In 2017, global ransomware attacks like WannaCry and NotPetya rocked the world, devastating both businesses and government organizations. Troublesome though they were, they were only the beginning. Ransomware is on the rise, and it’s only going to get worse from here.
Criminals have realized that ransomware can act as both a data exfiltration method and as a distraction for a larger attack. They’ve realized that holding information for ransom can be just as lucrative as stealing and selling it. And they’ve realized that in all cases, ransomware requires almost no effort on their end.
In short, you need to do everything in your power to protect yourself – here’s where you can start.
Back Everything Up
The best defense against a ransomware attack is and always will be an air-gapped backup. By maintaining several copies of your data and images of your system both in an online repository and in an isolated, on-site backup server, you can ensure that any systems compromised by ransomware can simply be deleted. At that point, it’s just a matter of restoring your systems to working order.
Now, there’s a reason I recommend multiple backups – and that you keep multiple copies. Truth is, ransomware developers know that backup data is their main weakness. As such, they’ve started to target backups.
Educate Your Employees
Believe it or not, your employees are actually a bigger threat to your data than any external bad actors. Phishing scams, for example, are one of the chief delivery vessels for malware and ransomware. What that means is that if you don’t train your employees to recognize scams and socially-engineered attacks, there’s a good chance you’ll be dealing with ransomware sooner rather than later.
Host regular training sessions and establish a knowledge base your staff can draw on to help them stay secure.
Ransom-Proof Your Systems
The most troubling fact about WannaCry is the fact that it exploited a vulnerability that was several years old. Many of the victims that were targeted by the ransomware could have prevented infection if they’d simply kept their systems up to date. To that end, you need to apply security patches and updates the moment they become available – and wherever possible, avoid using outdated operating systems.
Additionally, it’s important that you ensure all systems on your network can be air-gapped on demand. That way, if ransomware does hit your network, you can isolate it before it causes widespread damage.
Don’t Let Hackers Hold You For Ransom
Ransomware isn’t going to stop being a problem. If anything, it’s only going to get worse – more advanced and sophisticated, and available as an attack method for more hackers than ever before. Defend yourself now, instead of wishing you did something later.
WordPress isn’t the most popular CMS on the market without reason. It’s modular, it’s easy to use, and it’s got a fantastic plugin ecosystem. But it’s easy to forget that it also isn’t your only option when it comes to building a website.
There are plenty of content management systems in the sea, after all. Today, we’re going to discuss one of the more formidable ones. It’s called CraftCMS.
What Is It, Exactly?
Created by ExpressionEngine plugin developer Pixel & Tonic, Craft is billed as a “content-first” CMS tool. It’s created to allow for far deeper control and greater performance than other content management offerings.
Written in PHP and run on the Yii platform, it takes the ‘content’ part of content management literally. Unlike WordPress, it does not include any tools for website creation. Anyone who uses Craft will need to either build their own stuff by hand or hire someone to do it.
It also doesn’t have any sort of official theme or plugin marketplace – so again, if there’s anything you want to do in terms of customization, you’ll need to handle it yourself.
That said, it does have a thriving (and fast-growing) developer community, so you won’t be completely on your own in that department.
“Craft is for folks who like to take their time and do things right, building out their HTML, CSS, and JS by hand,” reads the documentation. “This is not a site builder or some sort of design tool. There are no themes, and you won’t find any flashy UI tools full of sliders and other gadgets that will help you “design” your website in minutes.”
The trade-off is that Craft is both extremely scalable and exceptionally customizable. If you can code it, Craft can handle it. That’s a huge plus – though some people might be turned off a bit by the fact that it’s comparatively much more difficult to use than WordPress.
Why Use It?
The short answer is that Craft excels at managing sites with a large volume of interconnected and interrelated content. Although smaller sites can make excellent use of the content management tool, where it really shines is with massive, sprawling content bases.
Plenty of enterprises are already using the CMS, including Netflix, Emily Carr, Salesforce, Wildbit, and Oakley.
It’s important to note that although Craft takes a lot of legwork and development expertise to set up, it’s actually incredibly publisher-oriented. The backend is extremely easy to use, and provides a simple, streamlined administrative dashboard that makes content creation a breeze.
The most notable element of this backend is something called Sections and Entries. This is the primary means by which Craft organizes its content. An entry is a single piece of content like a blog post, and has an author, date, and optional timed expiration attached to it.
Sections arrange entries into categories, and can be standalone pages, related entries, or even full hierarchies. Related entries can be easily tied to one another using a built-in schema system, and
It’s actually quite sophisticated, and features like Matrix (which allow certain pieces of content to be grouped together and reused with ease), multiple authors, built-in search, automatic localization, and categories/tags makes the organization and customization of content even deeper.
This level of customization probably isn’t necessary if you’re just running a small blog with a few authors or a storefront for a small business. It’s also not meant for massive enterprises that need a laundry list of features or organizations that need to develop an SaaS applications.
If, however, you’ve a large base of contributors, a highly-trafficked site, or enough content that it would be difficult for you to keep track of it on your own, then Craft is a perfect option.
How Do I Use It?
The first thing you’ll want to do is navigate to the Craft website and download the codebase. Make sure you’ve got PHP 5.3x or above and MySQL 5.1 or above installed. You’ll also want to ensure your web host is capable of meeting Craft’s requirements (Hostdedi is, don’t worry).
Finally, you’ll also need an FTP client such as Transmit and a rich text editing tool.
Once you’ve downloaded Craft, unzip it somewhere on your computer. You’ll then be confronted with two folders, craft/ and public/. The former will need to be uploaded to your server in its entirety, above your web root. The public folder can be uploaded wherever you choose.
Next., you need to set Craft’s permissions. At minimum, you’ll need to ensure that craft/app/, craft/config/, and craft/storage/ have write permissions assigned to them. You can find recommended permission settings here.
Your third step will be to create your database, then you’ll need to ensure Craft is properly configured to connect to said database. Your host can help you with this step, and walk you through configuration. However, you may need to take care of ensuring Craft knows where that database is and how to connect to it.
With all that out of the way, all that’s left to do is run the installed and start building your website. Note that Craft uses HTML website templates constructed in Twig, so you’ll want to familiarize yourself with it. Plugins are
Get Creating
In a lot of ways, WordPress is designed to be a jack of all trades. It’s a content management system that can do just about anything you want it to. Craft isn’t like that. It’s made to do one thing, and one thing only.
But it does that extremely well. If you’re willing to look past the fact that you’ll need to design your own website and (probably) code your own plugins, Craft can excel at just about any content project you set it to. And if you need a great host to help you run things, why not give Hostdedi a try?
Since we first added WooCommerce hosting to our lineup of performance-optimized eCommerce hosting options, we have seen huge demand from retailers looking to combine the user-friendliness of WordPress with WooCommerce’s simple yet powerful eCommerce experience. We’re delighted that so many retailers have embraced our unique spin on WooCommerce hosting, which is capable of supporting stores of any size.
Towards the end of last month, WooCommerce 3.3 was released. As a minor release, there are no big new features, but, in typical WooCommerce style, there are plenty of small enhancements that add up to an easier workday for retailers.
We’re going to have a look at a few of the enhancements that arrived in WooCommerce 3.3, but before we get to that, I’d like to talk about the little hiccup that disrupted the usually smooth release process.
One of the goals of WooCommerce 3.3 was to increase compatibility with third-party themes. However, the changes caused problems on some third-party themes, which lead to the removal of WooCommerce 3.3 from the WordPress Plugin Directory. It was a small issue, affecting the display of categories in some themes. The issue was soon resolved and WooCommerce 3.3.1 was released, which is the version you’ll get if you update WooCommerce today.
New Features In WooCommerce 3.3
An improved order screen.
The order screen has been given a facelift, with larger buttons that display an order’s status on the order screen itself, saving users from having to click through to the order’s details to see its status.
A new stock status.
WooCommerce 3.3 includes a new stock status for items that have stock management turned on. When a store’s stock levels reach critical, WooCommerce will show the item is “Backordered” or “Out of stock”, making it easier to see at a glance the status of specific products.
On the fly thumbnail regeneration.
This one solves a minor but long-standing annoyance for retailers: from WooCommerce 3.3, image thumbnails will be automatically regenerated on-the-fly when new product images are uploaded.
Broader theme compatibility.
Usually, WooCommerce retailers use WordPress themes that have WooCommerce support built-in. Ordinary WordPress themes have been known to cause problems. WordPress 3.3 adds improvements to allow just about any WordPress theme to work well with the eCommerce plugin, which means WooCommerce users can choose from a much bigger pool of themes.
Since the mixup with theme support earlier in the month, you might be tempted to hold off on updating to WooCommerce 3.3(.1). But, it is generally a good idea to install new versions of WordPress plugins as they become available. In addition to adding new features, releases typically include security fixes to close vulnerabilities in the software. If you don’t install the new release, you don’t get the fixes. The most recent version of WooCommerce has been tested on dozens of themes, and everything looks great so far.
Last week, WordPress 4.9.3 was released. It brought the usual variety of minor enhancements and security fixes, but it also introduced a nasty bug that may prevent your WordPress site from updating itself properly in the future.
The bug is in the automatic update system. WordPress is able to automatically update itself for minor releases, those that increment the last number in 4.9.3, for instance. WordPress sites have happily upgraded themselves to WordPress 4.9.3, but because of the bug a in that version, WordPress sites may not be able to automatically update to future minor versions.
If your site updated automatically to WordPress 4.9.3, you may have to manually update to WordPress 4.9.4, which was released the next day to fix the problem.
The bug was introduced while the automatic update system was being modified to reduce the number of API calls it makes during updates, but those changes were, apparently, not properly tested, and stopped automatic updates working altogether on some WordPress installations.
If you aren’t using automatic updates, this isn’t something you need to worry about; apply the updates manually as you normally would. If your WordPress site is running a slightly out-of-date version, you are probably not affected either since the automatic update system only does minor version updates (although you should think about how safe it is to run outdated versions of WordPress in the first place).
In general, automatic updates are good for WordPress users, although they were met with some skepticism from WordPress professionals when they were first introduced with the release of WordPress 3.7. Most WordPress users aren’t professionals. Out-of-date WordPress sites cause security problems for site owners and visitors. Professionals can turn off automatic updates and manage the risk themselves, but for ordinary users, automatic updates are the most secure option.
A bug that disables automatic updates is a serious problem because WordPress users who assume that updates are being handled automatically by the system are unlikely to check for every minor release: their sites may be vulnerable through no fault of the user.
In fact, the only WordPress sites that are affected by the bug are those that have been manually updated to the most recent major version. Only security-conscious WordPress users are in the crosshairs on this one, which is why it’s so important to make sure WordPress users check their sites.
If you haven’t updated your site to WordPress 4.9.3 or 4.9.4, you might want to reconsider. Although a minor maintenance release to the WordPress 4.9 ‘Tipton’ line, it includes a variety of fixes and enhancements, including 34 bug fixes for Customizer changesets, widgets, the visual editor, and PHP 7.2 compatibility.
If you’re worried about the bug in the automatic update system or want to update to the most recent version of WordPress, select the ‘Updates’ category in the Dashboard and click ‘Update Now’.
Now that we’re well into the New Year, let’s take a look at what’s been trending so far so we can stay on top of the game! Check out this month’s roundup and if you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+. Enjoy and…
The move by browsers to warn visitors of web pages served via HTTP as “Not Secure” has been in the works for a while. Preparing for the inevitable has also probably been dead last on your to-do list. Unfortunately, pretending there’s no fire doesn’t mean you won’t eventually get burned.
Implementation has been gradual and the end date has been moved out a few times. According to today’s announcement by Googleyou’ll need to get an SSL certificate for all your webpages, not just the ones with login requirements or forms, by the time Chrome 68 launches. Starting July 2018, Chrome will universally alert visitors landing on any HTTP webpage. What began as a nudge from Google and Mozilla has become a no-exceptions requirement. I’m guessing the “Your connection is not secure” message isn’t what you want your visitors to see.
Why HTTPS?
HTTP served internet users well for many years. Given today’s cybercrime-ridden web it has one crucial flaw. HTTP is just not secure. HTTP data in transit can be stolen or manipulated.
HTTPS is secure and shows visitors https:// in the browser bar indicating encryption is authenticating the server and protecting transmitted information. It’s easy to understand why web browsers are now requiring it as a standard.
HTTPS also helps you leverage the faster performance enabled by HTTP/2, gives you up to a 5% boost in search engine visibility, providers a more seamless user experience and unlocks popular mobile options.
How do I get HTTPS?
SSL certificates enable HTTPS. The sooner you install one on all your webpages the better. Remember, website security is about more than encrypting data. Ensuring who’s on the other end of the data transfer is equally, if not more, important . Having the right level of identity validation is crucial. Choosing the right SSL certificate can be confusing, but it doesn’t have to be. Hostdedi is here to help you sort through your options. Together we’ll find the most cost-effective way to meet the July 1 deadline, and boost your bottom line.
In almost every country there are independent journalists who use the freedom of the web to bring stories to audiences ranging from the hyper-local to the global. Independent journalists need a publishing platform that they control: social media networks are vital for cultivating awareness and connecting with an audience, but they are not independent of the interests of their owners. WordPress allows independent journalists to be truly independent. WordPress is free, open source, and, most importantly, platform independent.
Independent journalism covers everything from local events to global happenings, and from the experience of a single person to stories that impact the lives of millions. Independent journalists are often ordinary people caught up in events they feel compelled to document and communicate. They are essential voices in a world dominated by competing interests and fractured perspectives.
Traditional news media outlets and large online publishers have the resources to deploy custom content management systems. And some do, but many turn to WordPress because it has the flexibility and scalability to support even the largest sites. But the great thing about WordPress is that it makes all that power available to everyone, for free.
Unlike “publishing platforms”, WordPress is a web application anyone can download and install on a hosting account or server under their control. Once the code has been downloaded, it’s up to the site’s owner what they do with it. The WordPress organization can’t tell an independent journalist to stop using WordPress or to take down an article that they don’t like.
WordPress is open source. That means both that the code that underlies a WordPress site can be examined by anyone and that anyone can change the code if they want to and distribute their changes. That code is written by a collective of companies and independent developers — no single organization calls the shots. In the unlikely event that were to change, WordPress could be forked: the code could be used to start a new project that keeps WordPress free.
While we’re discussing abstract freedoms, we shouldn’t forget about the practicalities. Every user of WordPress has access to thousands of free themes to shape the design of their site. There are tens of thousands of plugins to choose from, each of which extends the functionality of a baseline WordPress installation.
Social media networks are a powerful tool for independent journalists, allowing them to build an audience of followers, to publish content, to communicate with sources and readers. Without social media, independent journalism wouldn’t be as influential or as effective. Social media networks are also easy to use even for people with no technical knowledge.
So why would an independent journalist need a site of their own?
Once again, we return to control and ownership. For those who choose a premium managed WordPress hosting company to host their site, many of the technical challenges are taken care of. The result is a site entirely owned and controlled by the journalist, who is not beholden to anyone for permission to publish. And, as I alluded to at the beginning of this post, a WordPress site can easily be migrated to a different hosting provider. WordPress is platform independent.
WordPress is used by corporations, small businesses, eCommerce retailers, and giant publishing enterprises, but it was designed and built to give a voice to everyone.
Chatbots have been praised as the next big thing for the eCommerce user experience, but are chatbots really going to revolutionize online retail? I don’t think chatbots will ever replace the traditional eCommerce storefront: searching and browsing is a vital part of the shopping experience. But chatbots do have the potential to extend the reach of eCommerce into areas retailers have traditionally struggled with, including instant chat, which has a presence on the mobile devices of billions of users.
Imagine how an eCommerce chatbot session might go. A shopper sends a message to a retailer’s chatbot via Facebook Messenger asking for a particular product — let’s say red shoes. The chatbot uses machine learning to parse the request, surface and suggests a number of products, and apply a promotion.
The shopper picks the shoes they want and in response, the chatbot suggests other related products. Then, with a minimum of hassle, the shopper pays for the shoes within the application. The chatbot also takes care of post-purchase interactions like dispatch and delivery schedule notifications.
The ease and familiarity of the conversational shopping experience is what makes it so compelling, in theory, at least. Chatbots could make online shopping feel like in-store shopping with a personal shopper. In reality, the machine learning and AI technology aren’t quite up to the job in all cases. Well-executed conversational interfaces have incredible potential, but no one wants to shop via what feels like an old-fashioned phone tree menu.
But there are many advantages to retail that leverages conversational interfaces. For one, it gives retailers a foothold on a platform with massive engagement and a direct line to their customers. Open rates for messaging apps beat email marketing by quite a margin.
Conversational interfaces also have powerful remarketing potential. A shopper who visits a product on a retailer’s Magento or WooCommerce store could be targeted with promotions and alternative products via Facebook Messenger, Telegram, or WeeChat. The best conversational experiences can be uniquely tailored to individual customers in a more sophisticated way than is possible with traditional online storefronts.
Further, in the future, we can expect conversational interfaces to take the place of some human support interactions. I don’t think we’re quite ready for that yet, except for the simplest of interactions. But support staff are a significant cost center for eCommerce retailers.
How viable are conversational interfaces for smaller eCommerce stores? Facebook and other instant chat providers are committed to making it as easy as possible. Facebook’s Messenger platform is developer friendly, and, as the documentation boasts, you can have a rudimentary chatbot up and running in ten minutes. The payment infrastructure is also in place, allowing retailers to complete transactions without ever asking customers to move out of their chat application.
Conversational interfaces are not yet an essential part of the eCommerce landscape, but retailers shouldn’t ignore their potential to provide an improved shopping experience, marketing opportunities, and deeper engagement.
In this short series, Kevin Schroeder explains how to keep your website on the rails with proper load testing. Kevin owns consulting firm 10n Software, LLC, and has written several testing frameworks for Magento, Gmail, Twitter, and other applications.
Welcome to Asking the Right Questions, my three-part series about all things load testing. Specifically, it will cover how to prepare your site to weather the eCommerce storm, covering concurrency, types of load tests, and how to build and run them. I will include code samples, real-life examples, and how to best address common pitfalls.
It’s a common occurrence for developers. The owner of a website anticipates a spike in web traffic, perhaps due to an upcoming promotion. They ask the natural questions, “Can my site handle the increased traffic? How many thousands of users can my site handle?”
Owners want sites that can “handle X visitors” because more users equal more revenue. This is understandable, but a proper load test measures how well their server handles high numbers of concurrent requests, not just the number of web browsers pointing to the server. It’s a classic case of what they want distracting them from what they need.
A quick-and-easy way to load test is to check how many people visited the site in the last 30 minutes, and then view peak concurrency in the log with:
That command filters the access log to remove all static content, which is not a scaling factor and counts the number of completed requests in a given second.
The results give you enough to calculate average concurrency over a time period:
(average response time in ms)*(peak requests per second) / 1000
For example, if your average response time is 500ms, and you have 50 requests per second peak in your log files, your concurrency is about 25 requests.
However, this method only shows average concurrency over a period and lacks key specifics. Are the responses clustered in the first 100ms of the second, or in the last? Are there stretches of high concurrency occasionally disrupted by disastrous performance?
Given the missing details and the lack of good tools to find them, one solution is to double your result to account for the missing data. For most websites using somewhere between two and ten servers, this doubling will help account for unknown data, thus creating a more accurate estimate of performance.
And yet it’s far from ideal, and the reason is entropy. Or more precisely, the lack of it.
The problem is that load tests skew to the positive when they’re too neat and orderly. Load tests are usually built to follow a particular pattern. In Magento, this pattern is the home page, category, product page, add-to-cart, and checkout. Often, it’s also the same page each time. This has the effect of “cheating” on the load test.
Too much predictability tends to balloon performance and produce inflated results. It makes life too easy for your database, caches, and file systems. The more consistent your data, the better the system can optimize itself. Your job when writing a proper load test is to “sabotage” those optimizations with entropy.
Introducing entropy requires a fair amount of work and a developer skill set, and I have three favorites:
Use XPath or CSS post processors to extract category and product URLs from the page, which will retrieve random pages.
Add cache-busting random query strings to a certain percentage of requests.
Use random pause timers in your test threads to make requests occur at non-predictable times.
Websites don’t run in a vacuum, and users, as much you need them, spread chaos. As a developer building a useful load test, it’s your job to simulate that as best as you can.
Keep an eye out for Part 2 and 3 next week. I’ll look at two types of load tests – sizing validation and concurrency validation – and explore the dangers of just throwing hardware at your performance woes.
eCommerce is superior to traditional brick-and-mortar retail in ways that benefit both the retailer and the customer. That’s why eCommerce has rapidly taken over as consumers’ preferred way to shop. But it can’t be denied that brick-and-mortar retail has the advantage where viewing and interacting with products is concerned. One of the most important applications of Augmented Reality in eCommerce will be to bridge the gap and bring digital products into the physical world.
Augmented Reality is the introduction of digital objects — animations, images, interfaces — into a user’s environment. The user looks at the screen of a device, which uses the camera and sensors to create a digital representation of the environment and project objects into it. Through the screen, the objects appear solid and can be rotated (or walked around) just like other objects in the environment.
Augmented Reality is not a new technology, but until recently was too expensive and unreliable for widespread consumer adoption.
Companies like Apple and Google have worked to improve the state of the art in AR, and Apple’s introduction of ARKit and improved sensors and cameras in the newest models of iPhone will encourage more developers and businesses to create apps that leverage AR capabilities.
Retail Perceptions recently carried out a survey that indicated that 40% of shoppers would pay more for a product if they could experience it through AR and 71% would shop at a store that offered augmented reality. Such surveys should be taken with a pinch a salt, but AR is likely to make a significant impact on eCommerce.
Think about the typical shopper browsing the products of a fashion retail store. She wants to buy a new dress but is unsure if the products on offer will look flattering. She scrolls through image after image but remains dubious. She doesn’t make the purchase.
Imagine an alternative scenario in which the shopper was able to view the dress on a three-dimensional model — perhaps even a model based on her measurements — that she could walk around and instruct to move catwalk-style through her space. She might try the dress with different accessories in different colors. This is a more compelling and immersive experience than pictures and videos can offer.
It’s early in the adoption curve of AR in eCommerce, but many retailers are testing the waters. Ikea is the most prominent. Its iPhone app Ikea Place can be used to place 3D models of Ikea furniture in the shopper’s rooms. The iPhone knows the dimensions of the room and the furniture and shows the room as it would look with the furniture in it.
Applications like this make eCommerce better than brick-and-mortar retail —– who hasn’t bought furniture only to find that it suited the store more than their home?
Augmented Reality also has a part to play in advertising and brand engagement. SnapChat is leading the way here with Sponsored 3D World Lenses, which allow brands to insert augmented reality objects into users’ snaps.
Over the next year, we can expect to see more retailers testing the AR waters and developing innovative ways to bring together the digital realm of eCommerce and the real-world environments of shoppers.
In 2017, global ransomware attacks like WannaCry and NotPetya rocked the world, devastating both businesses and government organizations. Troublesome though they were, they were only the beginning. Ransomware is on the rise, and it’s only going to get worse from here. 
