CAll Us: +1 888-999-8231 Submit Ticket

The Ultimate Magento 1 to Magento 2 Migration Guide

Still on Magento 1? Today might be a good time to start working on a migration plan to a newer platform. In this guide, we will cover the process of migrating your data and customizations from Magento 1 to Magento 2.

While Adobe stopped supporting the original Magento software in June 2020, there’s a good chance  you are still using Magento 1 to sell your products online. This is not inherently bad, given that there are products like Hostdedi Safe Harbor where you can get expert Magento 1 support for a fair price, but at some point it’ll be wise to replatform to a solution that’s being actively developed using the latest practices and technologies. 

With that in mind, we created the ultimate Magento 1 to Magento 2 migration guide.

Here’s what you need to know:

Data:

The first step should always be assessing what’s going to be migrated and what’s going to be left out of this process. This is a great opportunity to reduce your site’s footprint and make it lightweight. 

Do you really need all those product variations? How about the CMS pages you created for marketing and special events? Once you decide what’s going to be migrated over to the new platform, there are several tools you can use to automate the process. A complete file and DB backup is recommended before beginning the migration just in case it doesn’t complete and files are removed or modified in the process.

Magento released their own migration tool to handle some entities, including stores, websites, and system configurations like shipping, payment, tax settings, created orders, reviews, changes in customer profiles, plus all operations with orders, products and categories. That tool can be found here.

There will be data that needs to be manually migrated and that usually includes media files, storefront designs, access control lists and admin users. A how-to guide for manually migrating entities can be found here

Integrations:

Most of the stores we see at Hostdedi contain several 3rd party integrations: ERPs, PIMs, CIMs, CRMs, etc. Ads and marketing integrations are the most common ones used for Magento.  

Almost none of these integrations can be migrated automatically due to the differences in architecture between Magento 1 and 2 but the good news is that vendors usually offer migration tools and even modules for both versions, making this migration work simpler. 

Contact your preferred vendor and ask about their Magento 2 module andchances are you won’t have to develop these integrations from scratch. In the case where there’s no official Magento 2 module for the integration you need, check the Magento Marketplace to try and find a matching module for your integration. 

Extensions:

While Magento 1 used to include a web installer to download and install modules, Magento 2 completely removed this feature for security reasons. Sites with more than 100 modules were not common back then and code quality checks were almost on existent.

With the new Marketplace implementing quality checks, the quality of Magento’s extensions has improved dramatically. And while installation is not as simple as it used to be, a consistent standard is being met and code issues are less common for Magento 2. 

Bloated sites with multiple extensions doing the same thing is extremely common in Magento 1 and replatforming to Magento 2 is a good opportunity to remove any unused module to avoid extra classes being loaded and performance degradation. 

Look and feel/Themes:

Theming is often dismissed as “not that important” or “just design” but the truth is it’s a key part of the user experience. Both Magento 1 and 2 had frontend technologies that were already old when they were released (Prorotype.js and Knockout.js), but nowadays there are better options like PWAs or hybrid approaches developers can enjoy developing. There’s not much that can be directly ported between Magento 1 and 2 when it comes to themes and front end implementations, but given the rise of headless and PWA implementations and the API coverage, it has never been simpler to develop modern and usable front ends for your ecommerce store.

Hosting:

It’s really important to keep in mind that the performance profile of Magento 2 is very different from Magento 1. Don’t leave your server sizing and decisions for last and always remember to test your builds in an environment as close as possible to your live production. The infrastructure requirements are different as well with software like Varnish and ElasticSearch being supported out of the box or as system requirements.

Sizing the resources you need might not be as simple as it was with Magento 1 and that’s why the usual recommendation is to reach out to your hosting provider with some historical data to get a quote. Magento 2 is a resource hogging beast and should be treated as such. While developers love to set up production environments, they often forget you actually have to maintain those with security updates and patches. Going the Managed Cloud route should be a simple decision if you don’t already have an in-house sysops team with previous experience with Magento clouds.

Conclusion:

We developed Hostdedi Safe Harbor to provide the updates and security needed by M1 stores post-EOL as they consider their next steps. If you’re a Hostdedi customer and not on Safe Harbor yet, it’s a simple add and can buy you time. Planning for migration early in 2021 will give you the runway you need to make a solid choice for your next platform and be ready for your store’s next phase of success – especially in time for Holiday. The most important takeaways are to understand how different Magento 1 is from Magento 2, ensure you’re looking at all your options, and feel confident in the choice you make for your next platform.

While guides like this are helpful, most of the work required for migration will need to be done by a system integrator or a development agency and having a good technological partner will help you solve common issues and scale when needed. We’re here to help with referrals or even to bat around ideas. You can explore more about Hostdedi here.

Source link

Elasticsearch in Magento 2.4: It’s not just a good idea; it’s required

When Magento 2.4 was introduced in July 2020, Elasticsearch became a requirement. If you haven’t already upgraded, you’re going to want to take action as soon as possible to deliver the best possible experience to your customers. 

What is Elasticsearch?

We’ve all gone to sites where the search function returned results that were incomplete, irrelevant, unfilterable, or otherwise difficult to make sense of. For quite some time, Elasticsearch has been a popular solution to improve search results. It allows merchants to tune search results based on frequency, recency, popularity, and other factors. It helps shoppers get to the results they want, minimizing the effect of typos, words out of order, and other all-too-human gaps in the input.

Because it’s proven so useful, Magento made it a required component in Magento installs of version 2.4 and beyond. To be specific, Elasticsearch 7.6.x is the recommended version for Magento 2.4.

So whether you’re a Main Street merchant or a multi-million dollar brand, older hosting environments will need to be upgraded. Which makes it a perfect time to take the leap to a hosting provider that will do more than just keep you online. 

Hostdedi containers support Elasticsearch (and more)

Hostdedi Managed Magento plans support many services including Elasticsearch with Cloud Containers. Containers allow you to add the services you need for your Magento installation, sized with the resources required for your site, including:

  • Elasticsearch (the search utility that’s now required in Magento 2.4)
  • RabbitMQ (an open source message broker that helps websites to exchange data)
  • Solr (another search utility, popular with Magento 1 merchants)
  • Varnish (reduces server load by caching dynamic content)

Hostdedi Magento plans are available in sizes XS through 2XL to meet the needs of  Magento merchants of all sizes. And if your site has outgrown the solution you’re currently running, our dedicated server offerings are also equipped to handle Magento 2.4.

For Dedicated servers, Elasticsearch 7.6 may require other updates

Our Dedicated Servers and Cluster solutions are set up with CentOS7, Apache 2.4, and PHP 7.4, as required for Elasticsearch 7.6. If you are using an older hosting solution, you may find that the upgrade to Magento 2.4 requires an update so that these versions are current.

Whether you’re already hosting your Magento site with Hostdedi or you’re currently hosted elsewhere, Hostdedi support makes migration to a Magento 2.4-ready environment easy (and free). We’re at-the-ready to support your compliance for Magento 2.4 whenever you are. 

Learn more about all the benefits of Hostdedi Managed Magento here

Source link

75% Off 3 Months of Managed Hosting: Position Yourself for Your Best Year Yet with Our Best Deal Ever

In 2020, a year that has been so hard on so many businesses, we are grateful for the resilience and determination of the agencies, sites, and stores that rely on Hostdedi. 

Thank you for being our customers.

2020 Was a Game-Changing Year In Ecommerce

Let’s face it – 2020 was BANANAS. In this year alone, small businesses took massive hits in revenue, and nearly 100,000 closed their doors for good. Others have thrived.

Adaptability and resilience has been the name of the game for 2020. As brick and mortar businesses closed their doors due to COVID, ecommerce sales surged. Total online spending by May had skyrocketed by $52 billion, a 77% year-over-year increase.

This year was also an unexpected boon for ecommerce developers. In an industry already rife with demand, ecommerce development agencies saw an increase in demand for new websites. The total number of ecommerce sites, as of this year, now stands at over 24 million.

Where Ecommerce Companies Are Still Losing Revenue

The caveats to success in ecommerce are still there, however. Pages that load in more than three seconds deter 40% of traffic, and an estimated $18 billion in revenue per year is still lost due to cart abandonment.

Ecommerce is thriving, and the opportunity is growing rapidly. By 2040, it’s estimated that 95% of all purchases will be made online. That is astounding!

The problems with ecommerce still exist though, and now more than ever, it’s time to ensure your digital commerce site is speed optimized for conversions.

Positioning Yourself for Your Best Year Yet

No matter how wild it gets out there, Hostdedi is going to keep on giving you hosting you can count on. That’s been our focus throughout this crazy year – continue innovating, keep your sites online and safe, maintain fair prices, and keep providing the tools you need to stand up a new ecommerce shop, or maintain an old one. 

This Black Friday, we’re gonna keep on keeping on by offering our customers our BEST SALE EVER. This is truly one for the record books, folks. Hostdedi has never offered a discount this deep. 

We’re offering an unprecedented 75% Off 3 months of our most popular plans with code JOYFOR2021.

No matter what happens in 2021, you can count on Hostdedi to keep making it easy and affordable to start your own online business or migrate to a hosting provider who is a true partner in business.

Source link

This Is What Happens When Your Magento 1 Site Gets Hacked

In June of 2020, Magento 1 reached end-of-life. This put the platform’s 200,000 sites at risk for malware attacks, and opened them up for the potential to incur heavy fines. 

We’ve been urging our Magento 1 customers to either replatform or to install Hostdedi Safe Harbor as a stop gap for PCI compliance. In the meantime, stores on Magento 1 remain vulnerable to attack, and their customers’ data is still at risk.

What Does It Mean When a Platform Reaches End of Life?

Magento 1 has been around a LONG time in software history. For the past 13 years, this platform has been home to hundreds of thousands of online businesses, from growing small businesses, to enterprise level operations.

But after over 10 years of service, Magento 1 has become obsolete, and Magento has shelved the platform for updates. That means their teams will no longer be developing security patches and updates for Magento 1 – the platform will remain stagnant.

Stagnant platforms that aren’t proactively monitored and updated for security do not meet the standards set by the PCI Security Standards Council, and may fall out of compliance as threats to the platform emerge.

Why End of Life Presents a Problem for Compliance

PCI compliance standards were originally set forth by a coalition of banks to ensure that online businesses were proactive about protecting their customers’ data. Using a set of standards, the PCI Security Standards Council keeps online businesses from taking a laissez-faire approach to how they handle online transactions.

The standards for compliance are as follows:

  • Install and maintain a firewall configuration to protect cardholder data
  • Do not use vendor-supplied defaults for system passwords and other security parameters
  • Protect stored cardholder data
  • Encrypt transmission of cardholder data across open, public networks 
  • Use and regularly update anti-virus software or programs
  • Develop and maintain secure systems and applications
  • Restrict access to cardholder data by business need to know
  • Assign a unique ID to each person with computer access
  • Restrict physical access to cardholder data
  • Track and monitor all access to network resources and cardholder data
  • Regularly test security systems and processes
  • Maintain a policy that addresses information security for all personnel

As you can see, all of the above distilled into one lesson comes down to this: if your business is not proactive about security, you will not be PCI compliant. If you’re not PCI compliant, you’re subject to hefty fines and penalties.

What Happens If Your Online Store Isn’t PCI Compliant?

The results of noncompliance are scary. 

It’s not just the right thing to do for your business, it’s the right thing to do for your customers. Running a store on an end-of-life platform can put thousands of people’s data at risk, opening you up to such a high-level of liability that your business might not even survive it.

Fines for noncompliance are typically passed along to the merchant, and can range from anywhere between $5,000 and $100,000 per month until compliance is achieved.

Banks may also choose to terminate their relationship with a noncompliant business, leaving you scrambling to replace your financial institution and payment processor.

Perhaps the most unsettling consequence of all of it is this: the loss of your customers’s trust. Picture them scrambling to protect their own financial information from your site’s security failure. Picture the headlines when the media picks up the story.

It’s not pretty, and it’s completely preventable.

What to Do When You Can’t Afford to Re-Platform

Look, we’re not being heavy handed about this to be jerks about it. This is serious stuff, but we’re also sensitive to the fact that at this point, a migration or replatform isn’t financially realistic for some businesses.

Businesses have struggled during the pandemic. Estimates are that small businesses have seen revenues plummet by a whopping 52% in 2020.

If your business doesn’t currently have the funds for a migration or replatform, you have another option.

Use Safe Harbor for Magento 1 PCI Compliance

A migration from Magento 1 to Magento 2 can cost anywhere from $50,000 to $100,000. For only slightly  more than you’re paying for your current Magento 1 hosting plan, Hostdedi Safe Harbor will keep your store secure until you’re ready to re-platform. Safe Harbor is a simple security add-on that uses sophisticated custom security patches from our Magento team to keep stores compliant post end-of-life. 

Current estimates are that Safe Harbor will be able to keep Magento 1 stores secure and compliant well into 2022, giving your company plenty of time to transition to a new platform, or to migrate to Magento 2.

In the wake of Magecart attacks and other security threats that have surfaced since Magento 1 reached end of life back in June, Safe Harbor has continued to protect those stores’ and proactively monitor emerging threats.

Learn More About Safe Harbor

Keep Your Magento 1 Store Security with Magento Experts

Magento’s first beta version was born here on Hostdedi servers. Since 2007, our company has been intimately aware and involved with this platform, and has cultivated technology alongside it that enables developers and businesses to build online businesses to scale.

With a full-time Magento Master on staff, world class 24-hour support, and a dedicated team of sysops engineers and security pros, Hostdedi has your back through your platform’s end-of-life.

Learn More

Source link

Doing Product Pages Right – Hostdedi Blog

How much effort have you put into your product page? Yes, I know you found information and images from the manufacturer and added them. Sure, you named the product and maybe if you were really working on good product pages, you took an extra picture of the product in use to highlight what it really looks like to your customers.

But I know most ecommerce sites don’t even go that far.

About 10 years ago I worked in retail and one of my jobs was to add products to our site, but only after everything else was done and if the boss couldn’t find anything extra for me to do. This was shortsighted and meant that they didn’t see much business from their online store. But if you don’t put any effort into your product pages, the natural outcome is little traction with your site.

It’s important to remember that your online users can’t touch your product. They can’t ask a salesperson a question or get specific feedback on how the product worked for someone they can talk to. Customers are reliant on the information you provide them to help them make a purchase.

Today we’re going to talk about how to design a great product page. Remember, from the product name to the reviews, your product page is a landing page. Its job is to sell your products to your customers.

Product Name

If your product page is a landing and sales page, then the first thing you need to look at is the name of your product. This is the title of your page and you should spend just as much time thinking about this as you would for any blog post you want to rank well in search engines. The more descriptive your product name is, the better it is, at least up to a point.

We’ve all seen ridiculously keyword-stuffed Amazon product titles. We want to use a descriptive product name, but not crossover into the realm of these overloaded titles.

Take a look at these Mpow headphones on Amazon.

If you’re looking for waterproof Bluetooth sports headphones with controls on the headphones, the title is a great match. I think it’s getting close to being a bit long, but just by reading the product name, you get a summary of all the features that the headphones provide.

When you’re looking at your product names use the Google Keyword Planner to investigate what terms are ranking well for your product. Use these terms to help you craft a well-optimized title that will bring customers to your landing page.

Description

When it comes to your product description, the first thing to ask yourself is “what questions will myom customers have”. A description that answers your customer’s questions poorly will mean they make a purchase they’re not happy with. Then they’ll want to return it, and you may get a poor review on the product.

According to Nielsen Group, 20% of missed purchases were because a product didn’t have the information a customer was looking for in the description. If users don’t see the information they’re looking for in your product description, they’re going to turn to Google. That means you risk having them find the product at a better price elsewhere. Making your customers search to get more information is just like losing the purchase and all future purchases from your customer.

As you write your product description ask yourself what questions the customer will have about your product? Your goal is to answer the questions and deflate the objections that customers will have so that they feel confident in their purchase.

Good product descriptions are jargon-free. They’re not heavy on marketing text, but are to the point and clear. If you’re talking about 5 different feature highlights, use bullet points so that readers can scan to get the information they need quickly.

If you’ve got many of the same types of products, say dishwashers, then take the time to standardize the language across suppliers. Don’t list measurements in inches for one product and then centimetres for other products. Standardize on one method, or if you deal with international clients let them choose what measurement they want to see. You can see a great example of this with Apidura Cycling bags. They let users change between inches and centimetres for their bag measurements. This puts their users in control.

Product Images

After your product name and description, it’s important to focus on the images you provide to your customer. Remember, they can’t touch the product. They can’t tell how big it is, or exactly what shade of blue it is. They are relying entirely on you to provide this information with your images.

There are two ways to go with product images. You can choose to use a backdrop with other stuff that matches the product, or you can go with a flat white version. Keep the style consistent including the dimensions used with the final images. I think the best option is to have a combination of both of these options.

Bellroy is a great example of both methods combined. They show you several images of their products on a flat white background. They also add it with known items, like physical bills and blank cards that are the same size as credit cards. You get to see high-quality uncluttered photos to judge colour and texture, then clean photos that help you get an idea of the size of items you’re looking at.

Bellroy also provides high-quality images for each color option for a product. You don’t have to guess based on a color swatch, you can see exactly what you’re choosing as you make changes.

While this may look like a lot of work, it’s just a bit of work and a small investment. You don’t need a fancy camera. Any smartphone in the last few years will do. If you don’t have natural light, then you will need to purchase a consistent light source. You can usually find the Godox SL60W for under $200. If you’re dealing with small products and want to have an extra clean background, then look at a softbox. You can find these on Amazon for as little as $30.

With a light source and a softbox, all it takes is a bit of practice. Take a bunch of test images from different angles. If you spend a weekend playing around you’ll improve greatly so that you can get good images for Monday.

If you’re looking for a great walkthrough on product photography, check out the video below by Peter McKinnon.

Once you’ve got the images, take a few minutes to edit them for color and contrast. Most people use a sized template so that every image on the site is the same size. 

If you’re not sure what this means, it’s like having a company letterhead you always use. In this case, it’s a Photoshop file that’s 2000X2000 and every image you take goes on the same template so that your site images look uniform. 

Then once you have your images on the template looking how you want them, save them out in a web format. Look to keep them under 700kb if possible. To help with this at the final stage you can use tools like Kraken to optimize the images as you upload them.

Putting some effort into your product images will help your store stand above the competition.

Adding To Cart

Next, your add to cart button. There are a few mistakes that many sites make with this crucial interaction. First, make sure that users can see the button without scrolling across all devices. It should be obvious and a contrasting color from the rest of your site so that it stands out. You can see a good example of this on MEC below.

Note that they have a nice product image, and the purchase button is in a vibrant green and stays with the customer as they scroll on a mobile device.

You also need to make sure that it’s clear to the user something happened when they add something to the cart. Luckily WooCommerce has this as a default with a banner being displayed to a user after a product has been successfully added to the cart.

The second most important interaction after your main purchase button may be the option to add a product to a wishlist. A good spot for this is just below the main purchase CTA. I have many wish lists on Amazon for when I’m ready to revamp parts of my office. I already have my desk video setup all picked out in a wishlist. When it’s time to purchase I just need to add all those products to my cart, and then checkout.

Showing your product in use can show how easy it is to use to customers that are concerned about that. Yes, it might mean some duplicate information, but highlight the benefits and deflate the objections with your videos, just like you do with your marketing copy. Some studies suggest that a good product video increases conversion to sale by 84%. Videos are also known to have higher click through rates in search.

You can see this if we head back to Bellroy. The first thing that comes up with their products is a video of their product in use. 

Just like good product photos don’t have to be a huge investment, decent video doesn’t have to be a huge investment. The light I recommended above is a great video light. Your recent smartphone is a decent video camera. Add a lavalier microphone to this setup for $50 and you’ve got a good video setup.

Pricing

When it comes to pricing, it’s pretty straight forward. Make sure you don’t hide any price increases from your users. If the blue version is more expensive, change the price when the user selects the blue version (don’t worry both WooCommerce & Magento do this out of the box). Just under the price is also a good place to add product availability information. Don’t let your customers try to add something to the cart only to find that the product isn’t available in their chosen combination of size and color.

Social Proof: Reviews

Did you know that user reviews are 12 times more powerful at convincing people to purchase than your marketing copy is? That means you need to employ ratings on your site. Display the overall rating, usually stars, at the top near your product title and description. Then after all the product information your customers want, display the reviews you’ve gathered from users.

It’s important to make your reviews filterable, and don’t censor bad reviews. I’ve often read the bad reviews for a product to find the pain points and then purchased because I don’t care about any of the major issues with it.

One great plugin to help enhance the reviews on your site is WooCommerce Product Reviews Pro. This plugin will let you add product photos and user videos to your reviews to supercharge your social proof.

Remember, your product page is a landing page and should be optimized for search engines and to convert visitors to customers. As I said when I talked specifically about mCommerce, make sure that you A/B Test the changes you’re making to your product pages to help ensure that they’re having the effect you expect. If you can put a bit of effort into your product pages, you’ll see big rewards in your sales.

Source link

The Ultimate Magento 2 Performance Checklist



At Hostdedi, we spend a considerable amount of time optimizing our infrastructure to make your Magento 2 store faster. After years of research and development, we’ve pulled together the ultimate Magento 2 performance checklist:

  1. Remove unused modules: Magento 2 comes with many pre installed modules that aren’t always needed. Yireo created a great module to disable the optional modules you don’t need through composer. The idea behind the module is quite simple: you replace any unused module with nothing to avoid loading unused modules and classes. This module and a complete how-to can be found here: https://github.com/yireo/magento2-replace-tools
  1. Enable CSS/JS minification and merging: Minifying and merging CSS files can greatly improve load times and the general performance of your store by cutting the number of requests your site makes when loading a page. You can minify and merge CSS and JS files from the admin panel by navigating to the Developer tab under Stores > Configuration > Advanced (keep in mind this tab will only show if you are using developer mode). Magento recommends using a 3rd party plugin like Baler or MagePack for JS bundling given that Magento’s bundling mechanisms are not optimal and should only be used as fallback alternatives.
  1. Enable production mode: While this one might seem simple, the number of sites we see using a different mode in Magento is staggering. No one should be running Magento 2 in production in a different mode, but we still see too many stores running on either default or developer mode. The best way to switch modes is via CLI: 

php bin/magento:deploy:mode:show

to see which mode is your store using and 

php bin/magento deploy:mode:set production

to set production mode

  1. Use Redis for session/default and full page cache: Redis is one of the most used key/value database engines and Magento 2 comes with integrated support to use it as a both session storage and default/full page. To configure your store to use Redis, run the following commands from your root folder:

bin/magento setup:config:set --cache-backend=redis --cache-backend-redis-<parameter_name>=<parameter_value>...

bin/magento setup:config:set --session-save=redis --session-save-redis-<parameter_name>=<parameter_value>...

You can find a complete list of Redis configuration parameters and values for sessions here and for the full page cache here

  1. Use Elasticsearch for Magento’s catalog search: Since Magento 2.4, MySql was deprecated (and removed) and Elasticsearch was introduced as the catalog search engine, greatly improving the speed and results of the searches. To enable Elasticsearch, navigate to your admin panel and under Stores > Settings > Configuration > Catalog > Catalog > Catalog Search you will find a tab called Search Engine. Configure your store to use your Elasticsearch endpoint, click Test connection and if everything worked, you’re all set. You can find the complete list of parameters to configure Elasticsearch here.
  1. Use Varnish to speed up your response time/TTFB: You either love or hate Varnish but at the end of the day, it greatly improves the TTFB, and if configured correctly, it can do wonders for the general usability and user experience of your site. Magento 2 features an out of the box integration, making Varnish configuration really simple. To configure Varnish, navigate to Stores > Settings > Configuration > Advanced > System > Full Page Cache, select Varnish from the Caching Application list and configure the rest of the options. A full list of all the parameters you can use to configure Varnish can be found here

You can also configure Varnish from the CLI by running:

php bin/magento config:set --scope=default --scope-code=0 system/full_page_cache/caching_application 2

  1. Use a CDN: A content delivery network is normally used to store media and static assets at edge servers near your customers for faster delivery. This means your assets are physically closer to your customer, resulting in faster response times. Configuring a CDN for Magento is not as straightforward as it should be but it can be achieved by using the admin and navigating to Stores > Settings > Configuration. Under General, click on Web and expand the Base URL sections. Once there, update the Base URL for Static View Files and Base URL for User Media Files with the URL of your CDN endpoint where static view and javascript files are stored. Do the same for Base URLs (Secure) and once done, click Save config. You might need to flush/clean your cache for this change to take effect. If everything worked as expected, you should be seeing your CDN url being used to serve most of your site’s static files.
  1. Enabling the Asynchronous email notifications, Asynchronous order data processing: during times of high concurrency, you might want to move processes that handle checkout, order processing email notifications and stock updates to the background. To enable async email notifications, go to Stores > Settings > Configuration > Sales > Sales Emails > General Settings > Asynchronous Sending

You can activate Asynchronous order data processing from Stores > Settings > Configuration > Advanced > Developer > Grid Settings > Asynchronous indexing

When enabled, orders will be placed in temporary storage and moved in batch to the Order grid without any collisions.

While there are no real magic tricks, we tried this guide in our cloudhosts and ended up with an A and a page load under 2 seconds on GTMetrix 🥳

If you’d like assistance enacting these changes, or are interested in our Managed Magento offering, please reach out to our award-winning support team 24/7/365 at support@nexcess.net.

Source link

Magecart Attacks Again: the Latest on CardBleed

Only a couple of weeks after the first vulnerability with an associated CVE was discovered for Magento 1 after its end of life, reports about a large scale Magento 1 hack attempt surfaced. 

While stats are not definitive, as of today, around 3,000 sites were hacked. This attack, usually referred to as MageCart, is the most common type of attack against Magento 1 and it’s typically used to collect user credentials and credit card information from the application inputs and exfiltrate data to remote servers.

After carefully reviewing public reports and our WAF logs, Hostdedi identified the threat and swiftly added a fleet-wide block for /downloader. We also isolated the malicious content added to this prototype.js file and have removed it from every file, leaving the original malicious file as backup (prototype.js.bk) for the client’s reference. 

We already had filters for this, mostly against brute force attacks. But given that Magento discontinued Magento Connect after June 2020, we decided to block access and only re-enable it upon request for certain IPs. 

This is one of the biggest differences between a code based Magento 1 maintenance package versus a hosting-based approach. While almost every project issued notices and recommendations, they all required user intervention. 

Our approach was to deploy a fix to the entire server fleet without any user intervention.

While a few stores were impacted, the immense majority remained safe because of the infrastructure and systems we already had put in place. This foundation, plus our swift action, helped thousands of Hostdedi stores and customers to remain secure.

In addition, we released Nexcess_CSP for our Safe Harbor users. Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of attacks including Cross Site Scripting (XSS) and data injection attacks usually known as MageCart. This module helps any Magento 1 store to set CSP policies, avoid and report XSS attacks and has 2 main objectives:

  • Mitigate cross site scripting: disallowing the communication to certain URLs by specifying the domains that the browser should consider to be safe sources of scripts.
  • Mitigating package sniffing attacks: specifying which protocols are allowed to be used; a server can specify that all content must be loaded using HTTPS.

We did not find any intrusion for stores that had CSP_Nexcess installed and properly configured.  Hostdedi Safe Harbor provides an extra layer of protection against this type of attacks, which are likely to continue.

The best kind of protection against external attacks is a mix of server side protection in the form of a WAF plus modules and patches to keep your store protected.

Keeping your Magento 1 store fully operational means protecting it against known vulnerabilities. If you have yet to invest in Safe Harbor, this hack illustrates the importance of staying secure.

Hostdedi Safe Harbor is a sound foundation to keep your sites and stores protected while you are on M1.

Source link

Hostdedi Magento Cloud vs. Magento Commerce Cloud

One of the misconceptions about the Enterprise version of Magento 2 is that you have to use Magento Commerce Cloud for hosting. Or that Magento Commerce and the AWS-based Cloud solution are one and the same thing. Magento Commerce Cloud hosting for your Magento store is built by Adobe and includes powerful features (modules) like page building progressive web applications (PWAs). Hostdedi Magento Cloud is hosting for your Enterprise Magento Commerce store, or your Magento Open Source Store with features for professionals like high scalability, development/staging environments, and PCI compliance.

In this post we’re going to clear up the misconceptions between these two very different platforms.

Magento Commerce Cloud was created about two years ago after Magento was sold to Adobe. It’s their official solution for hosting Magento and it has a lot of good things going for it:

  • Magento Commerce Cloud includes common functionality for your Magento store
  • They allow progressive web apps (PWA)
  • They have a cloud based infrastructure for scalability

But it’s important to remember that Adobe, even though they own Magento, is the new kid on the block. They’re still learning how to build & optimize the infrastructure needed to power a Magento site.

Building a Solid Infrastructure

Magento Commerce Cloud is great at including product features. But they’re still building their entire stack on someone else’s infrastructure. What does that mean?

It means, if you have a problem with your website, you first have to bring it to Magento Commerce Cloud team. And they have their standard Service Level Agreement (SLA) to respond to you. If in that time, they discover a problem with the underlying infrastructure, they’ll submit a ticket to Platform.sh – the company that maintains their infrastructure.

So your SLA is built on top of the SLA from another company. That means solving any potential problems could take twice as long. Not great if you have a problem that negatively impacts your store and you lose money every minute it’s not fixed.

Hostdedi Magento Cloud is built on our own infrastructure. Hostdedi has one SLA, and because we own the infrastructure, we can solve all of the problems ourselves and we don’t need to rely on any other companies. This means less finger pointing, more informed support, and faster resolution.

Experience

The other big difference between Hostdedi Magento Cloud and Magento Commerce Cloud is that we aren’t brand new to this space. Magento was literally built on our servers back in 2007 – before Magento v1 was even released (Magento v1 was officially released March 2008). 

We saw the opportunity of Magento back in 2008 when brick & mortar stores first started moving online to avoid the worst of the Great Recession. We helped brand new stores get started with Magento and we learned a lot about it in the process, like exactly how many PHP workers were needed, what caching systems were most effective, and which Magento settings are worth enabling. We distilled everything we knew to create the very first Magento specific hosting solution. 

We also wrote the book on Magento Best Practices and shaped the Magento community by siege testing Nginx vs Apache and settling that debate. We’ve improved and continued optimizing and put out a new book for Optimizing Magento 2.

Contributing Open Source Libraries

Besides optimizing hosting for lightning fast websites, Hostdedi also created Turpentine which was the first varnish cache for Magento. You can take advantage of this on any hosting that uses varnish. 

We also created security extensions and continue to contribute to Magento core.

Plan for Exploding Growth 

Most hosts, including Magento Commerce Cloud, give you a certain number of resources that you must remain within. If you go over a bandwidth threshold you might have to pay more – or if you have too many people on your site at a time, it slows down to a crawl. 

Hostdedi created our first Magento plan during a time when everyone was getting online and then immediately started outgrowing their small plans. We’ve also been around for over a dozen Black Fridays so we’re used to seeing retailers needing extra resources on demand. That’s why we built auto scaling into all of our plans.

If you have a post that goes viral or your Black Friday sales really take off, we have you covered with additional PHP workers which keep your website snappy and your visitors happy.

Conclusion

Adobe Magento Commerce includes a lot of nice product features and it can be easily managed in the cloud. Hostdedi Magento Cloud is both more established and leads the way with the most efficient & affordable infrastructure you can find.

Source link

Hostdedi Magento Cloud vs. Magento Commerce

One of the misconceptions about Magento is that you have to use Magento Commerce for hosting. Or that they are one and the same thing. Magento Commerce hosting for your Magento store is built by Adobe and includes powerful features (modules) like page building progressive web applications (PWAs). Hostdedi Magento Cloud is hosting for your Magento store with features for professionals like high scalability, staging websites, and PCI compliance.

In this post we’re going to clear up the misconceptions between these two very different platforms.

Magento Commerce was created about two years ago after Magento was sold to Adobe. It’s their official solution for hosting Magento and it has a lot of good things going for it:

  • Magento Commerce includes common functionality for your Magento store
  • They allow progressive web apps (PWA)
  • They have a cloud based infrastructure for scalability

But it’s important to remember that Adobe, even though they own Magento, is the new kid on the block. They’re still learning how to build & optimize the infrastructure needed to power a Magento site.

Building a Solid Infrastructure

Magento Commerce is great at including product features. But they’re still building their entire stack on someone else’s infrastructure. What does that mean?

It means, if you have a problem you first have to bring it to Magento Commerce. And they have their standard Service Level Agreement (SLA) to respond to you. If in that time, they discover a problem with the underlying infrastructure, they’ll submit a ticket to the company that maintains their infrastructure.

So your SLA is built on top of the SLA from another company. That means solving any potential problems could take twice as long. Not great if you have a problem that negatively impacts your store and you lose money every minute it’s not fixed.

Hostdedi Magento Cloud is built on our own infrastructure. Hostdedi has one SLA, and because we own the infrastructure, we can solve all of the problems ourselves and we don’t need to rely on any other companies. This means less finger pointing, more informed support, and faster resolution.

Experience

The other big difference between Hostdedi Magento Cloud and Magento Commerce is that we aren’t brand new to this space. Magento was literally built on our servers back in 2007 – before Magento v1 was even released (Magento v1 was officially released March 2008). 

We saw the opportunity of Magento back in 2008 when brick & mortar stores first started moving online to avoid the worst of the Great Recession. We helped brand new stores get started with Magento and we learned a lot about it in the process, like exactly how many PHP workers were needed, what caching systems were most effective, and which Magento settings are worth enabling. We distilled everything we knew to create the very first Magento specific hosting solution. 

We also wrote the book on Magento Best Practices and shaped the Magento community by recommending Nginx instead of Apache (which for a company specializing in LAMP stack is pretty radical). We’ve improved and continued optimizing and put out a new book for Optimizing Magento 2.

Contributing Open Source Libraries

Besides optimizing hosting for lightning fast websites, Hostdedi also created Turpentine which was the first varnish cache for Magento. You can take advantage of this on any hosting that uses varnish. 

We also created security extensions and continue to contribute to Magento core.

Plan for Exploding Growth 

Most hosts, including Magento Commerce, give you a certain number of resources that you must remain within. If you go over a bandwidth threshold you might have to pay more – or if you have too many people on your site at a time, it slows down to a crawl. 

Hostdedi created our first Magento plan during a time when everyone was getting online and then immediately started outgrowing their small plans. We’ve also been around for over a dozen Black Fridays so we’re used to seeing retailers needing extra resources on demand. That’s why we built auto scaling into all of our plans.

If you have a post that goes viral or your Black Friday sales really take off, we have you covered with additional PHP workers which keep your website snappy and your visitors happy.

Conclusion

Adobe Magento Commerce includes a lot of nice product features and it can be easily managed in the cloud. But Hostdedi Magento Cloud is both more established and leads the way with the most efficient & affordable infrastructure you can find.

Source link

Magento 1 End of Life: It’s July. Is your store safe?

We made it to July. Congratulations.

I’m guessing your online store, if you’re running Magento 1, is still standing – even if companies large and small were telling you that the “end of life” situation with Magento 1 was dire. If you’ve been reading things we’ve written already about it, you know we were big fans of being honest without creating alarm and stress.

But now we’re here – past Magento 1’s end of life, and we
need to ask the question, the one you’re likely asking yourself already. Is your store
safe?

I think there are four ways to answer that question.

Is your store’s code safe?

The good news is that nothing about the code that was
running on your site last month has changed this month. What worked last
quarter will work this quarter. Files didn’t suddenly go bad or corrupt. And
there weren’t any special protections on your files or code that expired.

The End of Life declaration for Magento 1 code from
Adobe/Magento means that if some new bug were found, they wouldn’t be creating
patches any longer. But that is a statement about the future, not about the
code that has been running your store up until now.

So the answer to this version of the question, is yes, as of
right now, your code is safe.

Is your store safe to handle financial transactions?

Another way to ask the question is whether the code itself
is good to handle financial transactions. In other words, will your store
remain PCI compliant? And the good news again is that there hasn’t been any
sudden change that would make your store out of compliance simply because Adobe
has said they want you to move to Magento 2 now.

That said, we’re not answering this question flippantly. The
reality is that PCI compliance is a constant and ongoing dynamic that requires
that everyone stay vigilant with compliance scans. If a scan comes back with a
gap or issue, the only way to stay compliant is to address the issues.

But if Adobe / Magento aren’t publishing patches and your
scan comes back with a vulnerability, how do you handle it? It’s a great
question and the driver behind our creation of the Hostdedi Safe Harbor
program
. We have your back.

Nevertheless, at this point, shy of something changing,
you’re good to go with handling transactions unless your payment gateway
decides to stop supporting their Magento 1 module.

If that happens, we
strongly suggest you check out Stripe
, who has a commitment to keeping
their Magento 1 module going for their customers.

Is your store safe from external attack?

Another way to ask the safety question is to wonder about
external attacks – malicious players who know that we’ve reach the end of life
for Magento 1 and they want to take advantage of the situation.

Most hosts have some level of protection against bad actors.
This kind of question is something you should ask them directly about.

What I can tell you about Hostdedi is that we’ve been hosting and supporting Magento 1 merchants since Magento was created. We know the codebase and we’ve created dedicated hosting solutions for stores of every size. Along with that, we’ve created a best-in-class security infrastructure that supports Magento 1 stores.

But if your current host doesn’t give you some great
answers, or if they tell you that your only answer is to migrate your store to
Magento 2, then I’d love to introduce you to our Safe Harbor
program
, which provides malware detection, firewalls and IP protection, and
so much more.

Will your store continue to stay safe?

The last way I think about this question of safety is about
the condition of your store as things continue to evolve and change.

One of the things we talk about here a lot is the evaluation
and transition that many merchants have been considering to other platforms –
like Magento 2, WooCommerce, Shopify and
BigCommerce.

Every one of those transitions, if they happen, take time.
So what do you do if you want to start that kind of transition but still want
to keep your Magento 1 store safe? Some of these migrations take months, others
can take quarters.

The good news, and you’ve seen me reference it multiple
times already, is our Hostdedi Safe Harbor
product
that isn’t a long-term contract. It’s a month-to-month solution
that provides protection even as you consider and potentially begin a migration
of your store.

No matter what, there’s a way to keep your store safe

As you can see, any way you ask the question, the answer
remains the same. With Hostdedi as your hosting partner, we’re here to help you
feel confident about running your Magento 1 store. No matter what, there’s a
way to keep your store safe.

Source link