CAll Us: +1 888-999-8231 Submit Ticket
Hostdedi and BigCommerce Announce eCommerce Partnership

Hostdedi and BigCommerce Announce eCommerce Partnership

Hostdedi and BigCommerce Announce eCommerce PartnershipMay 2, 2019 – We’re proud to announce the addition of a new hosting solution to our lineup for merchants: BigCommerce. This new addition allows us to provide merchants with multiple options for creating, customizing, and delivering their online stores.

As a powerful, headless eCommerce solution, BigCommerce allows merchants to employ a powerful product catalog while maintaining the simple front-end capabilities of WordPress. To this end, BigCommerce accounts with Hostdedi will include a WordPress environment with the BigCommerce plugin pre-installed and pre-configured.

In additional to the same great optimizations you’ll find across all of our plans, you’ll also have access to our support team and auto scaling functionality.

Keep reading to find out more about how Hostdedi and BigCommerce can work together to power your eCommerce needs.


Why BigCommerce?

By 2021, eCommerce will hold 17.5% of the commerce market share. In 2018 it was 11.9%. Part of the reason for this growth is the number of options available to different merchants. More and more, merchants that lack technical knowledge and access to a developer are being provided with accessible eCommerce platforms.

In 2018, we already saw a significant rise in the number of eCommerce solutions leveraging the ease-of-use associated with WordPress. During this time, WooCommerce, another eCommerce plugin that runs on WordPress, saw an 86% increase in the number of services.

With BigCommerce, we hope to support these merchants, by providing them with the  functionality and ease of use of WordPress, as well as the powerful product and SKU management tools of BigCommerce. Together, we hope to empower merchants to create the professional, personalized eCommerce experiences they want.


The Same Great Support

BigCommerce merchants will still have access to the same great Hostdedi support they would with any other application. However, in addition to this, they’ll also have access to BigCommerce support ninjas.

Available 24/7/365, support for the new eCommerce solution is designed so merchants are never left in the dark regarding any part of their implementation. Key channels of communication have been set up to enable the best support possible for both the BigCommerce API, and the WordPress front-end.


BigCommerce Features

The new BigCommerce solutions come in several different forms, with three primary plans on the BigCommerce side: standard, plus, and pro. Each of these plans offer merchants an increased set of functionality.

All plans will include access to multiple sales channels such as Amazon, eBay, and social channels. Merchants will also have access to coupons, discounts, and gift cards, along with professional reporting tools, and multiple payment processor options such as Apple Pay, Google Pay and Amazon Pay.

Once upgraded to the plus plan, merchants will have access to advanced marketing tools for segmenting and targeting customers. Merchants will also be able to store credit card information within the BigCommerce API, and implement abandoned cart campaigns through their store.

For those that select a higher-tier solution from Hostdedi, they’ll have access to the benefits of the Pro plan. This includes an unlimited number of API calls. In conjunction with Hostdedi Cloud auto scaling, this means that merchants won’t have to worry about sales events and periods of high traffic. Merchants will also be able to implement advanced search, allowing customers to find products faster and more easily.


Commerce With a 0% Transaction Fee

One of the big benefits to using BigCommerce is that the eCommece platform has 0% transaction fees. This beats a huge range of other eCommerce platforms, and gives merchants a clear fee at the start of each month.

Similar to all other Hostdedi services, features such as auto scaling and dev sites will also be available at an additional price. A vital part of your move to Hostdedi is going through appropriate sizing with our team of experts. Get in touch to find out what size commerce is best for your store.

A Simple Migration Process

Making the move to BigCommerce is simple. As with all migrations to or between Hostdedi accounts, we provide full support from start to finish. However, from a preparation perspective, there are a few things you can go over prior to making the move.

Consider what vendors you want to use for different aspects of the commerce experience. Who will be your shipping provider, who will be your validation provider? If you’re content with the ones you have, that’s great, but see if there is anything you’re going to need to do to make the move as easy as possible.

We also recommend taking a look into the different options available for manual migration. BigCommerce offers a great tool for catalog transfer from Magento. Note that if you’re running a heavily customized storefront on your previous eCommerce platform, the migration may require more work.


Get Started with BigCommerce

Interested in seeing if BigCommerce is the right eCommerce platform for you? Solutions start from $58.95 for the XS cloud package with the standard BigCommerce plan, and scale with merchants depending on their store requirements.

Learn More

Start a conversation with our sales team to find out what size is right for your store, and how else Hostdedi can help you to provide your customers with the eCommerce experience you always wanted.


Posted in:
eCommerce, Hostdedi

Source link

How to Optimize Your Magento 2 Store

How to Optimize Your Magento 2 Store

The Definitive Guide to Optimizing Magento 2

When Magento was first released, it provided an eCommerce platform that offered functionality not seen before. It still does, but as Magento stores have grown, their requirements have changed. The platform’s functionality now needs to be delivered to an increasingly large customer base, and in an increasingly performant way. For this reason, we’ve made sure that our Magento solutions are optimized to make the best use of the resources available to them.

You’ve probably heard the statistic that “a 1-second delay in page response can result in a 7% reduction in conversions.” This may be overused, but it provides vital insight into what eCommerce customers expect. A single second can be the difference between a Magento store that drives traffic and generates as much profit as possible, and one that falls flat.

“Magento is capable of supporting eCommerce stores of any size, but making the most of that power requires careful optimization.“

Since Magento’s creation, Hostdedi has worked to increase performance and optimize Magento environments. Our first guide, released in 2013, helped developers to create incredible, high-performance Magento stores. Stores which beat out the competition when it came to speed, efficiency, and responsiveness.

Our newest guide brings things into 2018 (now 2019), with everything from PHP optimizations, MySQL recommendations, and notes on how to implement Varnish and full-page caching effectively. Moreover, we’ve included all of this in a convenient 68-page book available for any Magento 2 developer who wants to know how to optimize a Magento 2 site.



What Has Changed With Magento 2?

From a technical perspective, Magento 2’s performance has improved since Magento 1; especially with regards to PHP utilization. Changes in how the application handles PHP threads has led to noticeable speed gains and better memory utilization.

Some of the reasons for this performance boost are that Magento 2 supports full-page caching, database improvements, native varnish, a modern code base, and has improved CLI tools.

This may be why in 2018, we saw the average monthly growth of Magento Cloud solutions remain stable at 21%, while by the end of the year, 64% of all hosting solutions supplied by Hostdedi remained optimized for Magento.

Yet while the second version of the application originally brought the eCommerce platform in line with the increasing demands of a modern online marketplace, these demands continued to grow. Further performance optimizations have become essential to ensuring that eCommerce businesses are now able to keep pace with their competitors.


How Can I Optimize My Magento Store?

For a full list of Magento 2 optimizations, we highly recommend downloading The Definitive Guide to Optimizing Magento 2. We will cover only a few of the main environment optimizations here.

We also recommend checking out our article Four Ways We Make Your Magento Store Faster, for a more general overview of the techniques and technologies we use.


PHP Optimizations for Magento 2


We’ve discovered several PHP optimizations for Magento 2. These are specifically designed around increasing performance and load times for users.

From a high-level perspective, we’ve managed to improve Magento PHP performance even further by turning out back on mod_php, and opting to use php_fpm instead. Php_fpm allows for the serving of seperate php processes to serve dynamic requests, so further performance tuning means improved responsiveness and a reduced memory footprint.

You’ll also find recommendations on php version usage in our guide. With our cloud solutions, it’s possible to set your php version as far back as 5.6. We don’t recommend this as using a newer php version, especially 7.0 or later, will lead to performance improvements and can dramatically reduce memory usage.

At last year’s Imagine, a third-party patch was needed to make Magento 1 compatible with PHP 7.0. As of September 2018, Magento released an official php 7.2 patch, which can be downloaded here.

Some of the PHP optimizations you’ll find in The Definitive Guide to Optimizing Magento 2 include:

  • A PHP runtime limitation of 600 seconds.
  • A script memory utilization limitation of 768MB
  • A POST data size limitation of 512MB

PHP Opcache Optimizations for Magento 2


Opcache is a PHP-caching extension able to improve performance by optimizing what static code is stored in shared memory. This can improve PHP performance dramatically by skipping the intensive compilation process and reading files directly from memory.

By default, however, Opcache is not optimized for Magento. Instead of performance gains, you’re more likely to see performance losses. After careful testing, we found several settings that could easily be optimized by configuring the opcache.ini in the php.d directory.

Some of the Opcache optimizations we recommend are:

  • Set opcache.memory_consumption to 512mb
  • Set opcache.max_accelerated_files to 65407
  • Set opcache.revalidate_freq to 4


MySQL Optimizations for Magento 2


For Magento 2 database optimization, we recommend implementing and optimizing MariaDB as a replacement in the MySQL section of your stack. MariaDB is fast and offers a simplified deployment over CentOS 7.

In general, MariaDB, by default, allocates too many resources to database processes. We’ve found that these numbers can easily be reduced while still providing improved performance.

Some of the MariaDB optimizations we’ve implemented include:

  • Single server environments to incorporate a 50% buffer size pool. For systems dedicated to MariaDB this should be increased up to 80%.
  • Set query cache size to 2% of your available memory, or 127MB.

We offer a full list of the settings for MariaDB in our GitHub repository at


Further Magento 2 Optimization Recommendations


Tune Your Stack

A well-tuned stack means optimizing the technology that helps to deliver your Magento store. Simply enabling NGINX microcaching can double store performance with no additional modifications. For more information on the stack we offer, see our application stack page.


Enable Full-Page Caching

It was introduced with Magento 2 for a reason. Even if Redis is not available and you need to use local files for caching, full-page caching will pull load away from the PHP interpreter and MySQL, increasing site speed.


Run Modern PHP

With the official update for Magento 1, there is now no excuse to not upgrade to PHP 7.0 or later. If you’re unsure on how it will affect your store, try using a dev site to test and develop safely.


Hostdedi Cloud as Changing the Magento Environment

One of the biggest changes the Hostdedi Cloud has brought to Magento 2 stores is the inclusion of Hostdedi Cloud Auto Scaling. Auto Scaling is a feature which allows for your cloud account to scale the number of concurrent users automatically, whenever your Magento store picks up traffic spikes.

For instance, if you run a sales event which results in your store receiving double the number of guests it normally does, Hostdedi Cloud Auto Scaling will allow your store’s concurrent user capacity to increase. This means no rejected page loads and no loss of potential income.


Optimize Your Website

Posted in:
Magento, Hostdedi

Source link

What Conversion Rate Should eCommerce Retailers Expect?

What Conversion Rate Should eCommerce Retailers Expect?

What Conversion Rate Should eCommerce Retailers Expect?

Conversion rate is an important indicator of the health of an eCommerce store. An eCommerce store is, essentially, a machine for converting visitors into buyers. Whatever other roles an online retailer’s site has, its ability to move people through the purchase funnel determines whether it can be considered a success.

Typically, conversion rates are compared over time: Is this month’s conversion rate better than the same month last year? But it is also useful to compare conversion rates to industry averages, answering a different question: Is my store performing as well as the competition and the eCommerce market generally?

What is a conversion rate?

A conversion rate measures the proportion of visitors to a store who buy a product. In fact, the definition is broader than that, covering any event in which a lead responds favorably to a marketing message. But, for eCommerce retailers, a sale is the most important conversion and a good measure of a store’s efficiency — although conversion rate has limitations as a performance indicator, as we’ll discuss in a moment.

A conversion rate measures the proportion of conversions relative to the number of visits in a given period.

(Number of sales / number of visits) * 100


If a store has 13,000 visitors in a month and makes 400 sales, it has a conversion rate of approximately three percent.

(400 / 1300) * 100 = 3.07


Three percent of visitors to the store bought something.

What is a good conversion rate?

The most accurate answer to this question is — it depends. But that’s not very satisfying, so let’s look at the industry average. According to Econsultancy’s Performance Benchmarks, the global average is between one and three percent. The store in the example calculation above is successful by that measure; its conversion rates are at the top of the average range. In fact, most stores have lower conversion rates. If your store is somewhere in that range, you shouldn’t be too worried, although there are other factors to consider.

The limitations of conversion rates

Conversion rates are important, but they are just one metric among several that eCommerce retailers should monitor. To take an extreme example, an eCommerce store that receives ten visitors a month and makes eight sales with an average order value of $1.50 has a conversion rate of 80%. That’s an excellent conversion rate, but it doesn’t bode well for the business.

An increasing conversion rate indicates that a greater proportion of visitors are buying products. That might mean conversions are increasing as total visits remain static (good). Or it might mean that conversions have stayed the same while traffic has decreased (not so good). Or it might mean some mixture of the previous two possibilities.

The store owner can’t be sure what their conversion rate says about the health of their store without viewing it in context with other metrics, including revenue, average order value, and, perhaps most important, profit.

Posted in:

Source link

Five WooCommerce Marketing Plugins You Need To Know About

Five WooCommerce Marketing Plugins You Need To Know About

Five WooCommerce Marketing Plugins You Need To Know About

The two biggest challenges faced by eCommerce retailers are getting people to the store and getting them to buy something when they arrive. Marketing is the domain of solutions to the first problem, and WooCommerce has many features to help bring shoppers to your store. Some are built into WordPress and WooCommerce, but many of the more sophisticated marketing tools are available as plugins and integrations.

In the WordPress world, there are excellent plugins for every possible problem, but in this article we’re going to highlight five marketing plugins that those new to WooCommerce should know about.

Google Shopping is one of the most important marketing channels for eCommerce stores. If your products aren’t included in Google’s dedicated shopping search engine, they won’t appear in desktop and mobile searches. Google Shopping is a paid service — to be listed, retailers pay for Google Shopping and Product Listing Ads. They also have to submit a feed of their products via the Google Merchant Center.

The Google Product Feed plugin generates a feed of products and associated metadata in the correct format. Retailers can choose which products and fields to incorporate, including additional data that isn’t normally available within WooCommerce. The plugin creates feeds compatible with Google and Bing.

Yoast’s SEO plugin is one of the most popular WordPress marketing plugins. It adds numerous search engine optimization features, including input elements for meta description and title tags, content auditing tools, and internal link suggestions. WooCommerce SEO makes these features compatible with WooCommerce and adds a number of eCommerce-specific features, including improved breadcrumb navigation and rich social media posts for Facebook and Pinterest.

There are over 500 million Instagram users, many of whom use the platform to discover products and follow their favorite retail brands. The WooCommerce Instagram plugin allows retailers to showcase Instagram images with a specific tag on their WooCommerce store.

OptinMonster is a cloud service that provides a suite of tools for increasing conversions on eCommerce stores. In addition to high-converting opt-in forms — including exit intent popups — OptinMonster can display relevant promotions and content to shoppers and retarget shoppers who left the store without making a purchase.

The OptinMonster WooCommerce plugins brings these features to WooCommerce, providing easy-to-use forms, personalized messages, split testing, and cart abandonment solutions.

AutomateWoo is a marketing automation solution for WooCommerce. There is some cross-over of features between AutomateWoo and OptinMonster, but it’s worth taking a look at both to see which fits your needs better. AutomateWoo automates a number of common email-based marketing strategies, including follow-up emails for upselling and cross-selling, abandoned cart recovery emails, personalized coupon generation, review rewards, card expiry notifications, and more.

We’ve covered just five of the best marketing plugins available for WordPress and WooCommerce. There are many more, and you can browse the full selection on the WooCommerce extension directory.

Posted in:

Source link

How To Protect Your WordPress Business From Insider Threats

How To Protect Your WordPress Business From Insider Threats

How To Protect Your WordPress Business From Insider ThreatsIn January, users of the popular WPML WordPress plugin received a concerning email. It warned that there were serious security vulnerabilities in the plugin. The email came from a genuine WPML address, and customers had no reason to think it wasn’t legitimate. WPML is used on tens of thousands of WordPress sites, and a critical unpatched vulnerability could have been a security nightmare.

Except there was no vulnerability, and the email had been sent by a disgruntled former employee who had gained access to WPML infrastructure. The attacker used an old SSH password to gain access.

Insider attacks are not as rare as you might think. In a recent survey, 53% of respondents said that their organization had suffered an insider attack in the last year. Insiders are implicated in just under a third of all cybercrime breaches. A PwC survey showed that employees, service providers, and contractors are responsible for a huge number of security breaches. A third of executives reported that online crimes perpetrated by trusted insiders caused financial and reputation losses to their organization.

Insider threats are challenging to defend against. A certain level of trust is required for employees to do their jobs. If they choose to abuse that trust, there’s little a business owner can do about it until the damage is done. But there are steps that security conscious business owners can take to limit the risk of insider threats to their WordPress business.

Give Every Employee Their Own Account

Every employee and freelance developer, designer, or marketer should be given their own user account if they need an account at all. For every application or server they need access to, a unique account should be created just for them. There should be no shared accounts.

It is often more convenient to use shared accounts, which is perhaps what happened in the case of WPML. There should be no “old SSH” accounts to be used by anyone who happens to know the password. Consider how many other ex-employees and contractors may have had access to the same account.

Limit Access Using WordPress’ Roles And Capabilities

WordPress comes with a range of user roles, each of which has associated capabilities. A user given the Administrator role has full control over all admin features on a site. An Editor can publish and manage their own posts and the posts of others. An Author can only publish and manage their own posts.

Because you give everyone their own account, you can restrict their privileges to those they need to do their job.

Delete Accounts As Soon As An Employee Leaves

The main benefit of giving everyone their own account is that it can be deleted immediately if they leave. Once the departing employee’s accounts are deleted, they no longer have access to do mischief. When you hire a writer and give them access to publish content on your WordPress site, it’s a bad idea to let them keep their access forever.

Keep a record of which accounts an employee has access to, and delete them as soon as possible.

Educate Employees

Giving everyone an account with limited privileges is security commonsense, but it doesn’t help if employees share their passwords. There are many reasons to share passwords, and it is often convenient to give a co-worker a password so that they can access features and data they wouldn’t ordinarily be able to. But sharing passwords undermines security. Employees and contractors should be made aware of the risk and discouraged from sharing authentication credentials.

The security precautions we have covered are widely acknowledged to be the right thing to do, but they are rarely implemented. Why? Because it is inconvenient, creates extra work, and costs money. However, taking security precautions is not as inconvenient as the financial and reputational havoc of a security breach caused by an insider.

Posted in:

Source link

Building Your Drupal 8 Site

Building Your Drupal 8 Site

Welcome to Part 3 of our series, Getting Started with Drupal 8. Go here for Part 2.

Last entry, you learned the basics of creating content, adding images, and dabbled in your first themes and modules. Before we start adding more your content — and we will in Part 4 — let’s look at some other fundamentals of managing your Drupal site.



Tailoring Your Site’s Identity

Although we installed a theme in Part 2, Navigating Drupal, this section uses the default theme, Bartik. If you are currently using a different theme, you can revert by selecting Manage > Appearance, locating the Bartik theme, then clicking Set as default.

 Tip: To stay focused on Drupal basics, this article does not explore Cascading Style Sheets (CSS), which are a powerful and effective way for a developer to customize a website.

Site Details

To start, view your current site as a user by opening an alternate browser where you are not currently logged in as an administrator. There’s a few ways to confirm you’re viewing it as a user, but the easiest is to check for the Log in option on the upper right.

It’s possible to move this, but we’ll cover that in a later entry.

First, let’s change your site name. From your admin menu, select Configuration > System > Basic Site Settings. In the SITE DETAILS section, fill the Site name and Slogan fields with whatever appeals to you.

The Email Address field is the email for the site itself, though it currently shows whatever email you provided when creating the site. You can change this later. This address will receive automated emails, such as password resets and other notifications. It is not what site visitors will use to contact you, which we will set later.

Scroll down to see areas to designate your site homepage (FRONT PAGE) and 403 (access denied) pages. Note where to find these, but leave them blank for now.

Click, then click  to view your changes as an admin. While you’re at it, check out your browser tab. This is your first step in search engine optimization (SEO), which makes it easier to search engines to find your site.

Regional Settings

From your admin menu, select Configuration > Regional and Language > Regional Settings.

Make necessary changes to the Default Country, First day of week, and Default time zone drop-down options.

Click  when done.

Adding Your Logo

If you don’t already have a logo, save the “FEARTHESQUIRREL” logo to your local device. You can always change this later.

From your admin menu, select Appearance, then click the Settings tab.

In the LOCAL IMAGE section, clear the Use the logo supplied by the theme checkbox. In the Upload logo image section, click   to upload your logo. Click   when done, then return to your homepage.

It’s a welcome replacement for the Drupal logo, but it clashes with the default blue at the top of the page. To fix it, select Appearance, then locate the Bartik theme and click Settings.

You will now see a COLOR SCHEME and Preview section.

 TipIf you are using a theme other than Bartik, this page may look different from our screen captures.

The Color set drop-down list is currently set to the default Drupal appearance, Blue Lagoon. It provides a handful of other options, but ignore those for now.

For the sake of learning the basics, we’re adopting a minimalist approach:

 TipAs you make changes, view the Preview section to see their effects.
  1. Set the Header background top and Header background bottom fields to pure white. You can use the color grid, or just enter FFFFFF in both fields.  
  2. Oops! The white background washed out our slogan and some of the other text. Change the Title and slogan field to black. Either use the grid, or enter 000000.
  3. Adjust the Sidebar borders field to black, just as you did in step 2.
  4. Click , then return home to check your work.
  5. As you can see in the preview, the site name next to our logo is redundant. Let’s remove it. Click  on the upper right.
  6. Click the   by the site name, followed by Configure Block.
  7. In the TOGGLE BRANDING ELEMENTS section, clear the Site name check box, then click .
  8. You can view your site from your home page, but now would be a good time to view it from your alternate browser so you can see it as a visitor would.

    Sparse but clean!

Adding Your Favicon

Let’s replace the Drupal favicon appearing in your browser tab with our own.

If you don’t already have a suitable Favicon, download the one shown below to your local device.

Select Appearance from your admin menu, then once again locate the Bartik theme and click Settings. Scroll down to the FAVICON section, then clear the Use the favicon supplied by theme check box.

In the Upload favicon image section, click  to upload your logo. Click when done.

Return to your home page to view your new favicon!

Setting Permissions and Roles

Drupal is designed for teams of multiple users. It is possible to tailor specific roles and permissions without adding modules.

Access your permissions and roles by selecting People from your admin menu.

Permission Fundamentals

 TipUse caution when assigning permissions, especially ones saying “Warning: Give to trusted roles only; this permission has security implications.”

Click the Permissions tab.

Drupal’s default installation provides three types of users; anonymous, authenticated, and administrator. Take a few moments to scroll through the list and take a glance at the default permissions for each type. You can customize any of these roles.

Anonymous users

Anonymous users are unregistered. Anyone visiting your site for the first time will be this type, and the View published content permission means they can view your site. Otherwise, they have very few permissions, but we recommend going one step further: disable their ability to contact the site using the site form. This will help prevent spam.

Authenticated users

Authenticated users represent users logged in with registered accounts. Unlike anonymous users, they can use shortcuts, contact the site, view basic HTML, and post comments. We’ll save the topic of comment moderation for a later entry in this series.

To set up the process by which anonymous users become authenticated users, go to your admin menu and select Configuration > People > Account Settings. Scroll to the REGISTRATION AND CANCELLATION section.

The default settings achieve a good balance of security and convenience for many sites. The current option under Who can register accounts?, Visitors, but administrator approval is required, means admins must approve any user attempting to become an authenticated user. The top option, Administrators only, means visitors wanting to become authenticated users must contact an admin directly, who will create the account on their behalf. Your choice will depend on the purpose and volume of your site.


Administrators have access to all areas of the site. This role can be given to anyone. As the site’s creator, however, you are the superuser and it is not possible to change the superuser’s permissions.

 Tip: Protect your site by keeping the superuser role to yourself. Don’t share your superuser login credentials with anyone!

If you plan to have several people helping you work on your site, it is best practice to avoid handing out this role to everyone. Continue to the next section for details.

Creating Roles

You can designate different “flavors” of administrators by creating new roles. While the “how to build a site development team” question is outside of our scope, possible roles include:

  • Site builder: Researches and maintains modules, structure, and configuration
  • Site designer: Creates CSS and maintains appearance and aesthetics
  • Content manager: Writes, edits, and manages all site content; may oversee content writers
  • Community manager: Oversees content, permissions, and the comments
  • System administrator: Monitors and maintains site performance, security, and uptime

Drupal makes it easy to tailor permissions on an as-needed basis. To create a role, go to your admin menu and click People, then click the Roles tab. Click to get started.

In the Role Name field, enter a name, like “Content Manager.” Click when done.

Any new role you create begins with the same permissions as Authenticated Users. To customize them, click the Permissions tab.

For a content manager, we’d likely want them to have any permissions related to creating, editing, or maintaining content. Many of these are found in the Node section. The exact permissions for each member of your team will vary according to your needs, your team size, and other factors.

 TipAlways assign permissions with care, particularly any that change content or contain the phrase, “Warning: Give to trusted roles only; this permission has security implications.”

Giving Users a Way to Contact You

It is usually in your interests to make it easy for authenticated users to reach you with feedback about your site.

Go to your admin menu and select Structure > Contact forms.

For now, ignore the Personal contact form, which allow users to contact one another, not you. Go to the Website feedback option, then click .

In the Recipients field, specify the email addresses to receive the feedback. In the Message field, enter the message viewed by the user after they send you feedback. Click when done.

Test your work. Return to your homepage, click Contact, and walk through the process to see if it unfolds as you planned.

You can create additional forms, but without modules, you can only have on default feedback form at a time.

Reports to Rememgber

Your default installation of Drupal 8 provides you with reports to help you maintain your site troubleshoot issues. To view your options, go to your admin menu, then click Reports.

Available updates serves as a reliable way to check if you site is out of date. Running anything other than the latest stable version can expose your site to malicious activity. You can also subscribe your email address to update notifications by clicking the Settings tab. We also recommend following @drupalsecurity on Twitter and subscribing to RSS feeds for core security updates, contributed project updates, and public service announcements.

Recent log messages can help you monitor or troubleshoot your site. Use the Type and Severity filters to refine your search as necessary.  

Status report a general assessment of the “health” of your site and provides other system information. If you have a more serious error or warning, it will often, but not always, be found here.

Next Steps

See you soon in Part 4 of our series, Getting Started with Drupal 8! On deck is trying our hand at graphics, metadata, newsfeeds, sidebars, and a few other squirrely surprises.

Posted in:

Source link

Miguel Balparda’s Adobe Summit recap

Miguel Balparda’s Adobe Summit recap

Miguel Balparda's Adobe Summit recap After a week in Las Vegas as a Summit Insider for the Adobe Summit, I’ve learned quite a few things about Adobe and their plans for Magento 2.

Adobe invited all of the Magento Masters to assist their annual event as Summit Insiders, a program that includes top executives, industry experts, major media correspondents, and pioneers in technology from around the globe.





Disclaimer: As a Magento Master, I attended the event for free, but these opinions are my own.

Day 1

The week started with an Insider’s presentation, reviewing previous years and also showcasing some of the new Adobe tools we should be using already, like Adobe Rush and Adobe Sign with its Office 365 integration. One of my favorite takeaways of going to this non-Magento event was getting to know the rest of the influencers and how they apply their different backgrounds to eCommerce.

After the introductory session, we headed to The Mirage for the Experience Maker Awards, an incredible private event including a reception and acts from The Beatles Love theatrical production by Cirque du Soleil. Several companies walked away with awards, with Platypus Shoes, a Magento 2 site, winning Best Commerce Experience.

Day 2

Day 2 started with the opening keynote, where Shantanu Narayen explained how Adobe sees the market and how their analytics point to retention as “the new growth.”

Right before the keynote, a new Techcrunch blogpost dropped, highlighting Adobe Commerce and how it integrates with Magento 2. Right after Santanu, Jason Woosley jumped on stage and explained to an audience of 16,000 what this meant for Adobe and Magento. Adobe Commerce is not a rebrand or a substitute for Magento 2, but a bundle of Adobe, Magento, and Adobe Experience Manager (AEM). This new product integrates with the Amazon marketplace to try to close the last gap in Adobe’s experience offering.

Right after the keynote, the Community Pavilion opened. This pavilion was immense, with huge demos showcasing integrations between Adobe products with VR and AR. I paid extra attention to the Adobe Experience Manager and Magento2 GraphQL integration, an interesting proof-of-concept that creates product pages using drag-and-drop predefined blocks with the Venia theme.

The day continued with sessions about different technologies. I assisted one with Magento Cloud, but my favorite was from Dr. John Grotzinger, chief scientist for the NASA Curiosity rover mission to Mars.

Right after, we were invited to go back to the 90s by experiencing the thrills of Rolodexes, floppy disks and VHS movie rentals.

After a long day, we moved to the Influencers and Media reception at CHAYO for some beers, tacos, and enchiladas. We met several Adobe enthusiasts and chatted about the future of Magento, with everyone agreeing we had much to be excited about!  

Day 3

Day 3 started with more sessions, with Shantanu Narayen and Microsoft CEO Satya Nadella taking the stage stage to talk about how Adobe and Microsoft work together to integrate their offerings.

Right after them, Reese Witherspoon and Adobe CMO Ann Lewnes took the stage to discuss how Reese launched her own production company and self-funded it for 5 years, making it possible to make her own decisions without shareholder interference.

After the keynotes, we headed back to the community pavilion to visit sponsors and take part in a Magento Masters Mixup meeting with Adobe employees. In this meeting, we met David Nuescheler, one of Adobe’s open source advocates and a key figure to follow if you’re interested in the future of Magento 2 open source.


The day wasn’t over yet and we headed to Sneaks, where Adobe showcases what’s to come in the near future. Hosted by actress, writer, and producer, Mindy Kaling, and Steve Hammond, Adobe’s Sr. Director of Experience Business in APAC, much of the focus was on AI and VR technologies.

After Sneaks, we gathered up some more Magento peeps and headed to the T-Mobile arena for Adobe Bash, the closing party featuring The Killers. There is not much to say about this, other than it was by far the coolest closing party I’ve ever attended! The Killers played all their hits in an arena just for Adobe, with plenty of food and drinks to go around.

After the party was over, I headed back to the hotel to rest up and start packing, but we had one day to go!

Day 4

Day 4 was all about Marketo and their Marketing Nation Summit, which is now part of Adobe Summit. I assisted with a couple of sessions, but took most of the day to get to know more Adobe integrators and developers and their ecosystem. One the day ended, I headed back home to Argentina to rest up and get ready for Magento Imagine in May.  

The biggest takeaway was how Adobe wants to include and integrate Magento into their offerings, and how we can work with other platforms to create a unique experience for our customers. Witnessing this first-hand helped me understand the size of Adobe (it’s HUGE), its potential for customers, and how those customers differ from the customer base we’re used to.. I’d say our builds will now become bigger and more complex, but with the correct developers and integrators, we can continue to consider Magento the leading eCommerce platform worldwide.

See you in Las Vegas next month for Magento Imagine!

Posted in:

Source link

Hostdedi WAF Update Protects Against Magento Core SQLi PRODSECBUG-2198

Hostdedi WAF Update Protects Against Magento Core SQLi PRODSECBUG-2198

Hostdedi WAF Update Protects Against Magento Core SQLi PRODSECBUG-2198On March 28th, a set of vulnerabilities for Magento Core were disclosed, one of which can allow an unauthenticated visitor to execute a SQL injection attack. These vulnerabilities are addressed in the most recent Magento security update and affect the following versions:

  • 2.1 (fixed in 2.1.17)
  • 2.2 (fixed in 2.2.8)
  • 2.3 (fixed in 2.3.1)

What Does This Mean?

A SQL injection attack can allow malicious actors to make requests against your website which execute queries on the Magento database. These requests can potentially read or write to the Magento database, allowing unauthorized access or changes such as adding an administrative user or reading hashed passwords, encryption keys and encrypted credit card data.

This particular vulnerability is troubling due to the fact that it requires no authentication and any website visitor can potentially execute a malicious SQL injection request against your web store.

How Is Hostdedi Handling This Disclosure?

Soon after receiving notification about this vulnerability, our System Operations team immediately started investigating mitigation strategies.

We found that our existing Web Application Firewall (WAF) rules were successfully mitigating a proof of concept of this vulnerability. However, there was room for improvement and possible conditions under which the vulnerability could still be taken advantage of.

Our System Operations team created an improved set of WAF rules for this vulnerability and successfully deployed them across our managed platform on the morning of March 29th.

To be clear, this mitigation only filters the currently known attack strategies for this vulnerability. It still remains critically important that you patch your Magento installation as soon as possible.

What Should I Be Doing?

While we’ve implemented the mitigation strategy, we would highly recommend still ensuring that you update your Magento installation to the newest version or that you patch (via the patch “PRODSECBUG-2198”, which is available here) your site to ensure that you’re completely protected.

Additionally, we’d recommend that you or your development team review your existing codebase to ensure that no malicious code was injected into your site prior to this vulnerability is disclosed.

As always, if you have any issues with doing so on your own or run into any problems there, please reach out to our Support team directly and we’ll do our best to help.

Posted in:

Source link

Fixing Mixed Content Warnings On WordPress Sites

Fixing Mixed Content Warnings On WordPress Sites

Fixing Mixed Content Warnings On WordPress SitesLast year, Google announced that over 75% of Chrome traffic was protected by HTTPS, a large increase on the previous year. The pace of HTTPS adoption accelerated as the cost, complexity, and performance implications were addressed. With Let’s Encrypt, anyone can get a domain-validated SSL certificate for free. Configuring a WordPress site to use an SSL certificate is easier than ever. Performance overheads are negligible for all but the largest sites. But there are still challenges to HTTPS adoption on established WordPress sites: mixed content warnings top the list.

What Is A Mixed Content Warning?

Browsers display mixed content warnings when an HTML page contains both HTTP and HTTPS content. They won’t load unsafe content in a supposedly safe environment. A fully-protected page is safe from snooping, but that can’t be guaranteed if there are non-protected elements on the same page. Browser developers want users to be aware of the risk to avoid instilling a false sense of security, so, in addition to blocking unsafe content, they display a warning. Google’s Chrome displays a warning icon in the space a padlock icon would appear for a secure site and a warning notification instructing users not to enter sensitive information such as passwords.

Mixed content warnings are caused by lingering HTTP links on a WordPress site that should serve content over HTTPS. It is challenging to make sure every link to every script or image is changed to HTTPS. Theme and plugin developers are sometimes less careful than they should be when including assets. A single errant image file can raise a mixed content warning and give visitors a reason to doubt the security of a page that is, in fact, perfectly secure.

Fixing Mixed Content Warnings

The first step in solving mixed content problems is to find the offending URLs. On a WordPress site with only a few pages, it can be done manually. Open each page and look for a mixed content warning. When you trigger one, open the browser’s developer tools. In Chrome you will find them under the More Tools submenu of the main menu. At the far right is an indicator of errors and warnings; click on it and Chrome shows a list of errors, including the assets that caused the mixed content warning.

Changing the URL protocol from HTTP to HTTPS should eliminate the warnings. If the content is not available over HTTPS, which is unlikely, you will have to provide an alternative source that is available over HTTPS.

For larger sites, checking each page is not an option. Tools like the free SSL Check crawl a limited number of pages and identity problematic URLs. Fixing the URLs can be done via a search and replace tool such as the one built into the WP-CLI utility. Read this guide and be careful; try this out on a test installation before running it on your live site.

In most cases, the following command will do the job:

wp search-replace '' '' --precise --recurse-objects --all-tables

Finally, a less permanent but easier solution is offered by the Really Simple SSL plugin, which dynamically alters URLs to include HTTP rather than rewriting database tables.

Posted in:

Source link