP_Nexcess installed and properly configured.  Hostdedi Safe Harbor provides an extra layer of protection against this type of attacks, which are likely to continue.

The best kind of protection against external attacks is a mix of server side protection in the form of a WAF plus modules and patches to keep your store protected.

Keeping your Magento 1 store fully operational means protecting it against known vulnerabilities. If you have yet to invest in Safe Harbor, this hack illustrates the importance of staying secure.

Hostdedi Safe Harbor is a sound foundation to keep your sites and stores protected while you are on M1.

Source link

Why DTC Ecommerce Matters More Than Ever Today

Why DTC Ecommerce Matters More Than Ever Today

In 2020, DTC ecommerce has proven to be another sensible way to reach your customers, and many brands are looking at starting from B2B and transitioning to direct to consumer.

Those of us working in ecommerce have been seeing the shift for a while now. As more and more stores transitioned their inventory online, the ecommerce boom wasn’t just happening – it was inevitable.

Fast forward to spring of 2020 though, and NOBODY could have predicted what happened next. 

Massive store closures triggered the single largest exodus from brick and mortar the world has ever seen, with more than 100,000 small businesses in the US alone closing for good as a result of the COVID-19 shutdowns.

But small businesses weren’t the only ones to take a hit. Larger retailers like Neiman Marcus have filed for bankruptcy in the last few months, and that list continues to grow.

All things considered though, the pandemic has thrown into sharper relief the need for a stronger ecommerce presence for many of these retailers. Record-breaking numbers are rolling in for ecommerce for 2020, including a growth spurt that put the industry four to six years ahead of schedule.

The Problem With Wholesaling During COVID-19

Even in spite of many shoppers setting their sights online, manufacturers saw major hits to their B2B sales as brick and mortar stores shut down. Those relying on wholesale relationships to float their revenue took devastating hits in the midst of the shutdowns.

As consumers turned to ecommerce sites like Amazon though, the fallout continued. In mid-March, Amazon restricted their B2B purchasing of nonessential goods in the wake of unprecedented demand for household staples.

As Amazon made room in their warehouses for hand sanitizer and toilet paper, purchase orders for nonessential goods rolled to a trickle or stopped completely, and manufacturers saw B2B sales plummet.

In the scramble to recover these revenue losses and brace for a potential second wave of retail shutdowns, many manufacturers are turning to DTC ecommerce models.

What Is DTC and a DNVB?

DTC stands for direct-to-consumer. It’s an ecommerce model wherein the brand sells directly to consumers, rather than through retailers, essentially cutting out the middleman. Some DTC evangelists will tell you the goal is to handle production, sales, distribution, and marketing under one roof and never go wholesale, but in 2020, it’s proven to just be another sensible way to reach your customers, and many brands are looking at starting from B2B and transitioning to DTC.

A DNVB is a digitally native vertical brand that starts this way. Best typified by brands like Avocado Green Mattress and Allbirds, DNVBs typically start with a simple product line (typically one or two options), clear, crisp branding, and a strong mission-driven component.

With brick and mortar sales remaining unstable and manufacturers now dealing with the fallout from their Amazon backlogs, DTC ecommerce is looking more attractive all the time – and consumers are taking notice, too.

Mission-Driven Shoppers Are Fueling the Fire

Interestingly, DTC brands are creating evangelical customers and devoted fan bases centered around two things:

  1. Amazing products
  2. A unifying brand mission

Consumer data shows that millennials now make up the majority of buying power in the US, and are 63% more likely to purchase from a brand because of their mission and values. 

This data, coupled with the boom the DTC sector has seen from innovative consumer goods startups has created a replicable business model that’s looking all the more attractive to manufacturers who entered the industry through wholesaling.

Four Components of a Successful DTC Ecommerce Site

Over and over again, we see brands killing the game in DTC ecommerce, and the best of them have a few things in common:

  1. Clean branding. Visually-driven shoppers respond to powerful messaging and clean logos. Brands like Tushy and Anese are leading the pack with memorable branding that leaves a mark in a saturated market.
  1. Smooth UX. At Hostdedi, we know that an ecommerce site’s performance is directly linked to its ability to generate revenue. The best DTC ecommerce sites have an intuitive layout, load fast, and have a smooth interaction with their shoppers.
  1. Simple product lines. They say simplicity sells, and that’s certainly the name of the game in DTC ecommerce. Strong DTC brands typically have one or two flagship products they make their mark with and expand on.
  1. Strong missions. The data supports that today’s consumers are more conscious of their purchasing decisions than ever. Making your mission clear and building your brand around it (instead of as an afterthought) will literally win you more sales, and good karma.

Is It Time for You to Go DTC?

If COVID-19 has taught us anything in ecommerce, it’s that you can’t have enough backup plans. Diversifying how and where you sell your products makes all the sense in the world. Those high-volume retail POs may seem nice for a while – until they vanish, and your revenue vanishes with it.

Build resiliency, connect with your customer base, and get in on the thrill that is DTC ecommerce. Talk to one of our experts today about what it would take to get your brand online and selling DTC.

Source link

Hostdedi Magento Cloud vs. Magento Commerce Cloud

Hostdedi Magento Cloud vs. Magento Commerce Cloud

One of the misconceptions about the Enterprise version of Magento 2 is that you have to use Magento Commerce Cloud for hosting. Or that Magento Commerce and the AWS-based Cloud solution are one and the same thing. Magento Commerce Cloud hosting for your Magento store is built by Adobe and includes powerful features (modules) like page building progressive web applications (PWAs). Hostdedi Magento Cloud is hosting for your Enterprise Magento Commerce store, or your Magento Open Source Store with features for professionals like high scalability, development/staging environments, and PCI compliance.

In this post we’re going to clear up the misconceptions between these two very different platforms.

Magento Commerce Cloud was created about two years ago after Magento was sold to Adobe. It’s their official solution for hosting Magento and it has a lot of good things going for it:

  • Magento Commerce Cloud includes common functionality for your Magento store
  • They allow progressive web apps (PWA)
  • They have a cloud based infrastructure for scalability

But it’s important to remember that Adobe, even though they own Magento, is the new kid on the block. They’re still learning how to build & optimize the infrastructure needed to power a Magento site.

Building a Solid Infrastructure

Magento Commerce Cloud is great at including product features. But they’re still building their entire stack on someone else’s infrastructure. What does that mean?

It means, if you have a problem with your website, you first have to bring it to Magento Commerce Cloud team. And they have their standard Service Level Agreement (SLA) to respond to you. If in that time, they discover a problem with the underlying infrastructure, they’ll submit a ticket to Platform.sh – the company that maintains their infrastructure.

So your SLA is built on top of the SLA from another company. That means solving any potential problems could take twice as long. Not great if you have a problem that negatively impacts your store and you lose money every minute it’s not fixed.

Hostdedi Magento Cloud is built on our own infrastructure. Hostdedi has one SLA, and because we own the infrastructure, we can solve all of the problems ourselves and we don’t need to rely on any other companies. This means less finger pointing, more informed support, and faster resolution.

Experience

The other big difference between Hostdedi Magento Cloud and Magento Commerce Cloud is that we aren’t brand new to this space. Magento was literally built on our servers back in 2007 – before Magento v1 was even released (Magento v1 was officially released March 2008). 

We saw the opportunity of Magento back in 2008 when brick & mortar stores first started moving online to avoid the worst of the Great Recession. We helped brand new stores get started with Magento and we learned a lot about it in the process, like exactly how many PHP workers were needed, what caching systems were most effective, and which Magento settings are worth enabling. We distilled everything we knew to create the very first Magento specific hosting solution. 

We also wrote the book on Magento Best Practices and shaped the Magento community by siege testing Nginx vs Apache and settling that debate. We’ve improved and continued optimizing and put out a new book for Optimizing Magento 2.

Contributing Open Source Libraries

Besides optimizing hosting for lightning fast websites, Hostdedi also created Turpentine which was the first varnish cache for Magento. You can take advantage of this on any hosting that uses varnish. 

We also created security extensions and continue to contribute to Magento core.

Plan for Exploding Growth 

Most hosts, including Magento Commerce Cloud, give you a certain number of resources that you must remain within. If you go over a bandwidth threshold you might have to pay more – or if you have too many people on your site at a time, it slows down to a crawl. 

Hostdedi created our first Magento plan during a time when everyone was getting online and then immediately started outgrowing their small plans. We’ve also been around for over a dozen Black Fridays so we’re used to seeing retailers needing extra resources on demand. That’s why we built auto scaling into all of our plans.

If you have a post that goes viral or your Black Friday sales really take off, we have you covered with additional PHP workers which keep your website snappy and your visitors happy.

Conclusion

Adobe Magento Commerce includes a lot of nice product features and it can be easily managed in the cloud. Hostdedi Magento Cloud is both more established and leads the way with the most efficient & affordable infrastructure you can find.

Source link

The eCommerce Guide to International Shipping Costs

The eCommerce Guide to International Shipping Costs

If a product in your ecommerce store has global appeal, start thinking about a plan for shipping internationally. Shipping overseas isn’t the same as shipping within the country. 

Here’s a primer on the customs issues, international shipping costs, and other logistics you’ll manage as you begin shipping around the globe. Keep in mind that there’s rarely universal truth in international shipping. Get individualized quotes for your own products so you know how much it’ll really cost. 

What is international freight and what is the cheapest international shipping? 

Since shipping overseas is usually more complicated than domestic shipping, international freight logistics can present some unique challenges for eCommerce businesses. Some companies specialize in international freight and handle the logistical challenges for you. 

For small orders sent to your customers, you probably won’t have to think too much about customs issues. Even if you do outsource this process entirely, however, it’s worthwhile to learn more about how international shipping works for your products. You’ll be more adept at troubleshooting and improving your shipping processes. 

Shipping domestically can be very straightforward. You pay a single amount and your package gets delivered. But costs associated with international shipping may include the following: 

  • Customs charges 
  • Customs brokerage costs
  • Ground transportation
  • Maritime transportation
  • Air transportation 

When you ship, you’ll need to choose a carrier to transport your package for you. There are three different types of carriers, and they all work a bit differently. They also frequently work together. Even if you choose one of these, it’s possible that your carrier will contract out part or all of the shipping to another one on this list. 

International Carrier 

If you choose an international shipping carrier such as FedEx or DHL for the entire route, some or all of your shipping costs may be rolled into your postage. International carriers are responsible end-to-end for shipments and generally permit more visibility across the entire process than a national carrier working with a shipping partner would. 

This option may be more expensive than the other two and doesn’t necessarily allow you as much flexibility, but it’s likely a simpler and less time-consuming choice. 

National Carrier

A national carrier handles your packages within a specific country. They may not provide service outside that nation’s borders, or they may contract with local carriers to transport packages through other countries. You can work directly with a national carrier, but you’ll need to ensure that someone is still transporting the packages once they leave national borders. 

One example of a national carrier is the United States Postal Service (USPS). USPS has international reach by working with local partners to transport your packages. When a partner is delivering a package, USPS may not allow as much visibility into the shipping process which means you may not have access to much information when you ship internationally. 

For a small package that only weighs a few pounds, choosing a national carrier might be cheaper than your other options. Larger or heavier packages may be better off with an international carrier or freight forwarder. 

International Freight Forwarder

A third party can organize the handoff between USPS and the final carrier while also handling any customs issues. This is what an international freight forwarder does. They have permission from you to take on freight and have their own agents handle the customs and shipping logistics along the way. 

You could use multiple carriers and arrange the logistics yourself but in practice, this may be too complicated and time-consuming. That’s where outsourcing can make sense. For example, you may decide to ship a package from within the U.S. to the Canadian border through USPS, then have another carrier take it from there. 

Cheapest Way to Ship Internationally

Shipping to other countries is not just one process. There’s so much that depends on the country. To send your products overseas, consider the end country destination and plan accordingly. 

Consider these country-specific sections for more information. This is just a starting point, so be sure to do your own research just to be safe. 

Cheapest Way to Ship to Canada

Shipping to Canadian consumers can be complex. Although you generally shouldn’t have a problem shipping to most Canadians, Canada is a diverse country with a variety of different shipping arrangements and options. Some Canadians live in very isolated, rural areas that may make shipping a more expensive process while others are in urban areas with an abundance of affordable shipping options. 

Retailers must be prepared to work hard in order to win Canadian customers. Having convenient shipping is a good start. Whatever you can do to make purchasing from you easier is probably worthwhile. 

Online purchases made by Canadians do incur customs duties and other taxes, and paying these is the responsibility of the buyer. Although these costs are not coming out of your own pocket, you should know that these expenses do directly impact how much your shoppers can spend with your business. By keeping costs for your customers low, you could even offset some of these expenses and make it more likely that you’ll win their business. 

Besides import costs, Canadians also pay sales taxes for their province and a Goods and Services Tax (GST) to their federal government. GST represents 5%  of the total. Local sales taxes bring this amount higher. 

If your products are relatively cheap, you probably won’t lose business because of import duties. Recent updates to customs processes and costs mean that Canadian customers ordering from American businesses are exempt from paying customs costs on purchases up to $150 CAD, with some exceptions. This is up from the previous $20 CAD limit set in 1985. The old $20 rules still apply with items shipped through Canada Post, so keep in mind the larger limit only applies to private carriers such as FedEx. 

When you ship to Canadians, you have a lot of options. 

Shipping Options for Sending Items to Canadian Buyers

Canada Post, the national postal service, is one great option for retailers. You can also use FedEx, UPS, DHL or Purolator. Here’s where you may also want to consider Canadian geography when you’re shipping. Some of your customers may live in isolated communities and you may need to account for longer shipping times. As a result, some carriers such as FedEx, have different policies within Canada. FedEx Ground ships in four days or less within the US, but in Canada, takes up to seven days for shipments. 

You can use an individual carrier or use a multi-carrier shipping option that hands off packages to a new carrier at the border. Although the usual U.S. carriers you’re probably familiar with are available, the additional choices you gain within the Canadian border may be worth it. Purolator, for example, is known for reliable next-day shipping by 9 a.m. and 10:30 a.m. to Canadian addresses. When shipping packages, having this option available to customers may be a helpful selling point. 

Cheapest Way to Ship to the U.K.

In the U.K., eCommerce businesses have several options for shipping within the country such as the Royal Mail and DHL. You also have UPS international, FedEx, and even USPS international shipping. Shipping to the U.K. can be an expensive venture with a USPS Small Priority Mail Flat Rate box costing $36 and a Large Flat Rate box costing $94. Your costs will certainly be higher than shipping domestically, but that doesn’t mean shipping to the U.K. is completely cost-prohibitive for retailers. 

Imported goods need to follow the U.K. guidelines. Some of this may involve more work and recordkeeping on your part unless you outsource part or all of this process. 

You should find out if you’ll owe Value Added Tax (VAT) and have to collect it for your customers. Many eCommerce sellers are required to create their own VAT registration and request information from customers to help with location verification and tax reporting — even if you’re not based in the U.K. 

These rules may change. At time of writing, the U.K. was planning to leave the European Union which could result in different policies. 

Cheapest Way to Ship to Australia

When you’re shipping to Australia, you have several options. You can use an international carrier such as UPS, FedEx, or DHL. You could also use USPS. With Flat Rate International options available, you can reduce your costs for shipping a package to Australia. 

Customs costs may not be as much of an issue for you if your products are valued at less than $700 — which is about the minimum taxable amount for Australians who are buying products online and having their purchases shipped. GST imposed by the Australian government applies for more expensive purchases. 

If you use a freight forwarder or shipper, they’ll provide a Self-Assessed Clearance (SAC) Declaration for the Australian government when your package arrives at the border. Otherwise, you’ll be responsible for providing the SAC. 

Cheapest Options for International Shipping

You can streamline your international shipping and save money by creating a process. If you want a game plan for how you’ll ship internationally when orders arrive, take the time to decide in advance which countries you’ll be selling to, and create a system for taking care of shipping. As your business operations grow, you may need a more formal internal process for packaging and shipping including designated job descriptions for team members you have in charge of the process. For automated or outsourced shipping, plan how you’ll transport packages to the carrier, or sign up for a pick-up service. 

Your cheapest overall option may be outsourcing your shipping to a service such as Parcel Monkey or Easyship. These services can take advantage of volume discounts on international shipping and pass the savings along to you. In some instances, this can cut half of your shipping costs. 

Before you make any shipping decisions, carefully consider your options and find out what every shipping service has to offer for your business and your customers. 

Choosing the Best International Shipping Service

Business owners should shop around and consider several important factors when looking for the right shipping service. Start with an example order and calculate the cost and options offered by several different carriers. 

Before you make a list of carriers to compare, you may want to consider what you’ll need in a package shipping service. Specifically: 

  • Product categories you ship
  • Countries you ship to 
  • Countries you plan to ship to later as your business grows 
  • How much of the regulations and customs process you need to outsource 

See how every option stacks up against the others and note any questions or concerns you have for further research. Of course, you’ll also want to compare: 

  • Price
  • Arrival time 
  • Convenience for your customers
  • Shipping experience for you 

Every time you ship internationally, you have the option of using one single carrier or using a multi-carrier shipping option. 

Automating Your Shipping with the WooCommerce Shipping Plugin 

If you’re using WooCommerce, a shipping plugin can help you ship more efficiently. Balance multiple carriers along with a busy array of incoming orders and have costs calculated for you. A variety of different plugins are available with various features designed to make shipping calculations easier and enable quick comparisons among carriers. 

With a plugin, your site can calculate shipping rates accurately and provide customers with multiple choices. This feature allows you to provide different price points and shipping times so buyers can make their own decisions. 

Once you’ve automated your shipping, your online store can run with less guesswork and greater simplicity for both you and your customers. 

Source link

Hostdedi Magento Cloud vs. Magento Commerce

Hostdedi Magento Cloud vs. Magento Commerce

One of the misconceptions about Magento is that you have to use Magento Commerce for hosting. Or that they are one and the same thing. Magento Commerce hosting for your Magento store is built by Adobe and includes powerful features (modules) like page building progressive web applications (PWAs). Hostdedi Magento Cloud is hosting for your Magento store with features for professionals like high scalability, staging websites, and PCI compliance.

In this post we’re going to clear up the misconceptions between these two very different platforms.

Magento Commerce was created about two years ago after Magento was sold to Adobe. It’s their official solution for hosting Magento and it has a lot of good things going for it:

  • Magento Commerce includes common functionality for your Magento store
  • They allow progressive web apps (PWA)
  • They have a cloud based infrastructure for scalability

But it’s important to remember that Adobe, even though they own Magento, is the new kid on the block. They’re still learning how to build & optimize the infrastructure needed to power a Magento site.

Building a Solid Infrastructure

Magento Commerce is great at including product features. But they’re still building their entire stack on someone else’s infrastructure. What does that mean?

It means, if you have a problem you first have to bring it to Magento Commerce. And they have their standard Service Level Agreement (SLA) to respond to you. If in that time, they discover a problem with the underlying infrastructure, they’ll submit a ticket to the company that maintains their infrastructure.

So your SLA is built on top of the SLA from another company. That means solving any potential problems could take twice as long. Not great if you have a problem that negatively impacts your store and you lose money every minute it’s not fixed.

Hostdedi Magento Cloud is built on our own infrastructure. Hostdedi has one SLA, and because we own the infrastructure, we can solve all of the problems ourselves and we don’t need to rely on any other companies. This means less finger pointing, more informed support, and faster resolution.

Experience

The other big difference between Hostdedi Magento Cloud and Magento Commerce is that we aren’t brand new to this space. Magento was literally built on our servers back in 2007 – before Magento v1 was even released (Magento v1 was officially released March 2008). 

We saw the opportunity of Magento back in 2008 when brick & mortar stores first started moving online to avoid the worst of the Great Recession. We helped brand new stores get started with Magento and we learned a lot about it in the process, like exactly how many PHP workers were needed, what caching systems were most effective, and which Magento settings are worth enabling. We distilled everything we knew to create the very first Magento specific hosting solution. 

We also wrote the book on Magento Best Practices and shaped the Magento community by recommending Nginx instead of Apache (which for a company specializing in LAMP stack is pretty radical). We’ve improved and continued optimizing and put out a new book for Optimizing Magento 2.

Contributing Open Source Libraries

Besides optimizing hosting for lightning fast websites, Hostdedi also created Turpentine which was the first varnish cache for Magento. You can take advantage of this on any hosting that uses varnish. 

We also created security extensions and continue to contribute to Magento core.

Plan for Exploding Growth 

Most hosts, including Magento Commerce, give you a certain number of resources that you must remain within. If you go over a bandwidth threshold you might have to pay more – or if you have too many people on your site at a time, it slows down to a crawl. 

Hostdedi created our first Magento plan during a time when everyone was getting online and then immediately started outgrowing their small plans. We’ve also been around for over a dozen Black Fridays so we’re used to seeing retailers needing extra resources on demand. That’s why we built auto scaling into all of our plans.

If you have a post that goes viral or your Black Friday sales really take off, we have you covered with additional PHP workers which keep your website snappy and your visitors happy.

Conclusion

Adobe Magento Commerce includes a lot of nice product features and it can be easily managed in the cloud. But Hostdedi Magento Cloud is both more established and leads the way with the most efficient & affordable infrastructure you can find.

Source link

Magento 1 End of Life: It’s July. Is your store safe?

Magento 1 End of Life: It’s July. Is your store safe?

We made it to July. Congratulations.

I’m guessing your online store, if you’re running Magento 1, is still standing – even if companies large and small were telling you that the “end of life” situation with Magento 1 was dire. If you’ve been reading things we’ve written already about it, you know we were big fans of being honest without creating alarm and stress.

But now we’re here – past Magento 1’s end of life, and we
need to ask the question, the one you’re likely asking yourself already. Is your store
safe?

I think there are four ways to answer that question.

Is your store’s code safe?

The good news is that nothing about the code that was
running on your site last month has changed this month. What worked last
quarter will work this quarter. Files didn’t suddenly go bad or corrupt. And
there weren’t any special protections on your files or code that expired.

The End of Life declaration for Magento 1 code from
Adobe/Magento means that if some new bug were found, they wouldn’t be creating
patches any longer. But that is a statement about the future, not about the
code that has been running your store up until now.

So the answer to this version of the question, is yes, as of
right now, your code is safe.

Is your store safe to handle financial transactions?

Another way to ask the question is whether the code itself
is good to handle financial transactions. In other words, will your store
remain PCI compliant? And the good news again is that there hasn’t been any
sudden change that would make your store out of compliance simply because Adobe
has said they want you to move to Magento 2 now.

That said, we’re not answering this question flippantly. The
reality is that PCI compliance is a constant and ongoing dynamic that requires
that everyone stay vigilant with compliance scans. If a scan comes back with a
gap or issue, the only way to stay compliant is to address the issues.

But if Adobe / Magento aren’t publishing patches and your
scan comes back with a vulnerability, how do you handle it? It’s a great
question and the driver behind our creation of the Hostdedi Safe Harbor
program
. We have your back.

Nevertheless, at this point, shy of something changing,
you’re good to go with handling transactions unless your payment gateway
decides to stop supporting their Magento 1 module.

If that happens, we
strongly suggest you check out Stripe
, who has a commitment to keeping
their Magento 1 module going for their customers.

Is your store safe from external attack?

Another way to ask the safety question is to wonder about
external attacks – malicious players who know that we’ve reach the end of life
for Magento 1 and they want to take advantage of the situation.

Most hosts have some level of protection against bad actors.
This kind of question is something you should ask them directly about.

What I can tell you about Hostdedi is that we’ve been hosting and supporting Magento 1 merchants since Magento was created. We know the codebase and we’ve created dedicated hosting solutions for stores of every size. Along with that, we’ve created a best-in-class security infrastructure that supports Magento 1 stores.

But if your current host doesn’t give you some great
answers, or if they tell you that your only answer is to migrate your store to
Magento 2, then I’d love to introduce you to our Safe Harbor
program
, which provides malware detection, firewalls and IP protection, and
so much more.

Will your store continue to stay safe?

The last way I think about this question of safety is about
the condition of your store as things continue to evolve and change.

One of the things we talk about here a lot is the evaluation
and transition that many merchants have been considering to other platforms –
like Magento 2, WooCommerce, Shopify and
BigCommerce.

Every one of those transitions, if they happen, take time.
So what do you do if you want to start that kind of transition but still want
to keep your Magento 1 store safe? Some of these migrations take months, others
can take quarters.

The good news, and you’ve seen me reference it multiple
times already, is our Hostdedi Safe Harbor
product
that isn’t a long-term contract. It’s a month-to-month solution
that provides protection even as you consider and potentially begin a migration
of your store.

No matter what, there’s a way to keep your store safe

As you can see, any way you ask the question, the answer
remains the same. With Hostdedi as your hosting partner, we’re here to help you
feel confident about running your Magento 1 store. No matter what, there’s a
way to keep your store safe.

Source link

Financial Health for Your eCommerce Business

Financial Health for Your eCommerce Business

So you’ve got a great product, and a great website to sell it, but does your eCommerce business have the right financial processes in place to survive? 

According to a recent survey by Small Business Trends, about 90% of eCommerce businesses fail in their first 4 months. Process-related issues like “running out of cash,” and/or “price and costing issues” were cited by at least a third of their respondents – circumstances that are often preventable by developing & sticking with business procedures.

These processes and procedures are often collectively referred to as “financial hygiene.” Just like our personal hygiene keeps us healthy, we need to maintain good financial habits to preserve our financial health. 

  • Hire a CPA When Launching Your Business
  • Open Your Mail 
  • Maintain Accounting Controls
  • Reconcile All Financial Accounts
  • Anticipate Expenses
  • Keep an Eye on Debt

Hire a CPA When Launching Your Business

A Certified Public Accountant (CPA) can help you set your business up correctly. If you’ve already launched, he or she can still get your bookkeeping going in the right direction before costly problems arise. 

It’s true that software like Sage and Quickbooks make it easy to do your own bookkeeping. In fact, most CPAs are happy to help you learn how to work with accounting software. But failing to properly set up your chart of accounts can leave you in the dark, with a setup that’s poorly designed for your particular industry or situation.

As an example, I once served on a board where the accounting software wasn’t telling us anything about our financial position. All of our revenue went into one account called “general revenue,” and all of our expenses came out of one account called “general expenses.” Sure enough, our reports were pretty meaningless. 

The Meaningless Company’s income statement only shows general revenue and general expense. It tells you nothing.
The Meaningless Company’s income statement only shows general revenue and general expense. It tells you nothing.

Establishing a few accounts that captured how our funds were coming in and going out made our finances come alive.

The Meaningful Company’s chart of accounts allows much more information to flow to the income statement.
The Meaningful Company’s chart of accounts allows much more information to flow to the income statement.

Same bottom line, but just a few minutes spent looking at it could tell you:

  • Left handed widgets are far less profitable than the regular ones (compare sales and the cost of making them)
  • Even though you took in more money than you spent, you lost money selling widgets. Selling a piece of equipment masked a serious shortfall.

Proper bookkeeping throughout the year allows you and your CPA to anticipate your tax liabilities and plan ahead. It also makes the process of creating your tax return relatively simple, because your business expenses are already properly allocated to the right categories, like automotive expense, travel expenses, meals, and so on. 

Without proper bookkeeping, your expenses must be figured out after the fact (if you still can). Many deductions are lost because a business owner did not keep adequate records and receipts to attest to them.

A CPA or a qualified business consultant should also help you develop realistic budgets and goals for your business, so that you can develop forecasts and know how much capital you need to launch your business.

Open Your Mail

You might be surprised how many business owners neglect to open their mail (whether electronic or postal) and take care of it. Sure, much of it will be junk, But taking care of your bank statements, government notices, and customer correspondence will keep your business on track and keep small problems from turning into bigger ones. 

For example, a government notice that your sales tax payment is missing generally comes with a small penalty and interest charge – if you catch it the first time – but these costs soar if you ignore the initial notices.

Set aside a time at least once a week (preferably more often) to go through everything and process it:

  • Pay bills
  • Deposit checks 
  • Respond to customer complaints or concerns (even the difficult ones)
  • Respond to vendor, bank and government notifications

You may think the advice to “deposit checks” above is unnecessary. But I was once asked to shred a number of old documents for a client, and found almost a dozen unopened envelopes with checks in them totaling over a thousand dollars – checks that were now long out of date.

If something comes in that you simply don’t understand how to handle, talk to your CPA or another trusted advisor. One of my college instructors gave my class simple advice that has always stuck with me: 

“Bad news doesn’t get better with time”

Maintain Accounting Controls

As your business grows, the items mentioned above are often the first things a business owner wants to delegate. However, maintaining good accounting controls dictate that you, the business owner, personally perform certain tasks whenever possible. 

If you have someone else writing your paper checks, you should still sign them. You may have someone else reconciling your bank statements, but you should still read them. The mundane task of checking the PO box has saved more than one business owner from continued fraud or theft within their organization, because they noticed an invoice or other document that didn’t make sense and tracked it down.

Reconcile All Financial Accounts

Reconciling bank and credit card statements should be performed monthly. Reconciling statements means comparing them to your records to ensure the totals are the same. Online banking and the daily transaction download to your accounting software is a good thing, but reconciling keeps your records accurate and provides a check on whether the amounts being stated are going where you believe they’re going. 

For example, Quickbooks may assume that a downloaded transaction for $100 matches a transaction you’ve already entered for $100. But those amounts may just happen to match, and in fact the transaction you entered may still be outstanding. 

Reconciling accounts forces you to track down all of these transactions, and is also a second chance to notice where payments have been made. For example, you may have thought you put Google AdWords on hold, but find that it’s still being charged to a credit card.

Taking inventory of your finished goods, work in progress, and raw materials periodically also helps you to keep your business records on point – and can help you discover it if things are going missing.

Anticipate Expenses

Some expenses, like ordering inventory and paying shipping bills, are predictable. Others, like payroll, taxes, and loan payments, come in at different times (weekly, bi-weekly, monthly, quarterly, or even annually). 

It may be tough to keep track of how much you will owe at different times. To make it even more tricky, payroll expenses are often automatically deducted from your account, ready or not!

One solution for this is to maintain a cash flow forecast that accounts for all anticipated future expenses in the next few months. Another approach that many business owners use, especially for payroll expenses, is to maintain a separate bank account. By transferring the gross (i.e. total) amount of payroll expense to it each pay period, the business owner can effectively save up for monthly and quarterly payroll taxes as they come due. 

Dedicated checking accounts are also sometimes used for significant business expenses like inventory. Depositing a portion of the money from all sales into an inventory checking account means you are always financially ready to order more inventory.

For expenses that are predictable, but that will be realized at somewhat unpredictable intervals (like the payroll and inventory examples), the additional bank accounts are preferred by many business owners because they provide a clearer picture of where they stand, without having to make calculations on the fly. 

For example, if you need a new $2,000 computer in a hurry, you have $6,000 in the main bank account, and you know that your next payroll is already transferred to the payroll account, you know you’re able to buy the computer. 

You’ll still need to do cash flow forecasting, but having a few dedicated checking accounts for those critical functions described above will help you stay organized, and your business should have money for your priorities.

Keep an Eye on Debt

A certain amount of debt may be inevitable in a business, especially when it’s starting up and/or growing. But unless you carefully monitor debt, your access to credit may mask serious issues with cash flow and profitability in your business. You may simply wake up one day and find that your credit cards and/or business line of credit are tapped out. 

To avoid this, you should monitor your debt – check your balances at least once a month to make sure they’re heading down, not up. Keep a spreadsheet so that you see how these balances are changing over time. Creeping debt is much easier to correct before it gets completely out of hand than it will be later when you’re running out of credit and paying a lot of interest.

Financial Hygiene – It’s Good for You!

You went into business because you had a great idea, not because you love accounting. Bookkeeping chores, reading emails, and other administrative tasks may feel like nothing but distractions from reaching your goals. But staying on top of them is the best way to control the risks you run in business!

Source link

What is PWA? Using Progressive Web Apps for your Magento Store

What is PWA? Using Progressive Web Apps for your Magento Store

What are Progressive Web Apps (PWAs)?

Let’s begin by answering the question – what is PWA? PWA stands for Progressive Web Apps. Progressive Web Apps are a pattern for building web applications using HTML, CSS, JS and modern web browser APIs to bring a native-like experience. PWAs combine the best of 2 worlds: web and native apps. Like other mobile applications, PWAs are easily installable and make development work simpler for any merchant trying to reach as many customers as possible.

While the feature parity between Progressive Web Apps and native apps is not 1:1 just yet, PWAs have come a long way since inception. Features like instant loading, push notifications and offline navigation/purchase are now widely available no matter which PWA implementation you choose. 

They won’t be the right approach in every case – for example, if you need a feature that’s not available on a Web browser or through an API, you will likely need to go the native route. But PWA capabilities are continuing to expand and what may require a native app today, might be PWA-worthy tomorrow. Project Fugu is a good place to see what’s coming and what’s being worked on right now.

Why are PWAs such a big deal?

PWAs come with an incredible set of features that were once reserved for native mobile apps alone. While regular web apps have tremendous reach in every device with a browser, at the end of the day these apps are just a webpage in a browser. 

Native apps are another way to reach mobile users but they must be developed for one platform / operating system at a time. PWAs enable development of a single app for multiple platforms. This streamlined approach is something mobile developers have been anxiously waiting for – easily reaching every potential customer no matter what operating system they are using. 

They also solve one of the most challenging issues developers face: distribution. Since you don’t need to publish these apps in a marketplace, you can just add a few lines to your manifest and make PWAs easily installable with a couple of clicks. Results drive a consistent customer experience that they expect through a native application but with PWA, they get a standalone experience, completely separated from the Web browser. 

This means a full-screen experience with no URL bar, the ability to install the PWA and dock it to your device home screen instead of visiting a regular webpage plus everything a Service Worker has to offer. 

Instead of the legacy way of updating via form submission and waiting for approval and publishing of the new version to the App Marketplace, changes made into any PWA are immediately available the next time you are connected to the Internet and open the app. PWA installation is now a standard feature available in all major mobile browsers, as well as Chrome and Edge on desktop.

How does PWA help Magento merchants?

Let’s face it: the Magento 2 frontend was already old when it was released and we’ve seen how that plays with frameworks like Prototype.js and Knockout.js. 

The JavaScript ecosystem evolves quickly and constantly following the hottest frameworks, developer trends, and updated best practices. This makes it challenging to keep up when having to maintain separated codebases. 

PWAs are particularly attractive to merchants using Magento 2 because it reduces front-end development complexity, giving you flexibility, extensibility, and opportunity to deploy resources to develop new features. Developers can implement almost everything in the regular Magento 2 frontend at a fraction of the cost and time by using any of the available APIs.

How can customers run a PWA on Hostdedi?

We’ve made it easy to run PWA on the Hostdedi platform. We’ve created a step-by-step guide for how to install Magento’s official PWA PoC, Venia storefront. This resource outlines how to build, compile and transfer this PoC to one of our servers without the need to start and maintain middleware services.

Source link