Magento 2.0, the next generation Ecommerce platform has been beta released now. Magento 2.0 is a significant improvement over Magento platform with lot of upgrade and enhanced featured geared to next generation of Ecommerce solutions. Magento 2.0 is built on a new and modern technology stack and integrates better with third party solutions.
Magento 2.0 is clainming to focus on the following 7 features:
Update the technology stack
Streamline the customization process
Facilitate frontend development
Reduce upgrade efforts and costs
Improve performance and scalability
Deliver better quality, testing resources, and documentation
Increase engagement with the Magento community
Magento 2.0 is a future of Magento ecommerce and is a welcome update benefiting both developers as well as Ecommerce merchants who are looking for more scalable and powerful solutions. check out all the enhancements and updates to Magento 2.0 here.
If you are running a Magento based ecommerce website, then this Alert is for you! A critical flaw in Magento has been exposed which can enable hackers and cyber criminals to exploit your Magento based website and steal your customers Credit card information and virtually take control of your website.
Magento has realized and acknowledged this threat and therefore has released a critical security patch (SUPEE-5344) to counter this threat. The remote code execution (RCE) vulnerability, or popularly called “shoplift” bug, was first by Check Point Software Technologies in late January 2015. They called it RCE (remote code execution) vulnerability. It was then demo to Ebay who owns the Magento platform. Upon confirmation, Magento released the security patch.
How to protect your website:
We suggest all Magento users to immediately download the security patch SUPEE-5344 released by Magento and update your website. Contact your Magento developer for details on this exploit and get the website patched up at the earliest. This flaw affects both Magento Enterprise Edition and Magento Community Edition. To check if your website is already patched, you can go the the following link or click on the image and enter your URL to test.
There has been a major alert from Sucuri Security Blog. All the WordPress users which use most popular plugins are at risk as these WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions.
We advise all WordPress users to take note of this and take the necessary measures or patch up the plugins to the latest version. Since this is a random attack and there is no clear evidence of what all plugins and themes are affected, we would advise all users to upgrade their respective theme or plugin as soon as one is available.
Here are some of the popular plugins that might be affected and need to be immediately updated.
Magento has recently launched Magento Enterprise 1.14.1, major update over the previous version. Magento claims Enterprise Edition 1.14.1 is incredibly faster and stable over it’s predecessor. Using a third party testing Zynovo, Magento claimed the following benchmark stats:
Enterprise Edition 1.14.1 provides superior application server response times versus earlier versions of Enterprise Edition:
38% to 44% faster home page
48% faster simple product pages
27% to 47% faster checkout pages
Server load which is usually on the higher side with Magento was also substantially lowered with the new version. Less load means low utilization of CPU resources making it faster and stable.
Enterprise Edition 1.14.1 provides superior application server CPU utilization:
43% lower than Enterprise Edition 1.14.0
37% lower than Enterprise Edition 1.13.1
39% lower than Enterprise Edition 1.12.1
You can download the complete benchmark testing report here.
This store is getting pretty popular as it deals with selling PC parts across Canada. The website is fully responsive and fully automated requiring minimum monitoring and product management. The backend is fully integrated with with an ERP and accounting system for easy management of orders and processing
Question: Sometimes you don’t want to display out of stock products in search results. How can you enable that option:
Answer: You can hide out of stock products in categories and catalog search through : System > Configuration > Catalog > Inventory > Display Out of Stock Products
Question: Can I easily upgrade Magento to the latest version:
Answer: Magento upgrade can be a tough cookie especially if you have done a done of customization on your website. Magento upgrade should be done through a qualified magento development company who has good experience with upgrades and migration. Try to log the changes and ask your developer about what and where the coding has been altered so that you have a complete log of the changes. this would help to retain all the customization during upgrade process. Always stay updated and upgrade your website to the latest version.
Question: My Magento site is very slow: how to improve site speed and performance:
Answer: There are some the steps to improve your speed
Choose a specialized Magento hosting provider
Enabled magento caching
MySQL Query caching
GZip compression of html,css,js
minify HTML, CSS, JSS (remove all unnecessary white space)
Question: How to get active store information like store name,and line number etc in magento?
answer: Use the following code:
Question: How to generate an XML sitemap in Magento
Answer: You can easily generate an inbuilt XML site map in Magento using the following option: System -> Catalog->Google Sitemap.
Question: How to clean Magento Log Data
Answer: You can easily do this as Magneto system has a built-in for cleaning up log information.
You can also configure your store to automatically clean up these logs.
Question: How can I delete a test order
Answer: You can either use an extension to delete test order or use the following method:
Magento has announced that the latest version of Community edition which is 1.9.1 is now available to download. The latest version comes with a host new and improved features for better shopping experience. We have highlighted some of important features for version 1.9.1.
Better site speed performance and security: Magento Community Edition 1.9.1 works with MySQL 5.6 and PHP 5.5. This is a good update as MySQL 5.6 is a great enhancement and offers merchants improved site speed and scalability, reduced memory usage while PHP 5.5 provides security improvements and ensures merchants have continued access to PHP code updates.
Responsive Design Improvements: This is a major update toward mobile compatibility, the latest version responsive design reference theme includes all core Magento features, including gift registries, downloadable products, multiple wish lists, add-to-cart by SKU, and private sales. Even default email templates are responsive now and can be easily viewed on any device.
Configurable Swatches: Configurable swatches help you optimize the way products are presented on your site. New “swatch” capabilities make products more appealing—and boost conversion rates—by offering shoppers quick access to information, like available colors, fabrics, sizes, and more. Clicking on a swatch automatically updates the product image so shoppers see exactly what a color or fabric looks like, giving them confidence to proceed with their purchase.
In case of lost password, there is a security enhancement, to change their password, a Magento administrator must first enter their existing password.
Check out with PayPal and PayPal Credit buttons now display on product pages for gift cards and dynamic bundled products.
The Zend Framework version has been updated to 1.12.7.
We request all our Customers and followers to upgrade your WordPress website to version 4.0 and above as there a dangerous XSS vulnerability has just been identified in WordPress versions prior to 4.0. Through this critical cross-site scripting vulnerability, hackers can take control of full administration rights of your website through the comments section. WordPress therefore has released an urgent update, addressing this bug and 7 others and recommend the site admins to update to WordPress 4.0.1 at the earliest. Sites that support automatic background updates will not be affected. WordPress has also updated in their blog that the Version 4.0.1 also fixes 23 bugs with 4.0, and that they have made two hardening changes, including better validation of EXIF data extracting from uploaded photos.
A very critical vulnerability in SSL v3.0 has been discovered recently. Poodlebleed is a vulnerability in the design of SSL version 3.0. Poodle is actually an acronym for Padding Oracle On Downgraded Legacy Encryption. The vulnerability allows the decryption to plaintext of sensitive data sent via secure connections.
It is a protocol flaw, not an implementation issue, so every implementation of SSL 3.0 suffers from it. The TLS versions are not affected, so the fix is radical: disable the support of SSLv.3.0 on your server side and switch to TLS. In addition to disabling SSLv3.0 on your own server, you should be ready that the other services your store integrates with (Payment and Shipping Integrations, Antifraud Service, etc) will switch to TLS. For this reason the HTTPS modules (or bouncers) you use on your server for background outbound connections – OpenSSL, perl Net::SSLeay or LibCurl, cURL – are to be of the most recent versions which support TLS.