CAll Us: +1 888-999-8231 Submit Ticket
Performance And Load Testing Your WooCommerce Store

Performance And Load Testing Your WooCommerce Store

Testing WooCommerce for Performance and SpeedSlow-loading pages and unresponsive interface elements are kryptonite for online stores. Shoppers expect a pleasant experience, and there is nothing pleasant about looking at a loading indicator for ten seconds or trudging through a multi-step checkout process that takes what seems like forever to load each page.

A fast WooCommerce store depends on dozens of hardware and software components firing in the same direction. Performance-optimized WooCommerce hosting provides the store’s main engine, but configuration mistakes and software bugs can throw sand into every page load and user interaction.

This article looks at why load testing can help to keep your WooCommerce store optimized, by finding areas for improvement and change.

What Is WooCommerce Performance and Load Testing?

Performance testing measures how a WooCommerce store performs on an ordinary day. How quickly do the home and product pages load? How long does it take for the shopping cart to be displayed after the user clicks the checkout button? Performance testing provides a baseline answer to these questions.

Load testing looks at performance under pressure. It answers questions such as these: How many concurrent users can a WooCommerce store support before performance becomes unacceptably slow? How does the store perform when traffic peaks during a sale? Load testing provides information about how your store performs under real-world conditions.

Why Performance and Load Test WooCommerce?

Performance and load testing put a WooCommerce store through its paces, revealing opportunities for streamlining and performance improvements.

By testing your WooCommerce site, you’re able to see how your hosting environment, application, and any plugins you have installed will work under pressure. You’ll then be able to see what areas need improvement – if any.

How to Performance Test a WooCommerce Store

A page speed waterfall with Google Chrome

An example page speed waterfall in Chrome.

The simplest way to load test a WooCommerce site is to time how long important pages take to load. The Google Chrome browser — and other browsers — include several tools to time page-loads and identify the causes of latency.

To do this in Chrome, head to the “More Tools” entry of the Chrome menu and choose “Developer Tools”. There are a couple of interesting tabs in this interface: Performance and Audits.

The Performance tab provides load-time measurements and a waterfall diagram that displays the page’s components and how long they take to load. This can give you a clear indication of what page elements can be optimized to increase your WooCommerce store’s performance.

In the Audit tab, you will find Lighthouse, a comprehensive performance testing tool that provides a wealth of information, including performance optimization suggestions. Once you’ve navigated to this tab, simply click “Perform an audit” to start the test. You will be given results in relation to four categories.

  • Performance
  • Accessibility
  • Best Practices
  • Progressive Web app

Under each category, you will be provided with a list of audits you have failed and audits you have passed. This gives you a great springboard for implementing more advanced page optimizations.

Alternate Tools for Testing WooCommerce

If you would prefer not to use a tool from Google that requires the Chrome browser, take a look at Pingdom tools, WebPageTest, or GTMetrix.
With these tools, you can change the location you want page requests to come from. This allows you to test the speed of your site worldwide. You can also add advanced testing conditions, such as the number of tests to run, the browser the page is rendered in, and more.

Load testing WooCommerce with Lighthouse

Load Testing A WooCommerce Store

Loading pages individually is useful, but it doesn’t capture the full shopping experience. To do so, a test must simulate several page loads, putting items into the shopping cart, checking out, and more. Lots of tests should run concurrently to determine how the store performs under real-world traffic conditions.

Load testing is more complex than performance testing and will typically require help from a developer who can automate the process. There are several web services that make load testing easier by allowing site owners to run simulated shopping trips from the service’s cloud infrastructure.

Load Impact is one of the most popular load testing services. It allows WooCommerce retailers to record a typical shopping trip using a Chrome extension and then run the same trip multiple times simultaneously.

Cloud load testing can be expensive, but it’s possible to build DIY load testing infrastructure using cloud or dedicated servers and open source software — that’s how we load test our performance-optimized WooCommerce hosting plans.


Blog Post SummaryRecently started your first WooCommerce store or looking to expand functionality? Explore these eight WooCommerce plugins we think you should know about.

Alternatively, but not take a look at the WooCommerce hosting plans we have available on cloud? They come with auto installs and a series of optimizations designed to help you get the most out of your WooCommerce store.


 

Posted in:
WooCommerce

Source link

Getting Feedback From Customers On Your WooCommerce Store

Getting Feedback From Customers On Your WooCommerce Store

Getting Feedback From Customers On Your WooCommerce StoreGetting feedback from customers on your WooCommerce store is important. Data, analytics, and split testing are some of the evidence-gathering tools you have at your disposal, but in order to create a complete picture, you should be asking customers what they think directly.

When your WooCommerce store goes live, there are a number of factors potential customers will consider; style, user experience, and interface are only a few. Some of these factors can be researched and managed before release, others require a process of trial, feedback, and improvement.

This article looks at the ways in which you can collect vital feedback on your WooCommerce store and how each of those channels has its own unique advantages.

 Try optimized WooCommerce hosting and get the most out of your store. Get Started.

Direct Vs. Indirect Feedback

Getting direct feedback on your WooCommerce store offers a complete pictureThere are two ways to gather customer experience feedback on your WooCommerce store: directly and indirectly. We often focus on indirect methods, particularly deductions based on measurements and observations. But direct methods — asking customers and paying attention to what they say — can help us to lock down the causes of poor performance faster.

When you observe that shoppers who arrive on a landing page have a higher than average chance of leaving the site immediately, it’s reasonable to develop a hypothesis about why that may be and carry out tests to see if changes to the page reduce the bounce rate. Perhaps you think that the copy on the page is confusing, so you make some changes and test to see what happens.

With enough hypotheses and tests, you will discover the key to reducing bounce rates, but it may take a long time to hit on the right explanation. It’s often quicker to ask a subset of shoppers. You don’t have to accept their answers as the absolute truth, but their input may help you formulate better hypotheses and design more effective tests.

Feedback Collection Channels

There are numerous channels through which you can collect feedback. Each of them offers its own advantages and disadvantages.

Surveys

WooCommerce survey feedback formSurveys are the most common strategy for eliciting user feedback. This method is great for reaching a large audience directly. WooCommerce retailers can take advantage of plugins such as WPForms to create on-site surveys or use a cloud service such as SurveyMonkey.

Creating surveys is easy, but getting customers to respond can be more of a challenge. You can simply ask customers to fill in a survey after they check out. However, it’s likely you will have better results if you offer a discount, voucher, or free gift in exchange for the shopper’s time.

The information you gather will be more useful and actionable if you ask a small number of specific questions. These results can be tested with an A/B test to see if they do actually improve conversion rate.

Call Customers

Another great way to gather customer feedback is to call them and ask questions directly. Calling customers is a great way to engage in high-quality, qualitative data collection and feedback.

However, most WooCommerce customers are not going to opt-in to a long phone discussion. This method can cause your customers to see you as a source of spam and it may stop them from making repeat purchases. Good use of discounts and vouchers can help to increase response rate, but it’s not guaranteed.

It’s important to be careful with who and how often you target customers in this way. One call will be ok for most people, but adding customers to a call list for repetitive questioning when they say they’re too busy, is a quick path to losing an otherwise loyal following.

Social Media

An active social media account that encourages conversations with customers can be a treasure trove of insights about customer experience and sentiment. You should pay attention to what users are saying in free-form conversations, but it is often more effective to give specific prompts — ask customers what they think.

Creating a Poll in twitter for valuable WooCommerce feedbackSocial media can be incredibly revealing due to its connection to your buyer’s journey. If you’ve set up your analytics tools correctly, you should be able to track how people are entering your sales funnel and then where they are departing.

In addition to this, social media users represent a particular segment of your market. Data gained from this channel is invaluable for defining this segment and targeting them more effectively.

Both Twitter and Facebook can embed short surveys in their feeds and promote them to particular demographics.

Support

Your support team interacts directly with customers. They handle shoppers’ complaints and questions every day. It’s likely that no employee in the company has a better understanding of the shortcomings of your WooCommerce store and the business it supports.

Have the support team take notes regarding the most common issues customers experience. Then come up with ways of reducing those issues and improving the customer experience.

Unlock the Promise of Your WooCommerce Store

eCommerce distances retailers from their customers, which is why we rely so heavily on data and analytics to make decisions. But customers can help you to understand your business — you just have to ask.


Blog Post SummaryLearn more about why you should choose WooCommerce as your eCommerce application of choice. If you’ve already gotten started, find out what the 8 WooCommerce plugins you should know about are.

Alternatively, why not see what Hostdedi WooCommerce Cloud hosting has to offer, and see why auto scaling is vital for eCommerce stores.


 

Posted in:
WooCommerce

Source link

What Is WooCommerce Marketing Automation?

What Is WooCommerce Marketing Automation?

The dream of marketers is to send personalized content to leads at precisely the moment it is likely to have the most effect. Although most WooCommerce hosting clients don’t have a multi-dimensional trove of data about shoppers, we do have clues that can be used to personalize and schedule content with a positive effect on conversion rates and eCommerce revenue.

Shoppers interact with WooCommerce stores: they browse products, put them in carts, make purchases, abandon carts, read blog articles, send support emails, visit and stop visiting, leave reviews, and more. Each event presents retailers with a chance to engage with their customers.

If that sounds complicated and time-consuming, that’s because it is. There are so many different processes involved in marketing that it is easy to neglect areas that might have an impact on the bottom line. As a retailer, you are focused on getting customers to your store with inbound marketing and advertising, improving the eCommerce experience with conversion rate optimization, building a brand, supporting customers, and more.

Marketing automation reduces the labor involved in marketing by automatically sending emails and other communications when they are relevant.

Let’s have a look at some examples.

Sign-Up Emails

When a customer creates an account on your store, you have an opportunity to engage them with content and promotions to help them understand your brand and the products you sell.

Abandoned cart reminders

As I have written elsewhere on this blog, it is more common for eCommerce customers to abandon carts than it is for them to make a purchase. Well-timed emails that remind customers of the products they selected can decrease abandonment rates substantially, especially if they include a coupon code or promotion.

Win-back programs

Here, engagement is triggered by something the shopper doesn’t do, namely visiting the store or buying a product. Win-back emails are intended to give shoppers who have not visited recently a good reason to do so.

In this article I have focused on email, but there are marketing automation solutions for a wide range of platforms, including social media, SMS, advertising.

Marketing Automation And WooCommerce

WooCommerce marketing automation can be implemented as an integration to a third-party marketing automation platform or as a plugin that provides similar functionality.

Marketo is a leading eCommerce marketing automation platform, and although it doesn’t provide a WooCommerce plugin, it is possible to move WooCommerce customers into Marketo via Zapier.

HubSpot, another prominent marketing automation provider, benefits from a third-party WooCommerce plugin that provides excellent integration and real-time data syncing between a WooCommerce store and the HubSpot platform.

AutomateWoo is a premium WooCommerce plugin that includes a wide range of marketing automation capabilities. Each of the marketing automation examples I mentioned – sign-up, abandoned cart, and win-back programs — are possible with AutomateWoo, in addition to card expiry notifications, product recommendations, SMS notifications, and more.

Automating WooCommerce marketing helps retailers to take advantage of the many opportunities for engagement with shoppers without the massive investment of time and money it would take to do it manually.

Posted in:
WooCommerce

Source link

Eight Plugins Every New WooCommerce User Should Know About

Eight Plugins Every New WooCommerce User Should Know About

Eight Plugins Every New WooCommerce User Should Know AboutOne of the things we admire most about WooCommerce is its rich out-of-the-box functionality. A new eCommerce retailer can start selling in next to no time. They can focus on adding products and configuring their store without needing to install an array of extensions to add essential features.

But including every possible feature would result in a messy and bloated application, which is why WooCommerce also provides a way to add extensions that bring new tools, integrations, and features.

Even during the setup process in WooCommerce, you are given the option of installing additional extensions to add functionality to your WooCommerce store. We highly recommend new eCommerce merchants to browse the available WooCommerce extensions to get a feel for what’s possible.

In this article, we’re going to highlight six popular plugins thatvWooCommerce professionals shouldn’t be without.

What is the difference between a WooCommerce extension and a WooCommerce plugin?

In reality, nothing. Both are used interchangeably to refer to something that adds extra functionality to a WooCommerce store or a WordPress site. Plugins likely came into effect due to the use of the term for adding WordPress functionality, while extensions is used by WooCommerce to refer to plugins that only influence WooCommerce.

WooCommerce Products Filter

Product Filter for WooCommerce gives customers extra options for filtering and sorting products. Products can be filtered by price, category, color, size, availability, and many other factors. The filtering is responsive and intuitive, and is fully customizable by the WooCommerce store owner.

Product filter is a great addition to a store with more than a handful of SKUs, as it allows for store owners to make the user experience as streamlined as possible. Remember, the better UX on your store, the higher conversions will be.

Abandoned Cart Lite for WooCommerce

On average, about 70% of eCommerce shopping carts are abandoned. That means a shopper puts a product in the cart, but never completes their purchase.

Customers have lots of reasons for putting products in the cart and some have no intention of buying, but a significant proportion of abandoned carts can be “saved” if the retailer contacts the customer to remind them or send a relevant offer.

Abandoned Cart Lite is a simple extension that will email notifications to shoppers to remind them about orders that aren’t completed. Abandoned Cart Pro — the extension’s premium version — includes the ability to add unique coupons to the emails.

WooCommerce Extra Product Options

Have you ever found yourself feeling as though you don’t have enough options when it comes to customizing your products? Is there a field you don’t see in stock Woocommerce that you think should be there?

WooCommerce Extra Product Options extends the range of product options available to WooCommerce retailers. Additional product options can be added via checkboxes, radio buttons, date pickers, and forms, depending on the needs of the retailer.

WooCommerce Dynamic Pricing & Discounts

Do you want to set custom rules for pricing on your products?

Not all stores follow a one size fits all approach and trying to customize multiple price points for a single product in stock WooCommerce can be a challenge.

WooCommerce Dynamic Pricing & Discounts is an all-in-one solution for price and discount management. It can be used to create sales, bulk pricing, BOGOF offers, member pricing, loyalty programs, and more.

WooCommerce Zapier

Manual collection of data can be so much easier. Instead of spending a significant amount of time taking data out of your WooCommerce store and entering it into a spreadsheet, why not use a Woocommerce extension that adds that functionality for you?

We are big fans of automation. Running an eCommerce store of any size is a lot of work, and much of that work involves moving data from one service to another.

Zapier is great for connecting WooCommerce to the other tools you use to run your business, including marketing tools, spreadsheets, and accounting platforms.

Google Analytics for WooCommerce

WooCommerce Google Analytics does exactly what the name suggests, allowing merchants to leverage the power of Google Analytics to track a variety of eCommerce-related metrics, including cart actions, product views, and user journeys.

Just make sure that you’ve created your own Google Analytics account and you’ll be ready to go once you’ve installed the extension.

WooCommerce Multilingual

Reaching an international audience usually has one large barrier to entry: language.

Whether it’s trying to reach an audience halfway around the world, or just next door, if they can’t understand your page content, they’re not going to get very far.

WooCommerce Multilingual helps to bridge this gap with automated multilingual functionality. Content created in your first language is translated into the user’s language – detected through their browser – and maintained through the entire purchasing process.

WooCommerce Multilingual also adds the ability to manage multiple currencies in conjunction with multiple languages. A great way to start expanding your eCommerce business quickly.

WooCommerce PDF Invoices & Packing Slips

Something that often goes overlooked by new store owners is that of invoices and packing slips. This little addition can be the difference between looking like a professional store and something a little more amateur.

For some first-time store owners, invoices and packing slips is another area where time can easily be saved by letting an extension manage the process for you.

WooCommerce PDF Invoices & Packing Slips allows you to generate and attach invoices to emails or prepare for printing with just the click of a button. Added functionality and saved time.

The Best WooCommerce Extensions

Are there any Woocommerce extensions or plugins you think we’ve missed? There are hundreds of WooCommerce extensions for retailers to choose from, so feel free to let us know about your favorite extensions in the comments.

Don’t forget to check out our list of the best AI and machine learning WordPress plugins you should be using. We also recommend look at 10 reasons to choose WooCommerce, and see why WooCommerce is a great option for eCommerce beginners and experts alike.

WooCommerce Optimized Hosting

Posted in:
WooCommerce

Source link

What’s New In WooCommerce 3.3

What’s New In WooCommerce 3.3

Since we first added WooCommerce hosting to our lineup of performance-optimized eCommerce hosting options, we have seen huge demand from retailers looking to combine the user-friendliness of WordPress with WooCommerce’s simple yet powerful eCommerce experience. We’re delighted that so many retailers have embraced our unique spin on WooCommerce hosting, which is capable of supporting stores of any size.

Towards the end of last month, WooCommerce 3.3 was released. As a minor release, there are no big new features, but, in typical WooCommerce style, there are plenty of small enhancements that add up to an easier workday for retailers.

We’re going to have a look at a few of the enhancements that arrived in WooCommerce 3.3, but before we get to that, I’d like to talk about the little hiccup that disrupted the usually smooth release process.

One of the goals of WooCommerce 3.3 was to increase compatibility with third-party themes. However, the changes caused problems on some third-party themes, which lead to the removal of WooCommerce 3.3 from the WordPress Plugin Directory. It was a small issue, affecting the display of categories in some themes. The issue was soon resolved and WooCommerce 3.3.1 was released, which is the version you’ll get if you update WooCommerce today.

New Features In WooCommerce 3.3

  • An improved order screen.
    • The order screen has been given a facelift, with larger buttons that display an order’s status on the order screen itself, saving users from having to click through to the order’s details to see its status.
  • A new stock status.
    • WooCommerce 3.3 includes a new stock status for items that have stock management turned on. When a store’s stock levels reach critical, WooCommerce will show the item is “Backordered” or “Out of stock”, making it easier to see at a glance the status of specific products.
  • On the fly thumbnail regeneration.
    • This one solves a minor but long-standing annoyance for retailers: from WooCommerce 3.3, image thumbnails will be automatically regenerated on-the-fly when new product images are uploaded.
  • Broader theme compatibility.
    • Usually, WooCommerce retailers use WordPress themes that have WooCommerce support built-in. Ordinary WordPress themes have been known to cause problems. WordPress 3.3 adds improvements to allow just about any WordPress theme to work well with the eCommerce plugin, which means WooCommerce users can choose from a much bigger pool of themes.

Since the mixup with theme support earlier in the month, you might be tempted to hold off on updating to WooCommerce 3.3(.1). But, it is generally a good idea to install new versions of WordPress plugins as they become available. In addition to adding new features, releases typically include security fixes to close vulnerabilities in the software. If you don’t install the new release, you don’t get the fixes. The most recent version of WooCommerce has been tested on dozens of themes, and everything looks great so far.

Posted in:
WooCommerce

Source link

January 2018’s Best Magento, CMS, and Design/Development Content

January 2018’s Best Magento, CMS, and Design/Development Content

Now that we’re well into the New Year, let’s take a look at what’s been trending so far so we can stay on top of the game! Check out this month’s roundup and if you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+. Enjoy and…

Continue reading

Source link

Optimizing Your WooCommerce And Magento Product Pages

Optimizing Your WooCommerce And Magento Product Pages

What’s the most important part of your Magento or WooCommerce eCommerce store? For my money, nothing is more important than product pages and the content on them. Product pages sell, and everything else on an eCommerce store except the cart is there to get people to the right product pages.

I’ve never done the experiment, but I think no one would argue that it would be possible to build a pair of identical eCommerce stores with identical products and make one much more successful than the other.

How? By building incredible product pages.

Too many eCommerce merchants take a “good enough” approach to their product pages, pulling copy and images from their suppliers without even checking to make sure the formatting is right. If you have thousands of products, automating product pages is understandable, but it’s a missed opportunity. If you want your product pages to sell, take the time to make them compelling.

What does an effective eCommerce product page look like?

Title

With most eCommerce applications, the product title appears in the blue text of Google search results and in the most prominent position of social media posts. Just like a headline in an article, the title of a product page can make all the difference to whether a shopper clicks or not.

Make product page titles concise, descriptive, and easily understood.

  • Concise means short and sweet: don’t try to cram the full product description into the title.
  • Descriptive means that the title conveys the essence of the product accurately: don’t use empty meaningless “creative” descriptions.
  • Easily understood means written in good English (or the appropriate language for your market). Don’t use stock numbers or technical product descriptions in the title.

Put on your SEO hat and include relevant keywords, but don’t go overboard.

Images / Video

Words can’t convey the essence of a product as powerfully as images or videos. Provide a range of images that look good and that accurately represent the product. By all means, include creative art shots, but also include well-lit closeups of the product on its own.

Optimized Product Descriptions

Product descriptions are where every store can afford to be original and unique. The descriptions are a canvas on which each store can paint a word picture of the product that will appeal to their specific market segment.

Address product descriptions to the people who buy the products. As a writer, I keep the mantra “know your audience” in mind whenever I write. Each sentence is written to convey a message to that audience. Product descriptions are the same.

Once again, pay attention to search engine optimization and keywords.

Reviews And Testimonials

Social proof works. People are more likely to make a purchase when they know other people have had positive experiences.

Branding

Titles, images, descriptions, reviews — these are concrete things. Branding is more ephemeral and difficult to pin down. What feeling do you want your store to create in its users? Do you want shoppers to think you’re edgy and convention defying, technical and geeky, lighthearted and playful, serious and thoughtful?

The brand you want to cultivate should guide every decision you make about product pages, from the design to the copy and the images.

A/B Testing

Without testing, there’s no way to know whether changes you make to product pages are effective. Nothing I’ve said so far matters more than testing. When you are considering a change, use a split testing solution like Magento’s or Nelio AB Testing For WooCommerce to make sure it’s as effective as you hope.

Most important of all, take the time to look at your product pages and ask yourself these questions.

  • Would I be influenced to make a purchase by this page?
  • Does this page reflect the values and image of the brand I am trying to build?
  • Does this page have all the information a shopper needs to make an informed decision?

If the answer to any of these questions is no, then it’s time to give your product pages some attention.

Posted in:
Magento, WooCommerce

Source link

Does A WordPress Site Need A Content Distribution Network?

Does A WordPress Site Need A Content Distribution Network?

does-a-wordpress-site-need-a-content-distribution-networkA content distribution network (CDN) can reduce the amount of work your WordPress server has to do and improve the performance of your site for visitors across the world.

Most of the resources on your WordPress hosting account’s server are used to respond to requests and generate dynamic content. But most of your server’s bandwidth is consumed by the delivery of static resources: resources that don’t change between users. Static resources include images, videos, JavaScript files, and CSS files, among others. Static resources are the biggest bandwidth hog for most sites; a single high-definition image can consume as much bandwidth as hundreds of pages of text, dynamically generated or otherwise.

Fortunately, static assets are the perfect candidate for caching. Once static assets are loaded by the browsers of your WordPress site’s visitors, they’re saved so that they don’t have to be loaded again the next time they’re included in a page. That makes the page faster the next time it loads, but it does nothing for the first load or for any page load after the static files have changed.

A content distribution network is a type of cache that sits somewhere between the browser’s cache and the on-server caches provided by plugins like WP Rocket or W3 Total Cache. A content distribution network is composed of servers in data centers around the world. The servers comprising a CDN are called edge nodes because they’re at the “edge” of the network.

When your WordPress site is hooked up to a CDN, its static assets are uploaded to the edge nodes. Most content distribution networks have edge nodes located near major population centers. The Hostdedi CDN has edge nodes right across the US, Europe, and Asia. When a user requests a page from your site, the static content is loaded from the nearest edge node, not from your WordPress site’s server.

Let’s say your WordPress site is based in our Southfield, Michigan, data center. A visitor from Sydney, Australia, requests a page from your site. Without the CDN, the images and scripts would have to take a 9000 mile trip from Southfield to Sydney. In a perfect world, data could make that trip in less than a tenth of a second, but we don’t live in a perfect world.

The data may pass through lots of routers, switches, and copper cables before it arrives at its destination. And it’s a two way trip: the request has to travel from Sydney to your server and the response from your server to Sydney. In many cases, the round trip time will be multiple seconds, which doesn’t lead to a positive web experience.

But if the static assets don’t have to come from your WordPress server in Southfield, the trip could be much shorter and faster. A CDN caches the static assets in a data center close to the user in Australia, perhaps just down the road in Sydney. The request is diverted to the nearest edge node, and the data delivered in fractions of a second.

A content distribution is essential if you want to offer international users and even users on the other side of the US a great experience on your WordPress site.

Many of Hostdedi’ WordPress hosting plans include a generous data allocation on our global content distribution network.

Posted in:
WooCommerce, WordPress

Source link

How To Harden WordPress Sites Against Brute Force Attacks

How To Harden WordPress Sites Against Brute Force Attacks

how-to-harden-wordpress-sites-against-brute-force-attacksWhen logging in to a WordPress site, users supply a username and password that WordPress associates with their account. If an attacker can guess the right username and password, they can authenticate in the same way. The process of guessing is called a brute force attack: the attacker tries different combinations of usernames and passwords until they discover one that works.

Brute force attacks are effective when WordPress users choose usernames and passwords that are easy to guess. Criminals use automated botnets — which are usually made up of compromised WordPress sites — to make thousands of login attempts with different credentials.

Towards the end of December, WordFence wrote about the largest brute force campaign they had ever seen. An attacker was attempting to brute force access to thousands of WordPress sites. Once they had access to the site, the attacker installed malware which had two tasks: to compromise more WordPress sites and to run the crypto mining software.

Cryptomining software hijacks the resources of a server to mine cryptocurrency. Cryptocurrencies like Bitcoin and Litecoin are generated by carrying out the computationally intensive math. Cryptomalware uses the resources of compromised machines to do the work of generating coins. In this case, Monero, a cryptocurrency that can be mined with CPUs rather than GPUs, is being generated. According to WordFence, the campaign has created well over $100,000 for the attacker.

Victims of the campaign have their sites compromised and their server resources used to generate coins rather than serving the site. Because the malware also carries out attacks on other sites, there’s a strong chance of infected sites being blacklisted by security companies and browser developers.

Protecting WordPress sites against brute force attacks is straightforward. It’s only possible to guess usernames and passwords if they are simple and if the WordPress site lets an attacker make lots of login attempts.

Use Complex Passwords

The obvious solution is to insist on complex passwords that are difficult to guess. A long, random password takes much longer to guess than a short dictionary word. A random password of 16 or more characters might take millions of years to guess. A short dictionary password like “password” can be guessed in less than a second.

Use Two-Factor Authentication

I advise WordPress site owners not to rely on users to create secure passwords: people tend to choose convenience over security. Installing a two-factor authentication plugin on your WordPress site removes the risk of brute force attacks without relying on users to do the right thing.

There are many TFA plugins available for WordPress. Two Factor Authentication is among the most popular.

Limit Login Attempts

To find the right username and password combinations, attackers have to make a lot of guesses. By limiting the number of login attempts that can be made from an IP address, site owners reduce the likelihood that the attacker will ever guess the right combination.

WP Limit Login Attempts can temporarily block IPs if they make too many login attempts and display CAPTCHA tests to suspected bots.

In 2018, we expect to see more attackers taking advantage of crypto mining malware as cryptocurrencies rise in value. By following the steps we outline here, WordPress site owners can prevent their sites from being used to make money for criminals.

Posted in:
WooCommerce, WordPress

Source link

The Internet’s Best Website Content from December 2017

The Internet’s Best Website Content from December 2017

Happy New Year! As we roll into 2018, clean up your databases and get your site ready for this new year. Need some help? Check out this month’s roundup! If you’re looking for the same great articles the rest of the year, follow us on Twitter, Facebook, and Google+.>Enjoy and let us know if we missed anything important in the comment section.

WordPress and WooCommerce

Content Management Systems & Blogging

Design and Development

Magento and eCommerce

3 Things Improv Comedy Taught Me About Starting a Business – Discover the relation between improv comedy and starting, and running a company.

Posted in:
Craft CMS, CraftCommerce, ExpressionEngine, Magento, WooCommerce, WordPress

Source link