Steps to secure your server and platform from hackers

Platform and server security is a large part of any magento developers job. I would say I spend about 50% of my time on it one way or another. Time in prevention, software updates, or remediation. To prevent the later part lets go though this check list one by one and discuss why and how do each one.

Of course start by keeping your software both platform and server up to date. If you have not done this start here then do the below.

This article is focused around the magento 2 platform running on centos with WHM/Cpanel installed. It can also apply to other platforms.

  1. Install Armor Anywhere These guys are a team of ethical hackers 50+ strong that monitor the darkweb forums for exploits people have found and scan your system to see if your vulnerable and let you know if you are what to do to patch it. Its software you install on the server that monitors everything scans all the files read more by following the link above.
  2. Follow this guide put out by cPanel https://documentation.cpanel.net/display/EA/Apache+Module%3A+SuPHP
  3. Install SuPHP as per the article above. If you have a cpanel server log into easyapache and enable it there otherwise put in a ticket with hosting provider.
  4. Enable 2 factor authentication in WHM -requires a 6 digit code that is sent to your device authenticator app. We have a non networked powered down device that is only powered up and networked for authentication then turned back off and back in a locked safe.
  5. Remove FTP to force SFTP connections through the SSH port. log into whm from the home page click on service manager then search for FTP un-check both of the boxes.
  6. Disable password authentication. SSH ports now require a key be installed on the server to connect that you have to get out of WHM after getting though the 2 factor – how someone would get around this is beyond me.. They would need to have your device as it is the only access point with the authenticator to get in. Only can be undone by restarting the server directly connected via laptop at the data center.
  7. I change the SSH port to random
  8. Install ClamAV for cPanel
  9. Enable 2 factor on cpanel
  10. Save the passwords for the server in a password protected file.
  11. Using ‘Host Access Control’ restricted WHM, Cpanel, SSH, cpdavd to your IP, and your hosting companies IPs.
  12. Disable Symlink https://documentation.cpanel.net/display/EA4/Symlink+Race+Condition+Protection
  13. Disable non used php version  php 5.5,5.6,7.0,7.1
  14. Enabled Jail shell
  15. In WHM search for security and open the security adviser make sure you follow the suggestions
  16. Setup Mod_Security
  17. Set production files as read only
  18. DISABLE SSH LOGIN FOR THE ROOT – Very important! USER https://mediatemple.net/community/products/dv/204643810/how-do-i-disable-ssh-login-for-the-root-user

  19. Use SSH Agent Forwarding to SSH from servers to servers instead of copying your SSH private keys on servers. On GNU/Linux use ssh-agent or GnomeKeyring with ForwardAgent yes under
    a trusted Host entry in your .ssh/config file6
    . On Windows PuTTY’s Pageant supports SSH
    Agent Forwarding
  20. Install Two-Factor Authentication for admin. Many times I have seen platforms become compromised by a sql injection that creates an admin user. Once they have an admin account they can using the marketplace download a file editing program that allows them to upload files aka virus’s malware, etc. This is a must have. If your platform of choice is magento 2 then log into ssh and run this.
    composer require msp/twofactorauth:3.0.0
  21. Do not transfer account using cpanel to cpanel account transfer. Copy the files and database separately.
  22. Do not use any of the same passwords on the new account. Change database passwords as well as account passwords
  23. enable a jailed shell environment for all new and modified users, use the Use cPanel® jailshell by default option in WHM’s Tweak Settings interface (WHM >> Home >> Server Configuration >> Tweak Settings).
  24. When you compile Apache, include the suEXEC module to ensure that CGI applications and scripts run as the user that owns and executes them
  25.  In WHM go to security adviser to make sure you pass all the checks

Question to Ask While Migrating from Magento 1 to Magento 2

It is out in the open, Magento 2 is the best thing that happened to the e-commerce realm. There are many things worth knowing about the upgrade of Magento 1 to Magento 2. Magento 2 is decorated with the features like improved scalability and performance, improved checkout processes, Mobile friendliness, key integrations, ease of customization and upgrade, automated email marketing, highly advanced reporting, and enhanced agility and efficiency for all sorts of business owners.

Who would say no to these many features?

Some will!!!

You will be baffled by knowing the fact that only 4% of 420,000 Magento websites are currently using Magento 2.

Really!!! Is that even a real number!!!

The facts were given by Builtwith.com in their trends section. Here is a link for you of that.

So, this means there are things you need to check before you go for Magento 2 upgrade.

By the means of this post, we will discuss some of the questions you must ask yourself before you decide to upgrade to Magento 2.

So, without any further ado, let’s get you started with the questions you must ask.

Is Magento 2 that Good!!!

This is the first question you must ask yourself before you make any decision.

Is it really worth to upgrade?

There are many upgrades that make Magento 2 way too better than Magento 1. Here is a comparative study between Magento 1 and Magento 2.

  • Magento 2 is around 50% faster than Magento 1 in the page loading speed.
  • The checkout page is 38% more efficient than Magento 1.
  • Magento 2 can easily handle 117% more orders in number per hour than Magento 1.
  • Magento 2 has the capability to manage 2.1 million more page views than Magento 1.
  • Security flaws are way too less than that of Magento 1.
  • Magento 2 is compatible with PHP version 7.0, 7.1, & 7.2 while Magento 1 doesn’t.

Magento 2 is packed with features that will help you manage your e-commerce business easily and efficiently.

Is it the right time to upgrade to Magento 2?

Once you compared the features, you need to check whether it is the right time to migrate to Magento 2. Let’s have a glance at some of the factors you simply can’t overlook when upgrading to Magento 2.

  • When you are planning to implement a new marketing campaign (which is also the time of holidays). The main reason to choose that plan is that you will have more traffic where you need to have more control over your website. Magento 2 will make the management of your e-commerce website bliss.
  • When you need more features to lure more customers. You can add many new features which will ease the navigation of your audience. Personalization, improved efficiency, and higher SEO rank are some of the enticing features waiting for you when you choose Magento 2.
  • If you are looking for some major design or redesigning of your website, you can introduce Magento 2.

A Checklist you don’t want to miss while migrating from Magento 1 to Magento 2

A simple yet crucial checklist for you while migrating from Magento 1 to Magento 2.

  • Always know that timing plays a crucial role while you decide to carry out one of the most major changes to your e-commerce website.
  • You will need assistance while migrating to Magento 2. Take help from one of the best Magento migration services.
  • Before you upgrade, don’t forget to have a look at the templates of Magento 2.

The Risks Associated when you decide to stay with your Old Pal Magento 1.

The support of Magento 1 will end soon. That will create a lot of issues for your business in the nearing future. So, don’t just stand there fellas.

Go grab your upgraded Magento 2 now.

You can simply type these key phrases on Google. You will get ample help from that.

  • Hire Magento Developer.
  • Best Magento Migration Services.
  • Certified and experienced Magento Developer

With these key phrases, you can easily get access to a quality Magento Migration Services. Adios fellas, I hope you got what you are looking for.

Ciao!!!

Magento 2.3 Major Improvements and Features

Ahoy Merchants!!! Magento 2.3 is here for you. If you are a merchant or an expert in Magento development then it will be a holy grail for your business.

There are ample amount of new features and tools which have the potential to make your e-commerce business bliss. If you’re an apt team of Magento developers, then with this update you have ample functions to meet your client’s requirements and expectation.

Without any further ado, let’s get you started with the benefits you can reap from this security release.

Features That Will Help You in Your Business

There are many features to look out for with this new release of Magento. Let’s break it down to frags so that you can easily comprehend how beneficial is this update for you and your business.

·        Grow & Evolve With Multi-Source Inventory

Operational efficiency is something a merchant always need to work on if he wants to grow and reach out maximum sale. With the latest update from Magento, multi-source inventory spawns you merchants with enhanced operational efficiency by serving them with multi-serving function. With this function, it becomes super easy for you to manage your inventory in accordance with the location of your user.

The track inventory allows you to manage all the inventories at one place. You can set rules which will help you in prioritizing the inventory sources which your user can see in your website on a real-time basis.

It is also easy to integrate any third-party inventory system. As a merchant, you can easily track the product when your customer adds products to their cart. This feature will help you in presenting accurate quantity to the customers to avoid any future inconvenience. This tweak will help you in increasing your conversion rates effectively.

·        Penetrate Mobile Marketing with Progressive Web Apps

In the coming future, smartphones are going to rule the e-commerce realm. Magento’s new update release caters you with progressive web app feature. This feature will enable you to serve your customers with superior mobile experience which will definitely boost your business’s conversion rate and engagement. In short, with the help of progressive web apps aka PWA studio, you can easily make your development process cheaper and faster.

M-commerce is the future of the business which is the reason PWA feature will help you in achieving increased web and mobile visibility, better page performance, and higher conversion rates.

Another important thing here is PWA studio will release its independent releases which will indeed affect your business positively. So, this update has the potential to make your website’s user experience mobile-alike.

·        Drag and Drop With Page Builder

Remember those days when you have to ask a Magento experts every time you need to make changes to your e-commerce website? Gone are those days!!! Magento introduces you with a drag and drops feature. It will become easy for you to place images, videos, and banners at your will anywhere on your e-commerce website.

You can even create new pages and launch fresh content for your website to engage the audience. In addition to that, it is very easy to add additional information to your product pages and add new category products.

With a flexible grid system, you can place desired page element anywhere you want. It is highly customizable and also helps you to streamline the content of the website in accordance with your target audience.

This newly enhanced page builder is filled with the functionality such as easy addition of media gallery and widgets. Also, you can create dynamic content blocks and even schedule content for the future. This can be a huge plus for your content staging campaigns.

Concluding Remarks

There are many additional updates you must know apart from these crucial updates such as,

  • Magento shipping feature will provide you with additional support for order fulfillment.
  • Magento experts can use GraphQL to drop query for a specific data element in just one request.
  • Magento also now comes up with the Declarative schema.
  • Indexing process will also be increased for the entire e-commerce website.

So, what are you waiting for? Update your Magento interface now and grow your business like a boss!!!

That’s it from this edition, I hope you like it. Let me know your thoughts on this Magento update via comments. Adios for now fellas!!!

Magneto 2 Vs. WooCommerce – The Pros and Cons!

The world of online stores is exciting but complex. There are many platforms from hosted solutions to open source solutions. There are hosted solutions like shopify, bigcommerce and others. Hosted solutions can work well for a small inventory of products but as an eCommerce store grows larger there are limitations on hosted platforms. Open source platforms offer you the freedom and flexability you need for your growing business. As for open source solutions there are many; here we will focus on Magento and  woocommerce.

Many platforms offer hundreds of customization options that allow you to create unique stores that fit all budgets. You no longer need to be a developer. You just need a good idea, a little research and a lot of enthusiasm for the project.

Characteristics of Magento

Magento is the world leader in electronic commerce. It was created in 2008 in the United States and was bought by eBay in 2010, then sold to Permira, who later sold it to Adobe.  It has two versions – a free one called Community and another paid one called Enterprise. It is the most robust and customizable platform, allowing us to build a custom solution for each application. Magento is a large platform so requires a bit of a learning curve . One of the biggest differences between Magneto 2 and WooCommerce is that Magento’s database is split up into more layers. This gives magento developers the ability to do a lot more on the customization side, the only real con here is that you will need more server resources and optimization to handle all the data.

Some additional features of Magneto 2 are:

 

  • Fully customizable design using templates
  • Fully customizable code using local override files so updates do not get overridden when upgrading.
  • Ability to make custom extensions
  • Easy responsive admin user interface
  • A powerful widget system allows admins to do complex customizations without hiring a developer.
  • Magento 2 allows extensions to be purchased and installed from the market place without needing to hire a developer.
  • Promotions, coupons, marketing deals can be created with a if this then that system.
  • Private sales (restrict the catalog to specific clients)
  • Multiple wish lists
  • An integrated content management system
  • Customer groups
  • Product attributes

 

Characteristics of WooCommerce

Finally, there is WooCommerce that is not a platform, but a plugin that is installed to WordPress. It was created in the United States in 2011 and purchased in 2015 by Automattic, a WordPress developer. Although it has a few configuration options, it is compatible with other plugins, which makes it possible to expand its use.

Some additional features of WooCommerce are:

  • Options to offer free shipping or flat shipping rate
  • Built as a WordPress plugin and available from the wp-admin of your site
  • It incorporates the necessary SEO fields for search engine positioning.

Comparison of The Two Platforms 

According to google trends when you add up both magento and magento 2 searches vs woocommerce you can see they are very closely tied in volume of searches. The only reason why “magento” searches are going down is because they are being replaced with “magento 2” searches. See graph below.

 

On the other hand according to Built With,  Woocommerce has 6 times more users. More users I think mainly because it is quite a bit cheaper to run and just the fact that so many people start with blogs so they are used to the wordpress platform.

  1. Installation of E-commerce Platforms

Both the platforms are Open Source. This means that they can be downloaded and installed for free. It is recommended to buy a suitable template, depending on the type of business you own.

  1. The Functionality of The CMS Of E-Commerce

Magento has a lot more functionality out of the box then woocommerce but woocommerce has a lighter foot print.

Conclusion: Which E-commerce Platform should you choose?

If your just starting out Woocommerce can be a cost effective option if your on a shoe string budget, but once your making sales and can afford some development resources switch to Magento . The significant advantage of woocommerce is that it is more cost effective. You will find that the hourly rate of a woocommerce developer is likely lower as the skills required are lower.

The difference in hosting costs can be very significant. Woocommerce can often be ran on a $15-$69 per month server where as Magento will likely require a $42-$89 for shared. Both platforms would need a dedicated solution once traffic and sales increase enough to warrant it ranging from 120-1200 generally.

When clients ask me what I think about the Magento vs Woocommerce I respond with “Why would you buy a passenger van then try to retrofit it to be a cargo van, why not just by a cargo van.” Another words woocommerce is a  modification to blogging software it is not at its core eCommerce software.

Magento to launch ‘Magento Payments’ early 2019 but what is the fee structure?

Magento announced they will be launching magento payments next year and this got me thinking. They say there is no subscription fee that is going to be great for the smaller companies but what about the larger ones. We need to find out what the fees are compared to authorize.net and paypal pro before we can recommend it to our clients.

It looks like it is going to be a really great tool integrating  Braintree PaymentsPayPal Checkout, and Signifyd fraud protection.

Benefits of using Magento Payments

Here are some of the important benefits of Magento Payments that have already raised the eyeballs.

  1. Better Conversions
    It uses PayPal and Braintree to make it easy for merchants to accept different types of payment methods. Magento Payments has combined Braintree Payments, PayPal Checkout, and Signifyd fraud protection technologies to provide consumers with the best of everything under one name.
  2. Management of Cash Flow
    Magento Payments comes with Cash Flow Manager that synchronizes order details and payments automatically within the Magento Admin. When this is released I will be investigating more details on this to relay. Currently most of our clients use authorize.net that automatically process the order and records the funds. I am unclear what the benefit is just now of this.
  3. Fraud Guarantee
    They are going to handle the charge back cases and fraudulent charges. Leaving more questions. How will this all be handled.

Overall for clients that are having fraud issues this looks like a good option. It seems like they collect data from all their partners/merchants if one receives a fraud alert then that card will be declined with any of the participating merchants. This collaborative approach could work well for everyone involved. As magento developers I hope it will be a cost-effective option for our clients.

Bookmark and subscribe! I will release a more detailed updated blog post once more information is available.

Why Use Magento to Design and Develop Your Online Store?

Choosing a right CMS platform for your website may be a hard decision to make. But if you decide on the main purpose of the site: e-commerce or content, it will greatly facilitate the choice. Sure, you will be amazed at the wide range of options available to businesses if you are working on a website and are looking to incorporate some e-commerce features into it.

Like WordPress, Magento is based on open source technology. This platform has many useful features for e-commerce, which has already been used by more than 150,000 online store owners, from small businesses to large multinational corporations.

Magento Design comes with high-level customized features that give sellers the flexibility to customize online stores according to their business interests. It also provides multifunctional options like managing multiple stores, optimizing for search engines, generating reports, mobile trading, marketing and other life-saving important management tools.

The Magento Design interface also allows the user to create a complex of content pages, menus and version control elements. In addition, Magento is one of the most secure e-commerce platforms that anyone can use.

If you find that using Magento e-commerce platform is suitable for your business, go to the official Magento website and select your version of Magento.

Enterprise Edition is a paid, customized solution that provides higher performance and scalability for fast growing and large enterprises. This solution will also give you access to expert support and hundreds of other features that you can use to manage the store, and therefore get more power over your site.

Community Edition is available for free download and further directed at developers who understand the essence of Magento. This version of Magento is an open source solution and gives you access to community support, as well as other features user groups, adding product categories, coupons, etc.

In addition, you will also be granted access to other functions, which can only be found in Magento, for example, multi-stores, related products, wholesales and cross-selling.

Shopify vs Magento: Which is the Better Platform?

Selecting the right ecommerce platform is critical for your business. In order for you to thrive online, your business will need an exemplary website that seamlessly blends both physical and digital shopping experiences.

Shopify and Magento are two of the most popular ecommerce platforms. Although both platforms are great choices, there is one that is sufficient for businesses of all sizes. To learn more about the dichotomy between both platforms, read on to obtain an insightful cost-benefit analysis.

Magento: A Closer Look

Magento is a world-renowned open-source ecommerce platform. The platform is commonly used by small brands and large businesses alike, as it’s more convenient to scale and customize for both B2C and B2B businesses.

Some of Magento’s key features include:

  • Ability to develop and utilize custom e-shops
  • Tremendous marketplace stocked with a large variety of website themes and other beneficial applications
  • Search engine optimization (SEO)
  • Convenient shopping cart integration system
  • Massive inventory system
  • Multi-store capabilities
  • Integration of major software tools such (CRM, ERP, etc)

Magento is one of the fastest growing ecommerce platforms, thanks largely in part of its exceptional customer service, user-friendliness, and its easy-to-use shopping cart system.

Magento is also equipped with vital internet marketing capabilities, allowing users to leverage their SEO from its unique interface. Though, it’s important to note that Magento self-hosted, providing users with the capabilities of designing their own custom online store without any limits.

Nonetheless, Magento is the perfect platform for businesses of all sizes, and it’s versatility is ideal for businesses anticipating eventual expansion down the road.

Shopify: A Closer Look

Shopify is a Canadian ecommerce platform that gives users the ability to manage multiple sales channels, stock items in an unlimited inventory, and achieve single-step order fulfillment.

Unlike Magento, Shopify is hosted and doesn’t require its users to contain web development knowledge because the platform essentially takes care of every technical detail. In fact, some of Shopify’s greatest features include:

  • Ability to create an online store with a custom domain
  • Customize an ecommerce storefront with manageable themes
  • Accept credit card transactions
  • Add social media channels
  • Track customer orders
  • Respond to customer orders

In the broadest sense, Shopify allows its users to perform virtually any task from its platform. Additionally, the platform isn’t too technical and is ideal for ecommerce beginners.

However, one major drawback of this ecommerce platform is that it’s not optimal for businesses anticipating future growth. Although there are regular updates to Shopify’s system, your online store will only be a great as the platform.

Conclusion

From a business standpoint, Magento is the better ecommerce platform, primarily because it allows custom development using local override files making customizations convenient and quick to create. On Shopify, it’s much harder to make simple customizations, requiring a complete custom extension to be developed.

Generally speaking, Magento allows you to personally own and operate your online store. With Shopify, however, it feels more like your renting your store. They’re in control. As a result, Magento is the most ideal ecommerce platform for businesses who desiring to fully customize and have control over their online store.

If you would like to learn more about how you can use Magento for your business, visit our contact page for more information about how you can reach out to our award winning team at Towering Media.

Online Consultant for Magento

For users of the system, Magento Provide Support offers a special module for easy and fast integration. A wide range of all kinds of settings will add an online chat button to any place on the site and select any set of chat buttons from the gallery or load up your own images.

Regardless of which Magento theme you are using, in the Provide Support settings you can easily set the most appropriate position for the chat button and be able to select the desired images for the chat buttons. The following is a detailed list of the Provide Support features of the chat module for Magento Consultants:

  • Use the chat buttons specified in the Provide Support settings.
  • Possibility to set links for own images of chat buttons. This option is very useful for those cases when you use one account on several sites. It allows you to use different images of chat buttons on your sites.
  • Use text chat links.
  • Place the chat button in the position predetermined by the theme of your Magento site.
  • Add a chat button to a fixed position in the browser window. This will allow you to make a chat button tied to a specific place on the site and allow it to remain visible when site visitors scroll the page.

For this purpose we at Towering Media offer a rich selection of support method for Magento consultants to our customers. Here, you can find a fair list of support options which you can access at anytime. Our support team is always ready to a help you!

Magento Designers – Design Your Websites in a Hassle-Free Way

In the field of computer programming, being a Magento Designer means having specific skills to design, set up, operate and evolve an e-commerce platform. An ecosystem and computer tools are to be mastered.

A computer programmer who wants to specialize in the development of a platform or application Magento must master primarily object-oriented programming. He is able to develop at a high level with the PHP language. His knowledge of the web environment and the specificity of programs running server-side, client-side commands or manipulations are essential.

The qualities of a good Magento Designer

  • The developer must master the key concepts and the ecosystem. It uses the programming tools which are integrated in Magento. It exploits the web services that optimize the online application.
  • The developer is required to provide a standard for site safety, quality and performance. Its mission can be punctual like the customization or the configuration of a module.
  • Being a computer science graduate with the knowledge of PHP language and the MySQL database can shorten your career path to become a Magento designer.
  • Many learning materials and books are available to convert to Magento. Training organizations offer an interesting curriculum that allows you to master the various aspects of the development and integration of e-commerce software.

How to Integrate a Magento Developer into your E-commerce Project?

If you have an e-commerce site based on Magento, you know that to support the development of your site, you will regularly need to make improvements projects or install patches. Like other actions in Magento, the development and creation of modules or even the modification of a design are actions to be carried out by your technical team of integrators. If it is composed of a Magento expert with a developer training in PHP, everything is fine; you have all the elements to move forward.

Magento Performance at a New Level with Trusted Magento Agency

The topic of performance is very important for any Magento Agency. As Magento-specialists and through the support of more than 40 shops, the topic of Magento performance occurs daily in a variety of forms.

The reasons for a slow online shop or individual very slow areas in the shop can be very different. So the “performance brakes” can have their causes in the hosting, in the code, in the structure but also in the operation as well as the configuration.

Magento Performance Analysis

At the beginning of each Magento performance optimization is an individual performance analysis through our certified development and technology. Your contact person and a detailed consultation will then lead us to a stand.

For your e-commerce success, it is important to know which Magneto Agency you are dealing with in future, what steps are urgently needed and which are optionally possible,  Part of this comprehensive performance analysis include:

  • Software settings of your shop
  • Hardware configuration and equipment
  • Data and page structure analysis
  • Code and core analysis
  • Call profile analysis

Never again Magento problems thanks to long-term care at Towering Media

Magento Agency gives you the guarantee for your long-term Magento online trading success. The experience has shown us that our most successful Magento shops are always based on long-term, secure e-commerce support.

As a Magento agency, we can fully exploit the long-term optimization potential as well as respond to short-term problems, necessary adjustments e.g. through your seasonal business or general changes in the e-commerce environment.

For this reason, we offer our Magento customer care contracts, which make it possible to book monthly hourly quotas flexible development, technology, SEO and consulting.

Your benefits at our Magento care:

  • Long-term security
  • Short-term optimizations
  • Magento emergency care

We take over technical SEO for you, increase your regional awareness through local SEO and create SEO texts.