CAll Us: +1 888-999-8231 Submit Ticket
Menu

Category Archives:
Magento Archives

Home / Blog / Magento

Critical Vulnerability Breaks WiFi Security And Puts Hosting Clients At Risk

Critical Vulnerability Breaks WiFi Security And Puts Hosting Clients At Risk

Photo by rawpixel.com on Unsplash

A critical weakness in the protocol used to protect WiFi connections can be exploited to decrypt any data traveling between a WiFi client and the router it is connected to. Some variant of the Krack Attack vulnerability is present in nearly every WiFi device in the world. Unlike many vulnerabilities, this one isn’t the result of a bug in a specific implementation of the software, but a flaw in the WPA2 standard that developers base their implementations on.

The immediate consequence of the vulnerability to Krack Attacks is that WiFi networks cannot be trusted. Most of us are familiar with the idea that open WiFi networks we don’t control should be treated with suspicion — sending unencrypted sensitive data from a coffee shop isn’t a good idea. But the new vulnerability means that even WiFi networks we do control can’t be entirely trusted because of the flawed security protocol.

It’s not easy to exploit the vulnerability: the attackers have to be connected to the same WiFi network, but the risk is still significant.

It should be pointed out that WPA2 only handles data that travels between the client — a mobile device or laptop — and the wireless router. If data is also encrypted with a different protocol at a different level of the network stack, that encryption is unaffected. The flaw in WPA2 does not mean that people can intercept and decrypt information sent over SSL-secured connections.

Mitigating The Risk Of Krack Attacks

We expect fixes for routers and client devices and applications will be made available as soon as possible. As ever, updating your devices is the best way to mitigate the impact of this vulnerability.

As I’ve already noted, users of websites and eCommerce stores protected by SSL certificates have an additional layer of protection that will prevent an attacker from reading sensitive information even if they can decrypt the WPA2 connection.

All Magento stores should be protected by SSL certificates — payment gateway services use SSL by default, but without an SSL certificate for your Magento store, other sensitive information can be observed by an attacker. Responsible eCommerce merchants protect their customers with SSL certificates.

One scenario in which both Magento and WordPress site owners are at risk is when carrying out work on a site over an unencrypted connection: FTP is a common example. If an outside contractor or developer is working on your site from a WiFi network vulnerable to a Krack Attack, there’s nothing to protect sensitive data.

We offer OpenVPN virtual private networks for WordPress dedicated server and Magento dedicated server hosting clients to allow site and store owners to grant secure access to third-parties. Once logged in to an OpenVPN network, all communication is encrypted, protecting data even if it travels over a vulnerable WiFi network.

Learn More About Krack Attacks

Krack Attack stands for Key Reinstallation Attack, and it exploits a flaw in the 4-way handshake that takes place between a WiFi client and a router. When your device connects to a wireless router, a conversation between the devices sets up a shared encryption key that is used to encrypt subsequent traffic.

Krack Attacks trick WiFi clients into reinstalling a key that is known to the attacker. A key should only be able to be installed once: if an attacker can force the same key to be reinstalled, they can, along with other information collected from the network, decrypt the connection. You can see the full details of how this works on the Key Reinstallation Attacks website.

Posted in:
Magento, Security

Source link

Community Collaboration With Magento Open Source

Community Collaboration With Magento Open Source

Photo by rawpixel.com on Unsplash

Magento 2.2 has arrived! The newest release fixes 428 bugs, with 17 percent of those being community contributions.

The full release notes can be found here.

The 17 percent represents 71 bug fixes that would’ve likely been overlooked if not for the efforts of the Magento community. This result was thanks in no small part to plenty of Contribution days and hackathons, improved GitHub management, and the tireless effort of the Community Engineering team.

At Meet Magento Sweden, I was fortunate enough to participate in the Contribution Day in Stockholm.

Digging into the code, I developed a fix in response to issue report #9278, “Create new CLI command: Enable Template Hints.” You can read more about this new CLI command here.

However, this is far less about singing my own praises and more about highlighting the process behind its approval and eventual inclusion. The issue in question had the “Up for Grabs” label, which means pretty much what you’d think – anyone can take a shot at resolving an issue that was already tagged by the Community Engineering team.

After writing and testing the code, I showcased the new feature during the allotted demo time at the end of Contribution Day, then submitted the pull request (PR) to the develop branch for the upcoming Magento 2.2.

As we speak, there are other branches in use, and the develop branch always used as the integration branch for upcoming releases. For example, 2.3-develop will point to the 2.3.x releases, 2.2-develop pointed to 2.2.x, and so on.

Usually, once the pull request is submitted, someone from the Community Engineering team checks the submission, asks for more input if needed, and, if and when it’s ready, approves it for merging. The team uses self-explanatory labels to identify the status of each pull request, and is intended to keep things user-friendly and transparent.

If you’re curious about Magento Open Source, I recommend starting with the Magento Issue gates to fully understand how issues and PRs are labeled. After that, head to the Magento automated testing standards and the Magento Code of Conduct so we all can get along on GitHub while working together to achieve great things!

Posted in:
Magento

Source link

Magento Connect Will Close In September

Magento Connect Will Close In September

Photo by Tim Mossholder on Unsplash

Magento Connect, which has for many years been the official source of Magento extensions, will shut down in September. The role of Magento Connect will be taken over by the Magento Marketplace, which was introduced a year ago and will become the official Magento-sanctioned repository of extensions.

Magento’s extensions are one of the most important contributors to its power and popularity as an eCommerce application. Magento would be a fraction as flexible and functional without its extension ecosystem. While Magento Connect has served merchants well for many years, it is not without problems. The new Magento Marketplace applies the lessons learned from Magento Connect to offer an improved experience.

Magento Marketplace introduces a brand new interface, enforces stricter guidelines for extension submission, and provides a modern and approachable solution for extension management, promotion, and discovery.

Major improvements to the experience include the rationally architected site layout and enhanced search. It’s easier than ever before to find best-in-class extensions and searching produces relevant results, something that wasn’t always the case on Magento Connect. Magento Marketplace also offers a number of other store-like features, including accounts that track purchases and other information.

But one of the most important improvements introduced for the Magento Marketplace is comprehensive reviews of submitted extensions. Quality control was a problem on Magento Connect. Under the review guidelines introduced last year, all extensions are submitted to a three-phase review process.

The phases assess the business, technical, and marketing qualities of extensions, which must complete all phases before they are eligible to be part of the marketplace. The business review guidelines ensure that extensions solve a real problem, reducing the presence of extensions with trivial functionality or that exist solely to fulfill the marketing imperatives of their creator. Extensions will be removed from the marketplace if they don’t generate sufficient interest, incentivizing developers to improve and promote extensions.

The technical review checks whether the extension conforms to various standards. Automated QA testing assesses whether the extension meets minimum technical expectations, such as whether it installs cleanly and integrates well with Magento. The marketing phase is intended to ensure that accompanying marketing materials conform to the high standards expected in the marketplace, including checks for proper spelling and grammar in extension descriptions and documentation.

The overarching goal of these reviews is to provide a positive experience to merchants and developers. Merchants will be able to more easily find the extensions they need, and more importantly, they can be confident that the extensions function as advertised and won’t cause problems. A better extension marketplace can only improve the brand perception of the Magento project.

Although the reviews put more of a burden on developers, the creators of high-quality plugins will benefit from enhanced discoverability and a marketplace that establishes trust and confidence in retailers.

Posted in:
Magento

Source link

How (and Why) to Launch a Magento Mobile App in One Week

Magento Mobile AppImagine going for a long hike and wandering into a mysterious cave.

You turn on your flashlight, look around and discover that the cave walls are littered with what appear to be gold nuggets.

You pluck one of the smaller pieces and bring it back to town. A jeweller informs you that the metal is, in fact, gold …

And that the particular piece you brought back is worth thousands of dollars.

How do you feel at this point?

If you’re like most people, the answer is simple:

Jubilant. Ecstatic. Over the moon.

After all, you stand to make millions, maybe even tens of millions, once you start working the mine.

All you need to do is discover the gold, mine it, perform drill tests, process the metal and refine it at a separate location while paying legal fees, workers’ wages and equipment costs.

Which begs the simple question of, “what happens if I don’t have the know-how or the money to do all that?”

Well, then you’d better hope that nobody else finds that mine before you figure things out …

Because if they do, you’re going to lose a fortune that was as good as yours.
At this point, you may be wondering:

This is a fun scenario, but what’s it got to do with eCommerce and my business?

It’s pretty simple, really.

What Mobile eCommerce and Gold Mines Have in Common

Mobile eCommerce

eCommerce – and mobile eCommerce in particular – is the metaphorical gold mine of modern retail.

Case in point: consider that …

Looking at these figures, it’s clear that consumers are spending an ever-growing amount of time (and money) on the mobile internet. This means mobile ecommerce apps are a high-growth, high-demand asset; much like gold was (and still is).

There’s just one caveat.

Like mining gold, doing business online requires a certain level of know-how. It also requires time and money that you may not have at the moment.

This is unfortunate, because as with gold, doing nothing means giving the competition a chance to take over your opportunity (and money).

Fortunately for you, there’s one major difference between mining gold and getting a mobile app.

You can get everything you need quickly, and at a low price, because digital assets are easy to duplicate and deploy.

Specifically, JMango – winner of the Magento Award for Innovation – helps businesses like yours get their very own branded Magento mobile apps in minutes or hours. This means that no matter how busy and overwhelmed you feel, you can get your Magento mobile app out there in under one week.

Here’s how you do it – and how you can get a personalized Mobile Shopping app for iOS and Android in the next 1-7 days.

Making Your Magento Mobile App

Making Your App

Magento was part of eBay for over 13 years. It became independent in 2015, and has since maintained its dominant position in desktop and mobile-based eCommerce.

In the 4 steps below, we’ll explain how you can use JMango (free of charge) to import and start editing your very own Magento-based Mobile app in just minutes.

The first step is …

1. Connect Your Existing Store

Creating your own Mobile App doesn’t mean migrating your entire stock into an app. With our Magento App Builder, things are as simple as signing up to JMango and filling out your store details.

Once you do that, our app gets to importing all your products, prices and content into your brand-new app, where you can easily review and edit them.

The best part?

Our service is free to register with, meaning you can import and edit your store without committing to anything or paying a red cent.

Cool, right?

But wait, it gets better. In addition to editing your data, you can also edit the look of your app on-the-fly. Here’s how.

2. Designing your Mobile App

Designing your App

When it comes to app design, 2 things are important:

  1. Standing out from other apps built using the same platform.
  2. Matching your app’s design to your eCommerce website.

JMango makes it easy to do both. For starters, you can customize the app using a drag-and-drop tool to change your logo, banner, background colors and other design elements.

This allows you to completely overhaul the default look of your app in minutes – even if you know nothing about design or coding.

Once you’re happy with your design, and all the products and content are to your liking, it’s time to …

3. Test and publish your App

JMango makes it easy to test your app on your smartphone. All you have to do is download it to your device; the app will be instantly usable.

At this point, the JMango team will be there for you to help deal with anything you’re unclear about. We’re also open to customer suggestions and requests. If there’s a function or feature that you’d like to see but we don’t offer, we’ll definitely consider adding it.

We’re also happy to help you market your app by choosing keywords, names and images that maximize your marketing results.

Speaking of that – the next (and final) stage of launching your magento mobile app is …

4. Promoting Your App

Promoting Your App

An eCommerce app with no users is like a gold mine with no miners. It’s valuable in theory – but unless you can manage to get some enthusiastic folks in there, you won’t get far.

That’s why it’s so important to promote your app as you launch it.

As mentioned above, we do our bit to help you here, by suggesting visuals and copy that maximize conversions (and in-app purchases).

You can also help yourself by reading our post on app marketing tips, where we share what we’ve learned launching hundreds of Magento store apps with our clients.

At this point, you’ve made (and launched) your magento app. Well done for making it through this post – and before you go, let’s just recap what we’ve learned today.

Here’s why you want to launch a Magento app A.S.A.P.:

  • There’s a massive demand for eCommerce
  • Magento is the leading eStore app platform
  • Every single day of not having an app results in lost opportunities and money

Here’s how you can launch a Magento app in under 7 days with JMango:

  1. Connect your existing store
  2. Design your app
  3. Test and publish
  4. Promote

Now that you have this knowledge, you don’t have to save money or wait for the right time to work your gold mine.

Instead, you can click your fingers and get everything you need: the know-how, the equipment, even a squad of well-heeled helpers (i.e. the JMango support team).

All you need to do is sign up with our platform for free, and start editing and designing your app today.

There are literally no strings attached, so if you want more mobile business, stop losing opportunities and start making money by creating your own app for free today.

Author: Lisanne Barnaart

About Author

Lisanne Barnaart is Content Manager at JMango360, the award-winning platform to create and manage mobile commerce apps. Lisanne is responsible for creating and distributing relevant content for merchants that want to build a competitive mobile commerce strategy and improve mobile app results.

Posted in:
eCommerce, Magento

Source link

The Magento Marketplace Helps eCommerce Merchants Find Best-In-Class Magento Themes And Extensions

Magento MarketplaceThe Magento ecosystem includes a rich collection of extensions and themes that empower eCommerce merchants to shape the retail and shopper experience. Thousands of developers contribute to that ecosystem, but it can be difficult for retailers to figure out which extensions are right for them, which are coded to a high standard, and which may introduce performance or security problems.

The Magento Marketplace, which recently received a number of updates, helps eCommerce merchants find the best themes and extensions. The Magento Marketplace offers a carefully curated set of best-in-class free and premium extensions and themes from which eCommerce merchants can choose in the confidence that they’ve been vetted and approved by Magento experts.

That’s not to say there are no good themes and extensions outside of the Magento Marketplace — there are many — but for eCommerce merchants who don’t have the time and technical ability to assess the code quality of software before they integrate it with their store, Magento Marketplace can be a huge timesaver.

Each extension or theme included on the Marketplace undergoes a thorough vetting process to make sure it provides genuine utility and solves a real problem, adheres to basic coding and packaging standards, isn’t plagiarized and doesn’t contain malware, and provides all the information retailers need to make an informed decision. There’s also an enhanced vetting tier that includes a complete technical analysis by a Magento engineer.

Good For eCommerce Merchants

eCommerce merchants often have a hard time distinguishing the great from the mediocre where Magento extensions are concerned. Anyone with a bit of PHP experience can create a Magento extension, but it takes a commitment to excellence and knowledge of Magento’s internals to make a truly great plugin.

Poorly coded plugins can cause security and performance issues, not to mention the criminals who take genuine extensions, infect them with malware, and make them available to unsuspecting eCommerce merchants.

Good For eCommerce Developers

The Marketplace allows developers to make their work available on a trusted platform. The theme and extension marketplace is highly competitive, and even the best developers have trouble standing out from the cloud. A presence on the Magento Marketplace offers developers access to a large number of potential users, increasing their reach and reducing promotion costs.

There’s room in the Magento ecosystem for numerous vendors and marketplaces, from Magento Connect to individual developer websites and third-party marketplaces, but the Magento Marketplace has a prominent role to play in reducing confusion and eliminating poor experiences for new and established eCommerce merchants.

Posted in:
eCommerce, Magento

Source link

Five Front-End Optimizations For A Faster Magento Store

Front-End Optimizations Black Friday and Cyber Monday are almost here, not to mention Christmas. eCommerce merchants all over world are battening down the hatches in preparation for the busiest and most profitable shopping season of the year. To make the most of the Holiday Season, retailers should take a careful look at their store’s performance. Harried shoppers don’t want to deal with slow eCommerce stores, and that goes double for mobile users.

Articles discussing Magento performance optimization often focus on server-side optimizations: choosing a hosting company that values performance, configuring caching, database optimization, and so on. But ignoring the front-end is a mistake. The most carefully optimized back-end won’t compensate for a poorly optimized front-end that leaves the shopper hanging while multiple scripts block rendering and enormous unoptimized images download.

I’d like to take a look at five ways Magento merchants can improve the performance of their store’s front-end.

Before you do anything, gather data so you know how well your store performs today. Without a clear idea of current performance, you won’t be able to tell which optimizations are effective. I recommend using Pingdom Tools and Google Pagespeed Insights to develop an understanding of your site’s performance.

Performance Budget

A performance budget sets limits within which your designers and developers must work. You might budget by load-times: this page has to load within two-seconds on a typical low-bandwidth connection. Or you might budget by page weight: this page can load no more than 1 MB of content in total. Performance budgets help focus attention on page performance.

Minify And Concatenate

When you order dinner at a restaurant, you don’t expect the server to bring each item to the table individually. They don’t bring you the bread, return to the kitchen to get a plate, then again for a fork, and a knife, and a spoon, and so on. They bring everything at once so they only have to make one trip to the kitchen.

Whenever the browser makes a request to a server, the load time of the page increases. If a store loads lots of JavaScript and CSS files, each file adds a bit more latency. The browser has to make lots of round-trips to the “kitchen” and back. This is inefficient.

It’s far better to join JavaScript and CSS files together in a process called concatenation, reducing the number of round trips.

You can use the built-in Merge JavaScript and Merge CSS options in the Developer menu to concatenate your store’s files.

Defer Loading Of Non-Essential JavaScript

If you want shoppers to see the content of product pages quickly, that content has to be loaded before everything else, including non-essential JavaScript and CSS. Otherwise, the rendering of the page will stop and wait every time a new JavaScript or CSS file has to be loaded.

Defer loading of all non-essential JavaScript and CSS, and, where possible, use the “async” tag to load JavaScript asynchronously.

Image Optimization

Images are an essential part of any product page, but the bigger they are, the longer they take to download. That’s not much of a problem for people shopping on high-bandwidth broadband connections, but it can negatively impact the experience (and the bandwidth bills) of mobile users.

First, make sure that your store delivers the right image sizes for the screen size of the shopper’s device. Hopefully, your theme does this for you. If not, consider modifying the theme so it makes use of responsive image best practices.

Many images contain data that isn’t especially useful for eCommerce shoppers, including EXIF headers and other metadata. Using a tool like ImageOptim or the Image Optimizer Magento extension will strip all that extraneous metadata and compress images for smaller file sizes.

Frugal Tracking

eCommerce merchants are often tempted to include as many tracking and conversion optimization scripts as possible on their pages. After all, data is key to improving shopper experience and optimizing for conversions. However, most tracking scripts are loaded from external servers, aren’t especially well optimized, and seriously impact page-load times. I advise Magento merchants to include only the services they really need.

To give shoppers the best experience this Holiday season, optimization efforts should focus on both the back-end and the front-end. Front-end optimization is a easy win for eCommerce retailers and their customers, and ignoring the front-end optimization may well lead to shoppers deciding your store just isn’t worth their time.

Posted in:
eCommerce, Magento

Source link

Credit Card Scrapers Continue To Be A Risk On Insecure Magento Sites

Credit Card ScrapersDiscovering that an eCommerce store has sent their credit card data to a malicious third party is the worst nightmare of many shoppers. They adopt an eminently sensible “once bitten, twice shy” attitude towards retailers who allow sensitive financial data to fall into the hands of criminals. Leaking credit card data is a great way to lose customers.

In a recent blog article, security company Sucuri discussed a typical credit card scraper attack against a Magento store. Malicious code was injected into the popular SF9 Realex Magento extension. The code was simple: it routed credit card data submitted by customers to the attacker’s email address.

The scraper’s presence was not the fault of the extension. It’s likely the attacker exploited an existing security vulnerability to gain access to the Magento installation.

The best way to avoid having your store infected with credit card scraper malware is to make it difficult for attackers to compromise it in the first place.

First, and most important, keep your Magento store up-to-date. Many eCommerce merchants take the view that if their site is working as intended, updating is more trouble than it’s worth. But updates aren’t just for new features. Updates contain patches that fix vulnerabilities. Once a patch has been released, it’s a good bet criminals know about the vulnerability.

I advise store owners to follow announcements on the Magento Security Center, which publishes details of security vulnerabilities and mitigation guidance.

Magento store owners should also be careful which extensions they install and where they come from. Malware is often found in extensions sourced from unverified locations. Using “pirate” versions of premium Magento extensions is a serious risk because they often include malware. Magento Connect implements strict checks to ensure that malicious software isn’t published.

Finally, store owners should ensure they follow password best practices. The web is teeming with brute force bots that love nothing more than an easily guessed password. Robust password policies that enforce long, random passwords for administrator accounts are essential.

To help you keep criminals out of your Magento installation, Hostdedi developed two open source Magento extensions: Sentry and Alarmbell.

Alarmbell is a security extension that sends notifications whenever a new admin user is created. The creation of a new admin user without the knowledge of existing administrators is a key indicator that a Magento store has been compromised. Alarmbell will also log every change to admin accounts and failed admin login attempts.

Sentry is a two-factor authentication plugin for Magento. As I just mentioned, brute force attacks are a frequent cause of Magento stores being compromised. Sentry allows eCommerce merchants to integrate their store with Google Authenticator or Duo, making it practically impossible for brute force attacks to compromise a store.

These basic security precautions are not onerous or time-consuming, and if you consider the potential impact of a credit card scraper or other malware on your Magento store, they’re well worth the minimal time investment.

Posted in:
Magento, Security

Source link

New OpenVPN Plans For Magento And WordPress Dedicated Servers

OpenVPNWe’re happy to announce the introduction of secure OpenVPN accounts to our dedicated server and enterprise cluster hosting plans. OpenVPN allows site owners to use a secure encrypted login process to access services on dedicated servers that would otherwise be unencrypted, including HTTP and FTP services.

OpenVPN will be available on all 400 and 500–level dedicated server plans as well as all enterprise cluster levels. Dedicated servers from the 400 tier can choose OpenVPN protection for $24.99 per server per month, and dedicated servers in the 500 tier will receive OpenVPN protection as standard at no added cost.

All of our Magento dedicated server plans include SSL certificates that protect customer-facing services from man-in-the-middle attacks and scrutiny by malicious third-parties. But web-based SSL protection doesn’t apply when connecting to services like FTP, which doesn’t automatically encrypt data connections.

Usually, those services are firewalled to prevent access, but in many cases, off site workers require access to services that are not by default secure. The introduction of OpenVPN to our dedicated server and enterprise cluster plans allows clients to provide offsite server administrators and developers with the access they need without compromising server security. All authorized OpenVPN connections are made over a securely encrypted virtual private network using state-of-the-art cryptographic technology.

OpenVPN is an open source service that uses TLS certificates to implement secure virtual private networks, and is capable of traversing NATs and firewalls. The OpenVPN service uses certificate-based authentication, so no passwords are required.

You can access OpenVPN services with any OpenVPN-compatible client, but we can only help with support issues and troubleshooting if you use an OpenVPN client we support on Windows, Mac, or Linux.

It should be noted that the new OpenVPN services don’t replace site-to-site IPSEC VPN tunnels already in use. OpenVPN is intended to be used only when authorized personnel require secure access to servers and we won’t create OpenVPN accounts for other purposes.

To access individual services on your dedicated servers, you will still need to use the standard accounts that we provide. OpenVPN authentication protects connections when you access services using your standard user accounts, but the credentials are distinct. You’ll need to let our support team know if you want to terminate your OpenVPN accounts.

Since shared hosting plans are multi-tenant environments, VPN services are only available on dedicated servers and enterprise clusters. OpenVPN is only available with dedicated server and enterprise cluster plans.

Posted in:
Magento, WordPress

Source link

Magento Introduces Stricter Quality Checking For Marketplace Extensions

Marketplace ExtensionsThe Magento Marketplace is a rich source of extra functionality for Magento eCommerce stores. The core Magento application can’t fulfil every requirement an eCommerce merchant might have: every store is unique and a Magento that could be all things to all retailers would be a bloated and unwieldy application.

Instead, Magento is a modular system with a strong core and a large extension ecosystem. Magento’s developers focus on building an unbeatable core experience, while third-party developers focus on building specific functionality.

Modularity and a deep ecosystem powered by a dedicated community of developers are part of what makes Magento so popular, but a marketplace to which anyone can contribute is not without its difficulties. Developers vary widely in ability and commitment to providing a great experience. Extensions may be of mixed quality, and there’s nothing quite so off-putting to a new Magento user than to install a extension from the Magento Marketplace that doesn’t provide the promised functionality or breaks their store.

That’s why Magento is so careful about the extensions allowed into the Magento Marketplace. As Bhavin Rawal, Magento’s Head of Marketplace and Technology Partnerships, discussed in a recent blog post, in order to be admitted to the Magento Marketplace, extensions undergo a quality control process. Rawal’s post also announced several ways in which that process is being augmented in 2017. The additional quality checks will reduce the likelihood that subpar extensions are accepted into the marketplace, improving the confidence of Magento users. The new controls may also require developers to invest more time in bringing their extensions up to the required standard.

Before the changes, the quality control process included a number of checks, including a business review, malware scanning, code standard review, and a plagiarism review to ensure that extensions don’t simply repackage the work of other developers.

The new processes augment the existing quality control workflow to ensure that all extensions reach an acceptable standard. Using a mixture of scripted and manual testing, every extension will be subjected to an installation and compatibility verification. If the extension won’t install and run, or if it isn’t compatible with the PHP versions it’s expected to run on, the extension will be rejected. The developers of rejected extensions are free to make the necessary changes and resubmit. Extensions will also be checked to make sure they don’t break any Magento functionality and that stores that install the extension will continue to functions as expected in the development environment.

These checks apply to all new extensions and new versions of existing extensions, but also to extensions that are already available in the marketplace.

The extension marketplace is a vital part of the Magento ecosystem, and it’s great to see that ensuring that the quality of extensions available from the official marketplace remains a priority.

Posted in:
eCommerce, Magento

Source link

Magento Introduces Magento DevBox — A New Local Development Environment

DevBoxLocal development of any web application can be complex, especially if the developer works on several projects at the same time. To make it easier for developers to get up-and-running with a standardized Magento installation on their local machine, Magento has released Magento DevBox Beta, a Docker-based tool for local Magento development.

If you’re not familiar with Docker, it’s a lightweight alternative to virtual machines. Each Docker container is a complete isolated server environment with its own filesystem, libraries, and applications, but sharing the kernel of the host operating system (or in the case of non-Linux machines, a lightweight virtual machine running on the host).

Containers are very fast to start and consume fewer of the host machine’s resources, making them the perfect option for building replicable, isolated development environments that can be shared.

The benefits of using a tool like Magento DevBox instead of installing Magento onto the developer’s laptop include:

  • Fast creation of a development environment that doesn’t interfere with the developer’s local environment, something that can be a real headache when you need to install different versions of libraries than those the host system relies on.
  • A consistent and easily replicated development environment that can be shared between everyone working on a project. This is a big win for teams working on a Magento site. Every developer can have exactly the same development environment, avoiding all the “but it works on my laptop!” problems.
  • Everything the developer needs, installed in seconds. That includes Magento itself, the web server, database, Redis, Varnish, Elastic search, RabbitMQ, and everything else that might be needed by a project. Because the containers are entirely self-contained, developers are free to choose which versions they install.

DevBox configuration is handled via a web interface. Developers choose the mix of settings they want and the result is a zipped file that can be used to launch a local Magento environment. The project source files — everything needed to recreate the site in testing and production — are kept outside of the container on the local file system.

Although there are already plenty of tools that achieve more-or-less the same thing as Magento DevBox, its introduction is a positive move for the Magento developer community. As Magento grows more complex, significant amounts of developer time are wasted creating and maintaining local development environments. DevBox is built by the people who know Magento best and will be promptly updated as Magento development continues.

It’s worth stressing that Magento DevBox is still in beta, although I experienced no problems with it. If you’re a Magento developer, or anyone interested in having a Magento installation to play with on your local machine, Magento DevBox is definitely worth a look.

Posted in:
eCommerce, Magento

Source link