Apr 10, 2013

Upgrading to Magento Enterprise 1.13 – Introduced by Roy Rubin

At the Magento Imagine Conference today, Tuesday, April 9, 2013, Roy Rubin announced the release of Magento Enterprise Edition version 1.13

Magento Enterprise 1.13 Announced

Magento Enterprise 1.13 Announced by Roy Rubin, founder of Magento

The biggest benefits to Magento Enterprise Edition (EE) 1.13 are all performance related. These improvements are the hardest to describe to a customer, but for large accounts, are the area that Magento has been most lacking in.

We have received a lot of inquiries over the past 2 years of customers trying to squeeze the most out of Magento  We always have some way or another to help them, but the truth is just that Magento is somewhat clunky. The improvements I’ve seen in 1.13 indicate that Magento feels the same way, and the core team is making every effort to remedy that issue (an effort that I hope will come to full fruition in 2.0)

==================================================================

Redis Support

Magento EE 1.13 now support Redis NoSQL as a cacheing session storage solution. I’m not yet sure of the specifics, but this could provide an advantage over memcached — and Magento now recommends using redis on new deployments. It’s not that redis is “faster” in terms of storing cached values, but it has more support for storing objects (I’m getting into some pretty technical stuff here, but the point is, this could be a better cacheing solution assuming the Magento core team implements it correctly). However, I’m not sure how long it will take for hosting solutions like pier1/nexcess to support Redis.

 

Reindexing

As many of you may have encountered, re-indexing is a pain in the @$$. Especially on sites with large (10,000+ SKUs) catalogs. EE 1.13 supports mysql database triggers as a means of keeping the indexes up to date, and it makes re-indexing an incremental process rather than an en masse process. The Magento core team has also limited the number of instances where a full re-index is required (hopefully never once the store is setup)

From the Magento article:

In Magento Enterprise Edition 1.12, any change to a product would result in a full re-index. Magento Enterprise Edition 1.13 introduces a new feature–incremental re-indexing. With incremental re-indexing, only those items that were changed or added will be re-indexed, reducing the processing time to a fraction of what was required before.

This is huge—I’ve seen stores where store owners are crippled if they update their product data, as reindexing 10,000+ products can take hours. So, this is a big plus. No longer will a store owner need to have a once-a-day product update regiment.

Also, if you look on the bench marking page: http://www.magentocommerce.com/knowledge-base/entry/ee113-performance-and-scalability-white-paper you will see significant improvement in the time required to make a full re-index (53% improvement on 500,000 SKUs!)

 

Onepage Checkout Speeds

So, whenever a user enters the checkout, Magento can’t rely on all the fancy cacheing layers. And, it’s a known problem that onepage checkout is slow; this is the whole reason onestepcheckout exists. But, even that (I’ve noticed) has problems related to the amount of time it takes to return shipping rates, payment methods, and order review steps.

See this link: http://www.magentocommerce.com/images/uploads/2184-1.13_Benchmark_Report_Checkout_Flow_r1v1.png

You will notice the checkout has been extremely optimized in terms of the amount of time it takes to perform one of these operations. As to the effect that has on the core code, I’m not yet sure. I’m really hopeful this feature will be in CE 1.8 as well.

From the benchmark page:

During our testing, which simulated a storefront running at peak hours, EE 1.13 executed 33% more orders and 31% more page views than Magento Enterprise Edition 1.12 on the multi-node benchmarking configuration. Notably, Magento Enterprise Edition 1.13 served 47K pages during the test run (10 minutes).

This is also a big improvement…once again, it’s only targeted at high volume sites, but I can think of several customers that would benefit from this.

 

MySQL Performance

I’d like to highlight one of the observations made in the bench marking article:

  • The MySQL instance did not show any significant signs of CPU or I/O load during the tests.
    • The CPU was under 10% and no queries exceeded a 2-second threshold.

I’ve noticed that MySQL seems to be a memory and CPU hog on some instances of Magento  This observation (specifically the no queries beyond 2-second threshold) shows an improvement in the scalability of Magento from a database perspective. Now, I don’t know what Magento’s benchmark for 1.12 was, but I’ve definitely seen stores not getting near the volume that the benchmark took place with, having MySQL performance issues.

 

Improved Tax Calculations:

There had been problems with tax calculations, especially with rounding up to the one-cent and when using multiple types of currency. The tax calculation algorithm was updated to get rid of errors with rounding offsets when displayed on purchasing screens. Additional support has also been given for various nationalities, primarily Canadian.

 

Increased Overall Functionality:

A whole slew of over 350 functional improvements for the web store, shopping cart, web API, payment options, import and export functionality, and admin order creation. All of these minor improvements add up to a big difference in the end, which will drastically increase user experience, and make it easier for admins to make changes without worrying over slowing down the whole site.

Jan 21, 2013

FedEx Shipping Fix for Magento Versions 1.5 and lower

Customer Paradigm
 

If you`re running the Magento eCommerce system (version 1.5 and lower) and rely on FedEx for shipping quotes, you may need to update your system so that it works after May 31, 2012.

FedEx Shipping Fix for Magento Versions 1.5 and lower

What`s going on: FedEx is switching over to a newer Web Service API, and is discontinuing their older system at the end of May, 2012.

If you`re running Magento Community 1.6 or 1.7.0, you`re fine — this uses the latest system.

If you`re running Magento version 1.5, 1.4 or lower, you need to do a quick extension update, and you`ll be able to continue to use FedEx for shipping quotes.

If you`re not running Magento (but do rely on real-time shipping quotes from FedEx), please check and make sure that your system is going to work after May, 2012.

How can I tell what version of Magento I`m running?
Log in to your Magento admin area. At the bottom of the page (you may need to scroll down), it will read in the center: Magento ver. 1.6.0.0 (or something similar).

How much does it cost to update? The software extension is free; if you would like us to assist you, we can install, test and configure this for you on an hourly basis.

Please call or email if we can help.

Thanks,

Jeff FinkelsteinFounder, Customer Paradigm
Jeff Finkelstein
Founder, Customer Paradigm
303.499.9318

Connect Via Facebook >>
Connect Via Linked In >>
Connect Via Twitter >>

We love referrals! Our Referral Promise >>
Oct 30, 2012

Impact of Holiday eCommerce Shopping – MAGENTO

Is Your Website Ready For Sales?

Magento eCommerce Website SalesI’m not talking about any sales, I’m talking about holiday sales. Shoppers that are price-sensitive, impatient and quick to click to your nearest competition to get their holiday shopping done.

The holiday season is upon us and committing to the final changes to your website now can make all the difference for your sales and conversion rates.

Having the right Magento Developers can determine the success or failure of your site.

At Customer Paradigm we are Magento Certified Developers. We work hard to meet your eCommerce goals, communicate clearly with prompt project management and deliver to exceed your expectations.

 

Importance of Holiday Sales

Sometimes, words just don’t do the job. Here are some great info-graphics and statistics on holiday eCommerce consumption behaviors.

 

Magento eCommerce Development for Holidays

Revenue in the Holiday Season

  • The Holiday Season accounts for 41% of total annual revenue
  • The average conversion rate increases by 108% in December
  • It is projected that US Retail web sales will increase by about 17% this year in comparison to last years online shopping trends

 

How to Make Them Purchase

Are you asking the right questions?

  • How can I change my website to increase my conversion rate?
  • What can we offer that will make shoppers purchase with me over Amazon where they already have an account?
  • What matters to the consumer?

If you can understand what drives consumer sales, you will have a more profitable holiday season and overall profitable year. Adapting these strategies can make all the difference, start updating your Magento website today to convert for sales tomorrow!

 

Is Your Website Accessible?

With the variety of tablets, smart phones, computers with different browsers, is your site accessible and functional?

eCommerce SalesAccording to Invesp.com:

  • Shoppers via Tablets have an average sale of $110
  • Shoppers via Computers have an average sale of $95
  • Shoppers via Smartphones have an average sale of $70

What are Shoppers Doing Online?

If your store is getting a lot of visitors but the conversion rate is low, my first thought as a marketer is to understand the consumer. Get in their mindset. What are they doing online? What are they looking for? What matters to THEM?

 

Consumer Magento Online Shopping HabitsAttributes of Online Shoppers:

  • Price Sensitive – 79% of users are viewing your website to compare prices
  • Deals – 73% are looking for what you offer in deals and promotions
  • Information – 67% are reading reviews about the product
  • Substitutes – 60% are comparing specs of one model to a close substitute
  • Customer Service – 37% are trying to get in contact with you

Know & Act

The first step is understanding your consumer and what they are doing on your website, the next step is acting to satisfy their concerns while keeping them on your site.

 

 Know: Price Sensitive >> Provide Perks that Diminish Price-Sensitivity

  • Free Shipping - Influences holiday purchases by 55%
  • Payment Plans – Having multiple methods of payment plans affects purchase intent by 8%. A potential customer will be hesitant to purchase from you if they have to create a new account or your check-out process is comprised of too many steps.

Know: Deals >> Give Them Discounts, Coupons, and Incentives!

  • Daily Deals – Having daily deals increases the urgency of the purchase, making users feel if they pass up the opportunity today the price may never come back. 1 in every 4 holiday consumers purchases a daily deal.
  • Coupons – Coupons offer discounts or rewards which are an incentive to the consumer to purchase with you over not receiving any discount. Many shoppers will associate a discount as more value even if the end price is higher than a competitor.

Know: Information >> Tell Them What The Product Is

  • Descriptions – Write captivating descriptions which describe the product fulfilling every specification they will need to know. This is very important for electronic devices, the more information you provide the less a shopper will research on other sites.
  • Reviews – Get in a habit of sending automatic e-mails a few months after the purchase of an item to accrue reviews on your website. Reviews are one of the most influential factors for the final decision on whether or not to purchase.

Know: Substitutes >> Internalize the Process

  • Compare Products – Add a compare products option to your eCommerce site. If a user is debating between two camera models, allow them to perform a side by side comparison on your site rather than getting distracted and looking for alternatives on competitors eCommerce sites.

Know: Customer Service >> Be Prompt, Be Thorough

  • Above and Beyond – Remember it is much easier to retain a customer than to attain one. With this in mind, be prompt to answer requests, be thorough so it is not addressed again, and go above and beyond to ensure that they are satisfied with your services.

 

You Know, You Understand, How Will You Act?

After understanding what the consumer is going through, what they are looking for, is your website ready for Holiday eCommerce Shopping? Are you set-up to provide what consumers are looking for and keep them on your site, engaged, and purchasing?

If you are in need of Magento eCommerce development contact Customer Paradigm now at 303.473.4400 to talk to a real person about your business strategy. If your website is in need of internet marketing to create incentives and deals for your shoppers, talk to our SEO team and see how we can work to increase your conversion rates.

Sep 7, 2012

Magento Bug with Versions 1.5 and Above – SOAP Shipments API

We’ve recently discovered a bug with magneto version > 1.5.0.0.

Magento’s native SOAP api exposes most of the core entity types (customers, orders, shipments, products, categories, etc).

However, it looks like the Api code wasn’t updated to ensure compatibility with other parts of the core code.

Specifically, we’ve learned that an update to the Mage_Sales_Model_Resource_Collection_Abstract breaks part of the SOAP Shipments API:

Magento Bug Report - API Definition

Magento Bug Report - API Definition

 The problem lies in the definition of the function joinAttribute inside the aforementioned class. You can see from the screen shot that there is an @todo implement join functionality if necessary—however for now, this method does absolutely nothing!

 You will also notice that the magento core team now deems this a “deprecated method.” However, they themselves reference this method in the shipments module. References to this function can be found in:

  • Mage_Sales_Block_Order_Recent
  • Mage_Sales_Model_Order_Shipments_Api

 

Magento Bug Report - Implementation

Magento Bug Report - Implementation

 

Obviously any place where this method is used will NOT return the desired result—-which can cause major problems for installations that have a 3rd party warehouse or inventory system that requires these api methods work correctly.

 

My suggested fix is to replace the joinAttribute calls with ->getSelect()->join calls (you can see info about Zend’s db layer at: http://zendgeek.blogspot.com/2009/07/zend-framework-sql-joins-examples.html)

* Please make sure you either write a module or do a local override in app/code/local if you need to do this!

 

Sep 4, 2012

Magento Retailers Represent With Google Trusted Store Badge

Google Trusted Badge Magento Stores

Get the Google Trusted Store Badge

Magento is now a proudly offering the Google Trusted Store Badge. With Google’s great reputation of advancing the internet, there is a trust associated with their brand. As they continue to increase users experience with every click across the internet, we now see a visible rating for quality.

There are not many forms in which Google rates websites. At least not visible to the common public. We do see the ratings on Google local pages, but that is a reflection of user ratings.

Features of the Google Trusted Store Badge?

 The Trusted Store Badge works as a “report card” of how well your eCommerce store performs. In order to earn the badge your site must exhibit fast, reliable and responsive customer service. Once your website has been approved, you will receive a grade. The badge will hover in a fixed position at the bottom right of your screen so it is visible during the entire shopping experience on your eStore. Upon hovering over the badge the grade will show. Below is a screenshot of the hover view from http://www.dickblick.com an art supply eCommerce store.

Google eCommerce Trusted Badge

http://www.dickblick.com

Benefits & Drawbacks of Google Trusted Store Badge

Potential Benefits

Google has many case studies which support the benefits of having the badge >> View Here

  • Increase in average order size
  • Increase in conversion rate
  • Ability to show an essential rating system on your page
  • Badge show up in Adword ads

Potential Drawbacks

  • Forums have revealed an abundant concern for privacy, the code requires that the shipping address of every customer is revealed to Google.

Get the Google Trusted Store Badge

There are many resources for installing the badge onto your eCommerce store. Many people are coming across bugs trying to replicate the codes. My best advice is follow the steps that Google has put in place.

If you use Magento >> Get the Badge Here

Through Google >> Get the Badge Here

 

eCommerce Platforms for Google Trusted Store Badge

Although you are able to receive the badge through any eCommerce store, this is where people are coming across bugs trying to replicate the code for their own eCommerce platforms. Currently Google has easily integrated this feature with the three following eCommerce sites:

If your current eCommerce store does not have the full functionality you are looking for, consider migrating your eCommerce site to Magento. Magento is a eCommerce platform that was designed with eCommerce in mind and is tailored to maximize sales and usability.

 

Aug 14, 2012

Magento – How to Move A Website to a New Server

How to move your website to a new server

Want to see a magic trick? Server to Server in 10 minutes!

I’d love to write a really long blog about how this is going to happen, but that would defeat the purpose of getting your website moved from an old server to a new server in 10 minutes. Here are the steps, if you have any questions please feel free to call us at 303.473.4400 or fill out a contact form with your question.

Step 1: Login to the old server (server you are moving from) with SSH

 

Step 2: Move the file tree via a tar SSH pipe

  • tar zcf – app lib includes .htaccess index downloader cron.php cron.sh js LICENSE.html media shell skin var

    or

  • | ssh username@domain.com ‘(cd your_directory && tar xzf -)’

    - To those familiar with the “tar” command this will look very familiar

    - To those less familiar with the tar command, essentially we are gzipping files from the old server to the new server over an SSH connection. The “-” in the tar commands correspond to STDIN and STDOUT.

     

 Step 3: Move the Database

    • mysqldump -u username1 -pPassword1 database1 | ssh username@domain.com ‘mysql -u username2 -pPassword2 database2′

- Once again, we are just piping a mysqldump from server to server (via STDOUT and STDIN) the “|” operator connecting the 2

 

Step 4: Update database creds in app/etc/local.xml

 

Step 5: Change base URL’s:

      My SQL:
      • UPDATE core_config_data SET value = “your_new_unsecure_url” WHERE config_id = 3;
      • UPDATE core_config_data SET value = “your_new_secure_url” WHERE config_id = 4;
Server Transfer of Magento Completed

 

Aug 6, 2012

Faster Page Loading with Magento

Increase to Faster Page Loading with Magento Varnish

Of course you want faster page loading…
Why? Because,

  • Faster Page Loading >> Increase in Conversions
  • Faster Page Loading >> Decreased rate of Abandonment from your website
  • Faster Page Loading >> Decreases time for viewers to get distracted while on your website
  • Faster Page Loading >> Increases your Google SEO value

 

Good Solution: Faster Page Loading with Full Page Caching for Magento

With Magento Enterprise, one of the perks of paying $14,400 a year is you receive full page caching which will result in site load times of around 3-5 seconds. A full page caching system occurs when you have visited a website before, and the server basically takes a screenshot of the webpage and reproduces it upon request. This decreases the load time and produces the page back to the user within 3-5 seconds. The only issues with full page caching is that it requires MySQL and PHP to load for every page each time it is requested.

 

Best Solution: Faster Page Loading with Varnish for Magento

Full Page Caching is a great way to speed up your site, but what if you are trying to achieve the optimal site load speed? According to Google research every 0.1 second improvement in site load speed there is a 1% increase in sales. If you are wanting to achieve a 1 second decrease in page load, down to page loads at 2 seconds or even 1 second, Varnish for Magento is your best solution.  

Varnish graph for Magento

At Customer Paradigm we highly recommend for the best optimization that you install Varnish in addition to Full Page Caching to increase your site page load time. They compliment each other to achieve the fastest page load times. To explain the diagram above, the solid lines represent the path of requests your computer goes through when your page is already cached. The additional dotted line represents an extra request that occurs if you do not have caching. As for varnish, the html of static entities such as images or texts are loaded from cache, then Ajax sends a request for the dynamic parts such as “Recent Articles” for that category page or dynamic sidebar filters. Finally, JSON responds with how the dynamic information is to be structured as a JSON array.

Basically, when you install Varnish and a server has produced the request to anyone, the server is able to step in before php kicks in and reproduce the requested page. This decreases a large step in the database, substantially decreasing the page load time.

When a website does not have Varnish or Full Page Caching the server goes through a long process. Each time the server received a request for a page such as /about.html there is a communication with the database to reproduce the html for that page, instead of reserving the page with Varnish directly from a past request.

Comparing Page Loads for Site Speed

Magento Varnish: Benefits & Drawbacks

Increase page load speed with Magento Varnish

Drawbacks: Let’s start with the bad news first

The only drawbacks are when you make updates to your site you have to clear the cache when adding new content or changing things on a page, such as making changes to a post on your WordPress blog. For example, when you create a post and then you realize you have misspelled something, and you go in and edit your WordPress, the change will not show until you have cleared the cache for your site. This occurs with varnish because you have been served the blog page already, and the server will re-serve the same page upon request.

Benefits: The Bottom Line

In this case, the benefits far outweigh the drawbacks. Installing varnish on an eCommerce site is a no-brainer decision.

  • Increase in Conversion - A faster page load time increases the potential for conversions, which directly contributes to your bottom line of profits. If for every .1 second decrease in load time, there is a 2% increase in conversions, where is the loss?
Page Load and Conversions
  • Varnish is a one time set-up - Many applications or extensions require updates with the development of the eCommerce software, not with Varnish. It is a one time installation, that will last for the life of your website.
  • Google Increase in SEO Value - Google has determined that site load time affects your ranking, Google’s end goal is to provide the best user experience to the end user. If your site is the best for shoes, but it takes 8 seconds to load your page this will directly affect your ranking for keywords associated with shoes. Decrease page load time >> Increase SEO value.
  • Better User Experience – We’ve all done it, you click on a website and watch the loading icon spin and spin, eventually we all click back to the Google search and find a page that loads before we have time to move our cursor. Decrease page load time >> Decrease bounce rate from your page.

If you are interested in installing Full Page Caching or Varnish on your website for optimal speed, conversion rates, SEO value and site traffic contact Customer Paradigm now at 303.473.4400 to talk to a real person today or fill out the contact form below.

 

Aug 3, 2012

Gary Fong e-Store Up and Running

 

Poor Magento Customer Service

Gary Fong like many Magento customers received the dreaded screen when your Magento site is down. You type in your url, and ERROR is across the screen. Scrambling to find customer service from Magento to get your site back up and running is always a daunting task. You think after paying for an Enterprise Magento site which comes at no small cost of $14,000 a year, there would be efficient customer service, wrong. Understandably with frustration, Gary Fong began to search for any service to get his site up and running after all it’s like locking your business door and staring through the glass at customers trying to view your products.

The frustration is strewn out across his twitter feed: @garyfong_REAL

 

Call Customer Paradigm for Magento Customer Service

 

Solution: Fill out a Contact Form with Customer Paradigm

for Immediate Magento Support

Not only at Customer Paradigm do we have easy contact forms when you are in need, we also have a phone number directly on the page. I am surprised with the urgency that he needed to get his site back up and running, he didn’t pick up the phone and call us right away at 303.473.4400. We are very responsive to our contact forms, and within minutes of receiving his urgent need his site was back up, his doors for business open and ready for customers.

Customer Paradigm fixes Gary Fong's Magento Site

 

Jul 31, 2012

The Right Questions to Ask When Considering an eCommerce Solution

Questions before choosing an eCommerce Solution

In the world of eCommerce solutions there are many questions to consider for each platform, but the bigger question is, “What are the RIGHT questions I should be asking?” Asking the right questions is a more profitable route rather than narrowing your mind to only one platform and morphing your needs to fit their limitations.

It used to be an expensive task to develop an eCommerce site, there were so many questions, complications and limitations. But times have changed, and now we are walking down the grocery aisle of choices, where brand after brand is shouting out to catch your eyes. When all you want to know is, “which eCommerce solution fits my needs?”

There is no one correct eCommerce platform, each one exists to fill different needs. Some businesses are fine with a low volume, low security eCommerce platform, while others are needing a solution which can handle thousands of products with an infinite number of possible attributes. For example, if you are a business which primarily deals with blogging information, and you sell a few branded T-shirts or tickets then a simple eCommerce WordPress plugin may do the trick. Read more about WordPress eCommerce Plugins vs. Magento.

 

The RIGHT questions to be asking:

Asking the Right questions for eCommerce Solutions

1. Can your products/services be translated into sales over the internet?

If you are a B2C business and are selling electronics, your business is set up to easily translate your products into an eCommerce platform. Each product listing can display the attributes of memory space, processor speeds, graphics rendering, weight, monitor size and resolution. Of course, I am a fan of sleek filters to help the consumer find exactly what they want in the time they have. A filter will narrow down the various attributes (brands, prices, product attributes.. etc.) and display the products that exist within the selected filter.

If your organization is a B2B model and you are selling services such as corporate legal services or consultations this service is not easily translated for an eCommerce solution. The reason that legal services is not a tangible good to sell across the internet is because each product would vary greatly based on the case type. If you were to make legal services compatible for a product listing on an eCommerce site you would have to set a fixed price for each “type” of case. For example a corporate contract law case would be $15,000. This is obviously not a smart choice for legal services.

Do not take this to be the case for every B2B or B2C model. Whether or not your business is suitable for an eCommerce solution is based on the fact that your product/service can be translated into sales over the internet. Some B2C models are filled with products that do not translate easily into sales. Also, some B2B models are products that can easily be translated into sales over the internet such as wholesale outlets who provide products to other businesses.

Pause. If your business products do translate easily into sales over the internet than continue to read. If your business model does NOT translate into sales, then I would encourage you to invest in SEO for your website to increase site traffic, and organic Google rankings for your industry. Read more here for a deeper understanding on >> what SEO is.

 

2. How much product control do you want?

Product Control for your eCommerce Solution

Your initial reaction is, I want as much control as possible, but with the simplicity to get it all done. If I’ve learned one thing, I may be great at things, but I’m not great at everything, and when it comes to making money let’s get it right. My methodology is what features will make my eCommerce solution the best for the end user (my customers)? If there are features and options I wish to offer such as a mothers day discount, or a cyber Monday sale and make a site-wide discount but I just can’t get it done, hiring a knowledgeable and experienced eCommerce programmer can make all the difference.

If you wish to control the price structure for each of your products, then an eCommerce solution is ideal for you. Price structure control would be offering a 10% discount if you spend over $50 which you can create rules for or purchasing 4 products and receiving a 5th for free. It all sounds easy, because these are common sales tactics, but making them happen on your eCommerce platform is more difficult than a simple check box. One eCommerce platform that I highly recommend is the Magento platform. I particularly like this platform, yes because it is one of the most favorable eCommerce solutions, but favorites are favorites for a reason. They are extremely secure which matters the most when processing orders, there’s nothing worse than a customer coming to you saying their credit card information got leaked after a purchase on your website. They also offer endless functionality and customization for product attributes and categories.

 

3. Do it Myself or Hire an eCommerce Development Service?

Customer Paradigm eCommerce Solutions

This can be a tricky question. If you have the knowledge and are tech savvy then developing your own eCommerce site with the occasional consultation from a professional eCommerce company could be the perfect route for you.

If you want to hire an eCommerce Development Service to make sure that your site is set up properly with a clean navigation, optimized product tags, seamless checkout process and customer support then hiring a service may be the perfect route for you. It all comes down to the functionality of your site, and your ability to make that functionality happen.

At Customer Paradigm we make sure that your platform is upgraded correctly, and perform testing to maintain the full functionality of your site. We provide you with a direct line to always contact your project manager. Most importantly, we take the time to understand your business and what you wish to offer to your customers.

If you are in need of an eCommerce Solution please call us now at 303.473.4400 to talk to a real person or fill out the contact form at the bottom of the screen.

 

Jul 6, 2012

Critical Magento Security Update – Zend Vulnerability

There is an important security update for any company using Magento; this was posted yesterday (July 5, 2012) to Magento`s blog.

Magento uses the Zend Platform; the vulnerability is in the Zend software.

The Issue: The vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server.

Summary: We`re not trying to scare you, but it`s really not very good if you don`t apply this patch. An atacker could access all of your customer`s information, your admin functionality, and gain complete access to your site. They could delete all of your products, customers, change pricing. It wouldn`t be pretty.

What Should You Do:
a. Patch it
b. Put in a workaround until it`s patched.

If you`d like us to take care of this for you, we can fix this for you in one hour of billable time (we just need FTP access).  Call 303.473.4400 or visit here to have someone contact you now >>



Technical Details About the Magento Local File Inclusion (LFI) security vulnerability:

The attack is called local file inclusion (LFI) and essentially it allows a hacker to read any file on the server. At a high level, here’s what happens:

 

  1. Someone connects to your Magento installation’s Web API. Great, you think to yourself “I’m checking login/passwords, so I won’t give them anything they don’t have access to. And even if they do have access, I’ll only allow them certain actions (getting orders, creating products, etc)
  2. Your api reads the request using zend framework
  3. Zend framework uses a PHP xml library
  4. You send a response back saying “Sorry, you don’t have access to my api” or “Ok, you just updated your product description”
  5. But little do you know, you also sent back the entire password file! Now your hacker owns the server!!

 

Here’s an example XML request the hacker might send:

<?xml version=”1.0″?>

<!DOCTYPE api_username [<!ENTITY my_api_username SYSTEM "php://filter/read=convert.base64-encode/resource=/etc/passwd">]>

… XML REQUEST …

<api_username>&my_api_username</api_username>

….The rest of the request

 

So, assuming they don’t have access (or they do, this really is just an example) your application might send something back like:

<?xml version=”1.0″?>

<message>Sorry, {insert_api_username_here} you don’t have access</message>

 

But where you just inserted the api username, you actually inserted the contents of the entire password file!

 

Luckily PHP provides us with an easy function to prevent this: http://php.net/manual/en/function.libxml-disable-entity-loader.php

The magento patch works by using this function in the appropriate places.

 

Need help applying this Magento Security Fix?  Call 303.473.4400 or visit here to have someone contact you now >>

May 23, 2012

FedEx Shipping Fix for Magento Versions 1.5 and lower

Customer Paradigm
888.772.0777
303.499.9318


If you`re running the Magento eCommerce system (version 1.5 and lower) and rely on FedEx for shipping quotes, you may need to update your system so that it works after May 31, 2012.

FedEx Shipping Fix for Magento Versions 1.5 and lower

What`s going on: FedEx is switching over to a newer Web Service API, and is discontinuing their older system at the end of May, 2012.

If you`re running Magento Community 1.6 or 1.7.0, you`re fine — this uses the latest system.

If you`re running Magento version 1.5, 1.4 or lower, you need to do a quick extension update, and you`ll be able to continue to use FedEx for shipping quotes.

If you`re not running Magento (but do rely on real-time shipping quotes from FedEx), please check and make sure that your system is going to work after May, 2012.

How can I tell what version of Magento I`m running?
Log in to your Magento admin area. At the bottom of the page (you may need to scroll down), it will read in the center: Magento ver. 1.6.0.0 (or something similar).

How much does it cost to update? The software extension is free; if you would like us to assist you, we can install, test and configure this for you on an hourly basis.

Please call or email if we can help.

Thanks,

Jeff FinkelsteinFounder, Customer Paradigm
Jeff Finkelstein
Founder, Customer Paradigm

303.499.9318

Connect Via Facebook >>
Connect Via Linked In >>
Connect Via Twitter >>

We love referrals! Our Referral Promise >>

 
Customer Paradigm
5353 Manhattan Circle, Suite 103
Boulder, Colorado 80303
Visit our Website
direct 303.499.9318
fax 303.374.6104
toll free 888.772.0777
Web & Print Design • Programming • Email Newsletters • Search Engine Marketing • eCommerce
May 21, 2012

New FedEx Shopping Extension for Magento

Magento FedEx Extension FixOn May 31st, 2012 FedEx will be switching to a Web Service to supply shipping rates in Magento. This means users of Magento CE1.5x or less or EE1.10.x or less will no longer be able to retrieve FedEx shipping rates in Magento.

Fortunately, users can install the Magento FedEx fix extension to allow users of older versions of Magento to continue to retrieve FedEx shipping rates without upgrading to Magento 1.7.

Here are a few items that our developers have learned from our installations of the new FedEx shipping fix:

  1. You have to have the WebShopApps “Logger” extension installed for the FedEx extension to work (but after you’ve set up the FedEx extension you need to disable it per this article – http://wiki.webshopapps.com/webshopapps-logger)
  2. If you are using the “Home Delivery” option you need to set “Residential Delivery” to Yes or it will show as an error. You will need the following credentials to set up the account:
    ID: (Account number)
    – Production Password: (Provided in email once you sign up)
    – Production Meter Number: (provided in sign up success screen)
    – Key: (provided in sign up success screen)

Customer Paradigm is a full-service ecommerce solution featuring Magento website development. From 1 hour to 1000, we can help! For more information about setting up the FedEx shipping fix extension for your Magento store or upgrading to Magento 1.7, please call Customer Paradigm toll free at 888.772.0777 or contact us to speak to a real person now.

Nov 18, 2011

Adapting Google Content to Magento 1.5.0.1

by James Slahor, Customer Paradigm Magento Programmer

Configuring Magento to incorporate Google Content post-Magento Base

Hi everybody. Today I want to talk about a process that I used to adapt Magento to incorporate Google Content for a site called Love ‘n Lace (http://www.lovenlace.com/). I hope that you will find this information useful.

Installing the right Magento extension key

I started by uninstalling the previous Google shopping extension via Magento Connect. Next, I used the the http://connect20.magentocommerce.com/community/Mage_GoogleShopping-0.2.12 extension key to install the extension. This key is compatible with Magento 1.5.0.1.

Creating a new Magento product attribute

Magento Ecommerce Programming Help

After I had installed the extension, I added a new product attribute: ‘availibility.’ (Catalog -> Attributes -> Manage Attributes). drop-down (as opposed to text field) required values = yes scope = global apply to all product types Manage Label / Options Manage Titles Admin = Availability Manage Options 1. ‘in stock,’ position 0, default value 2. ‘available for order,’ position 1 3. ‘out of stock,’ position 2 4. ‘preorder,’ position 3 I then added ‘availability’ under the Default attribute set (Catalog -> Attributes -> Manage Attribute Sets) under the ‘general’ category.

Managing My Magento Products

After I added my new attribute, I went to Catalog -> Manage Products (Love n’ Lace currently has Enhanced Manage Products), and applied the default ‘availability’ values to all products. Since ‘in stock’ is the default value, this forced all products to have ‘availability’ = ‘in stock.’ Next, I went to Catalog -> Google Content -> Manage Attributes, and set default attribute mapping. a. Attribute = Availability, Google Content Attribute = Availability b. Attribute = Price, Google Content Attribute = Price c. Attribute = Product Type, Google Content Attribute = Product Type (Category) d. Attribute = Color, Google Content Attribute = Color

Submitting Google Content

Finally, I went to Catalog -> Google Content -> Manage Items. a. View Available Products b. Select all available products c. Actions -> add to Google content d. Submit! This process may take a while depending on how many products you applied the ‘availability’ attribute to and how many products you are uploading. For Love n’ Lace, about 3000 products took about 20-25 minutes to run successfully. For more information, or for Magento Programming help now, call us at 888.772.0777 or contact us to speak with a real person.
Nov 11, 2011

When Should I Upgrade Magento?

By Customer Paradigm’s Magento Consultant Gillian Owen .

Upgrading MagentoThat’s a question we hear from a lot of our Magento eCommerce clients. The fact is that upgrading Magento can be costly, time consuming and often results in downtime of the store. So, do you really need to upgrade Magento every time a new version comes out? The simple answer is no. Every new version of Magento contains maybe a handful of improvements and a ton of bug fixes. You can see all of the improvements and fixes in each version of Magento here.

We recommend upgrading Magneto when:

  • Magento is more than two versions out of date (example Magento has released 1.6, so if you are still running 1.3 it’s time to upgrade).
  • If you need or want a new feature that is available on a newer version (example, you’d like to have a mobile version of your site and this is available on 1.5+)
  • If a newer version includes a fix for a bug you commonly encounter (example, you frequently need to import customers and run into errors when importing customers from a CSV so you need to upgrade to 1.6)
  • If an extension you require is only available/compatible on a newer version of Magento.

For more information about upgrading magento, or to get Magento programming help now, call us at 888.772.0777 or contact us to speak to a real person now.

Nov 11, 2011

When Should I Upgrade Magento?

eLearning Series

by When Should I Upgrade Magento? That’s a question we hear from a lot of our Magento eCommerce clients. The fact is that updating Magento can be costly, time consuming and often results in downtime of the store. So, do you really need to upgrade Magento every time a new version comes out? The simple answer is no. Every new version of Magento contains maybe a handful of improvements and a ton of bug fixes. You can see all of the improvements and fixes in each version of Magento here. We recommend upgrading when: Magento is more than two versions out of date (example Magento has released 1.6, so if you are still running 1.3 it’s time to upgrade). If you need or want a new feature that is available on a newer version (example, you’d like to have a mobile version of your site and this is available on 1.5+) If a newer version includes a fix for a bug you commonly encounter (example, you frequently need to import customers and run into errors when importing customers from a CSV so you need to upgrade to 1.6)

Nov 9, 2011

A Magento Upgrade for K9 Power

by Customer Paradigm Magento Programmers Alan Barber and Gillian Owen

K9 Power Magento UpgradeWhile eCommerce stores running Magento’s Professional or Enterprise editions are PCI compliant, having PCI compliance on the Community edition of Magento is a little more complicated. The easiest and perhaps most affordable solution is to use a hosted payment method such as Paypal’s PayFlow Link. However, our client K9Power was running an early version of Magento ( 1.4.2) which did not include this PCI compliant payment option. So the decision was made to upgrade them to 1.6.

To start we made a copy of the live site and preceded with a regular upgrade to 1.6 following the usual methods for upgrading magento. However, we ran into a problem during the database upgrade—Magento kept erroring out on a SQL call to drop a foreign key in the `sales_flat_order_item` table. To discover the exact call being made, we hacked the Mage::printException function to see a full error dump. We then manually dropped the problematic key and resumed the database upgrade (which completed successfully).

The next step was to move over the design and custom extensions from the 1.4.2 installation to the 1.6 installation. The design was easily ported, however we ran into an issue with the OrganicInternet Simple Configurable Products extension —it became apparent this module was not compatible with 1.6. After finding a forum discussion about it, we installed an updated version from github, which seemed to resolve the compatibility issue.

Now K9power is running successfully on 1.6 and can utilize Paypal’s PayFlow Link for PCI compliant payment processing. Plus they have the added benefit of now being able to use Magento’s new Persistent Shopping Cart, which saves the shopping cart for a customer even if they leave the site. During this upgrade we also added Memcache and APC cache to increase speed, installed One Step Checkout to stream line the checkout process, and installed the Constant Contact extension to sync his mailing lists.

For more information on upgrading magento, or to get Magento programming help now, call us at 888.772.0777 or contact us to speak to a real person now.
Home | About Us | Magento | SEO | Software | Services | Portfolio | Articles | Blog | Contact Us | SiteMap | Privacy Policy