To help keep you up-to-date with the latest news and ideas from the industry, we have compiled the latest articles from industry leaders and corporate blogs. New content is pulled hourly from each blog's RSS feed. The article links will take you directly to the related blog.
Another year of WordCamp US has come and gone, and we hope everyone who attended – and didn’t attend – found the best hosting solution for their business. This year, our partner Liquid Web was in attendance. Not only did they offer some incredible booth experiences (recap article to come!), but team members also hosted sessions and talked community.
Carrie Wheeler, executive vice president and COO of Liquid Web, talked with the Women in WordPress, discussing her journey to where she is now and how Liquid Web and Nexcess are offering innovative solutions that help both merchants and content creators to do more. Below are some of our highlights.
On her journey to where she is now
“It’s been a “three decade journey. Started in consulting. I started in software development. Spent a couple of decades in telecommunications […] and along that path got super passionate about cloud hosting.”
On why she has such a passion for cloud hosting
“I’ve just seen the entire explosion of technology […] and it is just such a huge enabler for businesses.”
On creating innovative solutions for the community
“We could not be happier to be a big part of this community. We love the fact that it is the democratization of publishing. [And] we’re putting together the best platform you could possibly have for both content and commerce.”
To hear the full podcast, watch the video below or visit womeninwp.com.
The post Carrie Wheeler Talks Innovative Solutions with WIWP at WCUS appeared first on Nexcess Blog.
The goal of ecommerce marketing is to expose a store’s products to people most likely to buy them. There are many ways to achieve that goal: display advertising, email marketing, content marketing, and more.
Affiliate marketing is one of the most popular marketing strategies: 80 percent of brands use affiliate marketing to promote their products. It’s also one of the most cost-effective; unlike display advertising or content marketing, there are few upfront costs because affiliates take on the burden of content creation and promotion.
WooCommerce is an excellent platform for building an affiliate marketing program. A WooCommerce store combines WordPress’s strengths as a content management system and WooCommerce’s sophisticated ecommerce features. With the addition of one of the affiliate marketing plugins we are about to discuss, WooCommerce is fully capable of supporting the largest and most complex affiliate marketing programs.
What is Affiliate Marketing?
Affiliate marketing provides rewards, typically a percentage of the value of a sale, to third parties that refer customers to an ecommerce store. The affiliate fees give marketers, bloggers, and other retailers an incentive to promote the store’s product. Amazon’s affiliate program is a great example. Many blogs and review sites are supported entirely by money paid by Amazon to affiliates who refer customers.
A retailer of high-end audio equipment might create an affiliate program to encourage audiophile blogs to write about their products, for example. The bloggers write reviews, make YouTube demonstration videos, and promote the products on social media. Because the blogger already has an audience of audiophiles, the products are promoted to customers who are already inclined to buy.
It would be expensive for the retailer to pay for social media promotion, blog articles, and video content, but with an affiliate program they don’t pay anything unless a customer is referred and buys a product.
How Does Affiliate Marketing Work?
First, a retailer creates an affiliate marketing program on their store. Then, prospective affiliates join the program. Affiliates are given links with identifying codes to use when promoting the store’s products. When a customer clicks on a link on the affiliate’s site, the store knows whose link was used. Any products bought by the referred customers are recorded by the store, and, at fixed periods, the affiliate marketer is paid their percentage of the sale value.
That’s the nutshell explanation of affiliate marketing, which can get a good deal more complicated, but with a decent affiliate marketing plugin, most of the details are automated. An affiliate marketing plugin also provides a range of analytics tools to help ecommerce retailers to optimize their affiliate program.
Affiliate Marketing Plugins for WooCommerce
There are many affiliate marketing plugins available for WooCommerce, but we’ll highlight two of the best, one premium and one free.
AffiliateWP is a premium affiliate marketing plugin with a comprehensive array of features and its own add-on ecosystem. AffiliateWP is designed to be easy to use, and anyone familiar with WooCommerce should have no trouble installing it and configuring a basic affiliate marketing program.
Standout features include excellent integration with WooCommerce and membership plugins, powerful affiliate management features and analytics with real-time reporting, reliable affiliate tracking, and handy asset management for providing affiliates with branded visual resources and text links.
Affiliates Manager is a free WordPress affiliate plugin that integrates with WooCommerce and other WordPress ecommerce plugins. It’s not quite as feature rich or slickly designed as AffiliateWP, but it has all the features a WooCommerce user needs to recruit, manage, and track their affiliates.
The post Why WooCommerce is a Powerful Affiliate Marketing Platform appeared first on Nexcess Blog.
WordPress’s plugin ecosystem is one of its greatest strengths. As we write, there are over 50,000 plugins in the official repository, a number that doesn’t include premium plugins and custom plugins created for individual WordPress sites. Plugins range in functionality from tiny interface tweaks to full-featured ecommerce applications, all taking advantage of the hooks and frameworks built into WordPress by its developers.
About a third of the web runs on WordPress — tens of millions of sites — so we’re used to statistics about WordPress involving big numbers. However, it’s worth taking a moment to think about what a staggering achievement the WordPress plugin ecosystem is and how many thousands of hours of developer time have been dedicated to creating plugins, the vast majority of which are free and open source.
When Matt Mullenweg started work on WordPress in 2003, it was by no means a certainty that there would be a plugin ecosystem. Many early blogging engines were not designed with a modular architecture. Towards the end of 2003, Ryan Boren joined the nascent WordPress project and his work led to the creation of the plugin system we know today.
Mullenweg created Blogtimes, one of the first useful plugins which is still in the plugin repository, although it was last updated 14 years ago. He also created Hello Dolly, which was bundled with WordPress installations to demonstrate how to build plugins.
What Makes Plugins So Powerful?
Plugins are powerful because they allow anyone to create a feature for WordPress without it having to be included in every WordPress site. WordPress’s history would be very different if every possible feature had to be included in WordPress Core. It would be bloated beyond recognition if even a tiny fraction of the features available as plugins were installed as part of the application, not least because it would lead to a horrendously complex interface.
Plugins serve a purpose beyond allowing WordPress to maintain a slimline application and a manageable user experience. The WordPress 5.0 release lists 12 lead developers and 423 contributors. That’s a lot for an open source project, and it’s challenging to organize so many people, especially when most contribute for free. However, a conservative estimate for the number of people working on plugins is hundreds of times the number working on WordPress itself.
For all practical purposes, it’s impossible to organize that many people to work on a monolithic application while hitting deadlines, maintaining security, and adhering to quality standards. Plugins can be developed independently of the core application, by organizations and individuals that manage themselves, that aren’t tied to the needs and release schedules of the main application, and that can create features that are useful to thousands but that aren’t a good use of the core developer’s time.
Without the plugin system, WordPress as we know it wouldn’t exist. It may not have existed at all in 2019, perhaps being remembered only by historians of content management systems. How many WordPress users are familiar with b2/cafelog, the CMS that WordPress replaced?
Thanks to its modularity and the dedication of thousands of developers, WordPress went from strength to strength and is today one of the most important pieces of software in the world.
The post How the Success of WordPress is Due to its Plugin Ecosystem appeared first on Nexcess Blog.
While ecommerce stores can reduce transaction costs, and so the overhead of running a business, transaction costs still have enough of a presence to chip away at your profits.
Transaction costs traditionally refer to any cost incurred by an entity that maintains or processes the exchange of currency for goods and services. It is not necessarily synonymous with business overhead, defined as the sum of all expenses attached to the day-to-day operations of your business, though transaction costs contribute to it.
What is Transaction Cost in Ecommerce?
The big pro of ecommerce is reduced transaction costs and overhead for both merchants and consumers. Merchants without a physical storefront need not bother with cashiers, warehousing, rent, or the limitations of their geographic location. Consumers, too, enjoy less overhead because online purchases require less time spent browsing and no need to bother with crowds, traffic, or gas.
Interested in an affordable, easy-to-use ecommerce platform? Check out our WooCommerce solutions.
However, ecommerce stores are not immune to overhead, and a sizeable portion of this overhead comes from transaction costs.
In online stores, transaction costs include fees and expenses associated with the following :
Returns and exchanges
Let’s take a closer look at each.
Credit cards are a creature of convenience for many consumers, which is why merchants accept the fees. In theory, the cost of not providing a credit card payment option—lost revenue—exceeds the cost of processing fees.
These fees represent the cost of the infrastructure making such transactions possible, and involve numerous parties. The credit card processor, credit card association and the issuing bank all look to get paid for the effort.
These fees are determined by your risk profile, interchange rates, and various other factors. You pay a percentage of each transaction, a per-transaction dollar amount, or a combination of both (for example, 1.80% + $0.10). In addition, some cards may incur a flat monthly charge.
Typical Cost Breakdown by Card Type
2.5% to 3.5%
1.5% to 2.3 %
1.5% to 2.6%
1.43% to 2.4%
Many online retailers accept these fees as part of the cost of doing business, but some choose to disallow credit cards in their stores and avoid the fee.
PayPal, Stripe, Square, Authorize.net, and the like are payment gateways that handle your customers’ credit card payments. For a fee, they transmit the card data from their payment portal to the credit card processor.
It is somewhat less convenient than a credit card because it requires the customer to 1) create an account for that payment gateway if they don’t already have one, and 2) log in to that account during checkout. Both prolong the process, and long checkout times tend to produce abandoned shopping carts. These represent a constant source of irritation in an industry where the worldwide cart abandonment rate in 2018 was at 75 percent (Statista).
PayPal, a popular choice, is one of the more expensive options. PayPal charges a flat base rate of 2.9% plus $0.30 per transaction (4.4% plus fixed fee for international). While numerous other options are available, PayPal offers brand recognition that other options may not. As with credit cards, payment gateways charge a mix of percentage, per-transaction flat rates, and monthly fees.
Ecommerce platforms are the lowest-hanging fruit of store-creation. Relatively simple to deploy and customize, they remove multiple barriers to entry that would otherwise require a developer. Inventory tracking, payment, coupons, shipping, and countless other features are easily made available to your shoppers.
As you might expect, Shopify, BigCommerce, WooCommerce, and other platforms want to get paid, and these fees are in addition to fees incurred by credit cards and payment gateways.
0.5% to 2% unless using Shopify Payments
Free, plus hosting (upwards of $7 per month)
$29 to $299 per month
$29.95 to $249.95 per month
Unlimited themes; may require dev assistance
10 free themes; others require $
7 free themes; others require $
Returns and Exchanges
Although this is outside of the initial transaction, the threat of chargebacks involves the same payment entities and therefore warrants inclusion.
A refund is a voluntary return agreement between the customer and the merchant. A chargeback occurs after a customer asks a bank or payment processor to forcibly undo the purchase. If that bank or processor investigates the complaint and deems it valid, they forcibly withdraw money from the merchant’s account.
It is designed as a failsafe against dishonest merchants, but any customer dissatisfied with your product and return policy can make use of it. Merchants can dispute the claim, but if the claim sticks, they often pay an additional and expensive fee.
Although shipping falls outside of the direct purview of “payment processors,” it’s essential enough for ecommerce to be considered a transaction cost. Complicating the matter is the general expectation of rapid time-to-delivery. Gone are the days of “please allow 6 to 8 weeks of shipping, and good riddance.
You may be tempted to simply pass these costs along to your customers, but exercise caution. Most customers expect to pay shipping, if reasonable. Even so, if you can find a way to offer free shipping, it will encourage customers to spend more at your store.
How to Reduce Transaction Costs
While transaction costs are unavoidable, here are some measures to take beyond just throwing up your hands and taking your lumps.
Know your needs, then shop around for non-credit card payment providers
As noted above, you have multiple options. The time you spend learning about your options will save you money. If your store uses a specific application like Magento, WooCommerce, or something similar, engage the community, and even consider attending a larger expo like MagentoLive or WordCamp. If your store does considerable volume, you also may be able to negotiate lower rates with banks and credit card companies.
Look for options, but remember the cheapest service may not be the best solution. Investigate the service’s reputation for support, security, and reliability before committing.
Once again, however, removing the in-store option to pay via credit card will likely irritate some customers.
Reduce advertising costs by improving your ecommerce SEO with our complete guide.
Pay respect to customer service
Brand loyalty lives and dies on the hill of customer service. Taking extra steps to keep your customers happy. It will helpprevent costly chargebacks and provide the organic, cost-free marketing otherwise known as positive word-of-mouth.
The definition of “good customer” service has risen in the age of ecommerce. It need not necessarily be “24/7/365,” but most customers expect:
A prompt response, usually within 1 business day
A response that doesn’t sound like a script
An honest effort to remedy the issue
An apology in some shape or form
If you’re unable to consistently provide all of the above, it may be time to hire someone that can. It’s a “symptom” of growth and a good problem to have. Embrace it. Resist the urge to outsource the cheapest option available, as you want your representatives to know your product and the fundamentals of customer service.
And if you’re unwilling to provide all of the above… good luck. You’re gonna need it.
Shipping is arguably the biggest cause of transaction cost in ecommerce, as every transaction demands it. As noted earlier, free shipping is a powerful incentive. Even reduced shipping will help your conversion rate. Try some of these tactics to reduce shipping for yourself and your customers:
Negotiate with your carrier. The more you ship, the more you save.
Use third party insurance. Carriers generally charge first-rate prices for second-rate coverage. Stick with third party insurance companies, who tend to provide much better value.
Watch for fees. Don’t let yourself be surprised by charges for Saturday delivery, delivery signature, and fuel surcharges. Know before you ship.
Use online shipping. Order and print your postage online and it’s almost always cheaper and quicker than doing it all over the counter.
Use size-appropriate packaging. Use the smallest you can without compromising the integrity of the product.
Buy shipping supplies in bulk. Buy in bulk online. That one-time expense translates to long-term savings.
Need other ways to prep for the holiday season? See our Black Friday Ecommerce prep Guide.
The post How Can Ecommerce Help Reduce Transaction Costs? appeared first on Nexcess Blog.
It’s not too late to start circling the wagons the holiday season. Here’s 20 ways to make the most of your Black Friday that don’t involve new code or massive retooling. Use one, or all, or mix and match for maximum effect.
#1 Enable Nexcess Cloud Auto Scaling
One of the main arguments to go cloud is flexible, on-demand scaling. Auto Scaling temporarily assigns more resources to your site when there’s an unexpected uptick in concurrent users, defined as users actively engaging with your content (as opposed to “idling” on your site).
Learn more about Nexcess Auto Scaling and how to enable from our Knowledge Base.
How much does it cost? Not much, unless your site suddenly experiences a prolonged surge in traffic. All Nexcess Cloud accounts get 12 free hours of Auto Scaling. Beyond that, you’re billed only for what you use in 10-minute increments. The cost depends according to your plan, but range between $0.03–$0.16 cents per increment.
To put it into perspective, a store with a plan charging $0.10 per increment, using 24 hours of Auto Scaling, would incur an additional charge of $14.40 ($0.60 per hour X 24 hours). This makes it a cost-effective stopgap measure against unexpected surges in traffic, though extensive use usually points to a need for a service upgrade.
#2 Add Product Bundles to Your Store
Package complementary projects together and offer a small discount. As noted by a Harvard Business School study, customers are quick to perceive value in bundles, IF the business in question continues to offer “standalone” units. In the study, Nintendo reported a massive increase in sales when they added bundles (video game + console) to their store, but reported a 20 percent decrease if they sold only bundles.
How much does it cost? Only the “cost” of the discount, but if a 20 percent discount adds 40 percent sales, then it’s a win.
#3 Use a Content Delivery Network (CDN)
Shopping is a visual experience. At least 90 percent of all site data transfers involve images, video, and other content that take seconds to load in a browser. A wait of 3 seconds or longer tends to send a shopper elsewhere, never to return. While nearly every ecommerce site can benefit from a CDN, shops with international appeal stand to benefit most.
How much does it cost? No, but it’s definitely affordable even before calculating the potential cost of lost business. Plans start at $25 per month.
Learn more about Nexcess CDN plans.
#4 Creating Some Solid Long-Form Content
Yes, attention spans are short, but shoppers are motivated when they’re researching possible purchases. These shoppers tend to be hungry for deeper content, provided it’s free of fluff and filler. The benchmark for “long-form” varies, but generally in the 1200–1800 word range.
The idea is to give potential buyers a reason to visit and remember your site. The topic can be anything, provided the author’s an expert on the topic and it doesn’t sound like 1500-word infomercial.
How much does it cost? It ranges between “free” (if you write it yourself) and “more than a few beans” (if you outsource). Outsource with caution. Despite the long-form label, the emphasis should be on quality content, not quantity of content. In either case, having a clear goal and knowing your audience will do much for your cause.
#5 Check Your SSL Certificate
Don’t wait until zero-hour to discover problems with your SSL certificate. Browsers notify visitors about sites without them, and the warning sends them packing. In most cases, a standard SSL certificate will be more than adequate, and whether or not Extended Validation (EV) certificates provide value is a matter of some debate.
How much does it cost? The annual charge ranges between about $40–$300 per year, depending on the type of certificate. Standard SSL certificates are often adequate, but offer a substantially lower warranty than other, more expensive options. However, Let’s Encrypt is free and will work in a pinch for some websites. Such certificates have various limitations, but they meet the minimum standard of assigning your website the “Secure” browser label and preceding the address with “https://”.
Need an SSL certificate? Check out your options on our website.
#6 Implement Live Chat
A properly implemented live chat system can increase sales, customer loyalty, and even reveal flaws in your site design or user experience. If you’re using Magento, WooCommerce, or another popular ecommerce platform, several plug-ins are available and relatively easy to deploy.
If you’re instead relying on your own platform, it may be best to table starting development until after the holiday at this point.
How much does it cost? Per-month licenses range between roughly $15 to several hundred dollars, with variances for number of “seats,” types of features, and other trimmings. Some, like Livechat for Magento 1, offer a 2-week free trial.
#7 Kick off a social media campaign
If you’re not already tapping social media for a boost, then you’re missing out. One need not be a Social Media Manager to reap the benefits of
Facebook, Twitter, and friends. Run a contest, or otherwise give people a reason to share your product. Showcase your best products and services. Tie in with a discount (see #11) and let digital word-of-mouth do the rest.
How much does it cost? It’s free for starters, but you’ll reach more eyes by paying for promotion status. On Twitter, these are “Promoted Tweets. On Facebook, they’re ads. Both can pay for themselves, provided you’re willing to put a little time and effort into it.
#8. Showcase User-Generated Content
Designating a space on your site for honest reviews is a good start, but this really refers to engaging with and showing off your customers’ stories about your product or service. These are authentic testimonials and consumers are 2.4 times more likely to view them than marketing content.
It takes a little time, but as shown by the below example, it’s not hard. Combine with a giveaway to give it extra traction.
Share your favorite (YOUR_STORE) products with us and you could be featured on our social and website!
Post a photo of your favorite YOUR_STORE product
Tag @YOUR_STORE and #YOUR_STORE
How much does it cost? Like all social media campaigns, it can be free, but consider paying for promotional fees to cast a much wider net.
#9 Create a Cart-Abandonment Email Campaign
The bad news is about 70 percent of all shopping carts never see conversion. The good news is you have a way to bring some of those shoppers back. An effective Black Friday cart-abandonment email campaign is all about timing and presentation. Timing means sending 2–3 emails from Black Friday through Cyber Monday. Presentation means branding that sets you apart from the other marketing emails flooding mailboxes.
Find a perfect subject line, perhaps offer a 10% discount, provide a visual of the item, and include a strong call-to-action, like a BUY button.
How much does it cost? This is more feasible if you already have a graphic designer available, since raw text isn’t a good option. Hiring one just for your campaign might be worthwhile, but if you already have one available, consider making this a priority if you haven’t already.
#10 Use Nexcess DNS
If you’re already our client, using our DNS streamlines support efforts and gives your customers a reliable and fast way to find your site. Repointing your domain name to our nameservers is relatively quick and easy, and our support team is more than happy to help.
How much does it cost? If you’re a Nexcess client, it’s free!
#11 Create Discount Codes
Nearly every major ecommerce platform provides the means to create discount codes. Combined with other options from this list, they encourage sharing between friends and acquaintances, otherwise known as free marketing.
Concerned about overuse? Link the discount to a minimum-spending trigger, as in “spend $75, Get 15% Off” or something similar. Remember you’re not limited to sharing on social media. Also consider email, catalogs, and advertisements.
How much does it cost? Again, it depends on how you view the “cost” of a discount. Most shoppers expect to find discounts on Black Friday, so consider the cost of ignoring discounts.
#12 Make Sure Your Site is Optimized for Mobile
When was the last time you visited your store on a phone or tablet? Over half of all Black Friday shopping occurs from a mobile device. Most
modern ecommerce applications were built with mobile in mind, but don’t forget about emails, checkout, and any other late-season change pushed by your developer. Even if you’re using Magento 2, avoid surprises and explore the common paths for your visitors, from item-selection to checkout.
How much does it cost? If you’re using a credible ecommerce solution, your storefront is likely ahead of the game. If your site is a trainwreck on mobile, then it’s time to hustle, and hustling usually means taking a financial hit. Still, it may be better than frustrating over 50 percent of all visitors to your site on Black Friday.
#13 Expand Your Store’s Search Function
Your store’s search function is the equivalent of a store clerk. The less time it takes a customer to find what they want, the more time they’ll spend in your store and the better things they’ll have to say about it afterward.
While many options exist, current Nexcess Cloud clients using Magento 2 can take full advantage of Elasticsearch, a flexible search engine capable of handling large amounts of both structured and unstructured data.
How much does it cost? If you’re currently a Nexcess Cloud client, we provide Elasticsearch for no additional charge. It does, however, require some knowledge of MySQL and the command line interface, so take proper care or contact our support team for assistance.
Read How to enable Elasticsearch for your Nexcess Cloud account for details on how to add Elasticsearch to your Magento 2 store.
#14 (Magento 2 Only) Follow Our Optimization Guide
Our team sensed a shortage of concrete optimizations for Magento 2 developers, and our Definitive Guide to Magento 2 Optimization was theresult. Filled-to-the-brim with how to get the most from your Magento 2 store, the guide includes proven optimizations for PHP, PHP-FPM, Apache, MySQL, Varnish, as well as benchmarks to back up our conclusions.
How much does it cost? It’s free!
#15 Consider Upsells and Cross-sells for Your Products
Consider implementing up-sells and cross-sells for your products. Upselling is encouraging customers to buy a higher-end variant of their current selection. Cross-selling means making the most of opportunities to sell related products. Most popular ecommerce platforms offer out-of-the-box ways to achieve both, though extensions grant additional functionality.
For cross-selling, borrow a page from Amazon’s book and find a way to present a variant of “Customers who bought this product also bought” to buyers.
How much does it cost? Similar to #6, the cost of applicable extensions ranges between roughly $10 to hundreds. Ask the community surrounding your ecommerce platform to suggest extensions, which can provide exceptional value for their cost.
#16 Create Banner Ads for Your Site and Social
One need not be a graphic designer to design attractive visuals. It’s not too early to start promoting Black Friday and Cyber Monday, and many free templates are available online, like Canva, Bannersnack, and many others. A few hours’ work can generate buzz and get you ahead of the game. Consider combining with discounts and promoted social media posts for extra effect.
How much does it cost? Free to less free, depending on whether you enlist the services of a graphic designer, provide discounts, or pay for promotional placement in social media.
#17 Load-Test Your Store
It’s best to know the limits of your site before Black Friday, not during. The results can give you some idea of whether or not to pursue an upgrade, or just rely on something like Nexcess Auto Scale (see #1). If possible, prioritize the specific URLs of your homepage and checkout page.
If you’re a Nexcess client and are unsure to do with this information, try contacting our support team first. While some of your issues may require a developer’s touch, you may have other options to help optimize site performance.
How much does it cost? Many free options are available. However, prioritize ones that test for “concurrent users,” which refers to the number of users on your site that are actively engaging with your content. Possible candidates include Load Impact, Flood IO, and Loader, among many others.
#18 Make Returns Easy
Provide a clear return policy. Try to keep “no hassle” at the forefront, though reasonable restrictions on timelines are usually acceptable. Your policy should give answers to:
What items can be returned
What items can be exchanged
Which items are non-returnable and non-exchangeable
What options are available for reimbursement (refund, exchange, store credit)
How to ask for a return or exchange
Whether customers will pay for return-shipping
What condition returns and exchanges can be in to qualify (tags, worn, so on)
How long customers from the date of purchase to ask for returns or exchanges
How much does it cost? Returns are arguably the cost of doing business, so we’re marking this one “free.”
#19 Track Everything
Chances are, your store already has tracking tools in place, though most platforms also provide various plug-ins available to expand these tools.
The right tool gives you invaluable data about how customers interact with your site: what they buy, where they spend their time, and how long they visit each page. Like any data, it requires analysis to be useful, but even an hour or two can provide actionable information for 2020 and beyond.
How much does it cost? It depends on your platform and how deep down the rabbithole you want to go. Start with what’s already available in your store and go from there.
#20 Check Out Your Competition
Spy on your competition so you can outdo them! We’re not recommending anything illegal or unethical. The easiest way to do so is to subscribe to their mailing lists and social media feeds. Fair warning: resist the urge to take too many queues from them, or you risk the “cookie cutter” effect of being too similar to your competition. Finding the balance between “inspired by” and differentiation will spell success for your store.
How much does it cost? Unless you’re buying from your competitors, it’s free!
The post 20 Ways to Get Your Store Ready for Black Friday appeared first on Nexcess Blog.
Magento 1 (M1) will be sunsetting June 2020. While the eCommerce platform will still be accessible and usable by both merchants and devs, it will no longer receive official support from either Magento or Adobe. That means that for the 180,000 merchants running M1, the hunt for Magento alternatives is on.
Are you unsure where to go once M1’s life draws to a close? Here, we’ll cover some of your options, along with the pros and cons of each. Hopefully, by the end of this article, you’ll have a clearer idea of where your next step on your ecommerce journey will take you.
Don’t have time to read this now?
Download the After M1 eBook for a complete list of your best options – for when you do have time.
You may be surprised by the first alternative on this list. You’re probably thinking that WooCommerce just doesn’t have the capabilities you’re looking for in a Magento alternative. This is especially true if you have any experience in WooCommerce and the WordPress space. And you may be right; WooCommerce isn’t as functional as Magento. However, it does have its advantages.
WooCommerce sits perfectly between being a SaaS product like Shopify, and being a self-hosted ecommerce CMS you have full control of like Magento. It plays a fine line between ease of use and feature sets, and it does so brilliantly. You may be surprised by the types of stores that are on WooCommerce. It’s not all small businesses.
In 2018, WooCommerce looked into its user base in more detail. They analyzed stores to see where they are coming from and their size. What they found was surprising.
WooCommerce is not the ecommerce platform of small merchants some developers think it is. There are a number of larger stores using it as well.
A large number of WooCommerce stores actually fall between the $100,000 to $500,000 range, with some extending as far as $1 million in annual revenue. Brands that have made WooCommerce their ecommerce platform of choice include Blue Star Coffee, Weber, Ripley’s Believe It or Not, and Singer.
WooCommerce is not the best choice for large stores that involve a lot of moving parts. But it is a great Magento alternative for smaller and medium-sized stores looking to take control.
Why use WooCommerce instead of Magento?
It’s very easy to use, while still offering impressive flexibility for developers
It offers a large number of plugins to increase functionality
It has a large selection of themes and templates
It’s lightweight, so can load content faster
Why use Magento instead of WooCommerce
WooCommerce, while flexible, doesn’t have the ecommerce functionality of Magento
Magento is better for growing merchants
Magento has a great community that supports ecommerce specifically
Stay on Magento 1
Your second alternative isn’t an alternative, and comes with a question. Why make the move at all? Have you thought you need to make the move because of the warnings you’re seeing from the community and in your installation?
Sentiment regarding the Magento 1 End Of Life is split in the community. Fears regarding security vulnerabilities, loss of PCI compliance, and more are on one side. While devs offering continued support and security updates are on the other.
As a hosting provider, we will continue to support merchants that wish to stay on Magento 1, by making sure to keep our web application firewall up to date to help with security. We’ll also continue to maintain server-side performance optimizations for the first version of Magento.
Staying on Magento 1 means doing everything you can to secure your site. From hosting to development, don’t cut corners when the future of your store is at stake.
If you decide that staying on Magento 1 – even if just for the time being – is the right move for your store, then there are a few things you’re going to want to do. Firstly, upgrade your store to Magento 1.9. Unlike replatforming, this does not require much work or expense and is a simple patching process.
You’re also going to want to upgrade any other software you’re running as part of your application stack. This includes your PHP, MySQL, and Apache versions, along with any other applications you’re running as a part of your stack. The Nexcess support team can help with this. Get in touch and we’ll make sure your hosting environment is as secure as possible.
Finally, don’t forget to communicate with your developer (if you have one) about what they think staying on Magento 1 means for your store. Some developers will try their best to accommodate you and put in place safeguards so your store isn’t exposed to vulnerabilities.
Why Stay on Magento 1 instead of moving to Magento 2?
Download and read After M1 to find out more detailed reasons for why staying on M1 may be the right option for your store.
BigCommerce (For WordPress)
Perhaps WooCommerce isn’t the right fit for your store. Maybe Staying on Magento 1 is out of the question. Where do you go next?
BigCommerce started out as a SaaS application but has since expanded into the headless (decoupled) market. We offer this as an option in the form of BigCommerce for WordPress. The Advantages? Merchants can use both the backend of BigCommerce for ecommerce management and the frontend of WordPress for displaying it.
This means is more flexibility, better potential user experiences, and the ability to ramp up your content marketing strategy. Remember, content and product SEO are different, so don’t charge in head-first if your not as experienced with content SEO.
BigCommerce is the Magento alternative for merchants looking for both great content and product management capabilities.
BigCommerce for WordPress also comes with premium support from both Nexcess and BigCommerce. In the event something goes wrong on either the application or the hosting side, you’ll immediately be able to reach out to a relevant member of the support staff to resolve your problem. The faster it’s resolved, the quicker you’re going to be able to start selling again.
Why choose BigCommerce instead of Magento?
It offers both great ecommerce and content functionality
Both BigCommerce and your hosting provider are able to offer support
Why choose Magento instead of BigCommerce?
Magento still offers more in terms of functionality
BigCommerce charges transaction fees
BigCommerce is a closed source application without the development community of Magento
Perhaps you’re a developer or merchant that loves to live on the bleeding edge. Maybe you’ve always prided yourself on staying up to date with the latest and greatest. Or perhaps you’re all about taking the reins when it comes to functionality.
If that sounds like you, then Sylius is probably your platform of choice.
Sylius is an open source ecommerce platform that runs on Symfony. That means more customization, more functionality, and stronger alignment with dev best practices. Plus, with it being open source, the community for support only continues to grow.
Currently available in standard and enterprise forms, Sylius is a good option if you’re looking to stay ahead of trends in web development. However, if your store needs to remain reliable, then it may be better to look elsewhere.
Why choose Sylius over Magento
Sylius is cutting edge in ecommerce web development
It allows merchants to create a heavily customized ecommerce experience
Why choose Magento over Sylius
Magento has a longer history and is a more secure foundation
There is a larger selection of extensions for Magento
You may be limited by your programming expertise
On the other end of the functionality spectrum is Shopify; a SaaS application built to make ecommerce easy.
Shopify is one of the more popular options around, and it’s easy to see why when you take a look at its ease of use. For small merchants, the process of going from store idea to selling is quick and easy. However, this ease of use isn’t all it’s cracked up to be – especially when a store starts to grow.
Shopify is a good option for merchants getting started in ecommerce, but as they grow its limitations become increasingly apparent.
Shopify comes with a number of limitations that can ultimately hurt a merchant’s bottom line.
One of the most significant of these limitations is transaction fees. While alternatives like WooCommerce and Magento let merchants use a number of different payment processors without needing to pay transaction fees, Shopify only allows you to avoid them if you use Shopify’s payment service. This can cause problems with lock-in once you start needing an alternative.
Other limitations also start to appear when considering Shopify SEO. These include:
A rigid URL structure
Limitations to meta titles and descriptions
A locked robots.txt files
An inability to edit tag pages
No good way to handle duplicate content
For merchants that want their store to rank for important search terms, these SEO limitations can quickly outway the advantages that come with Shopify’s ease of use – especially if you’re a merchant with a lot of products.
Why choose Shopify over Magento?
It’s easier to use and get started with
It comes with a large selection of templates and themes
Why choose Magento over Shopify?
Magento offers more in terms of flexibility and functionality
Magento doesn’t have transaction costs
Shopify has some serious SEO limitations
Prestashop is another option that works well for merchants looking to leverage a platform that offers ease of use.
Originally released in 2008, Prestashop comes in both self-hosted and SasS forms. While the user base for both has diminished over the last few years, it’s still a strong competitor for small stores.
Moreover, perhaps because of its self-hosted background, when compared with other SaaS platforms, it manages to hold its own in terms of functionality. Some of the main reasons you may decide to use Prestashop include:
Easy to use and intuitive interface
A good selection of themes and templates
Over 3,900 extensions for expanding functionality
A lightweight platform that is usually fast
Despite these advantages, Prestashop, like Shopify, just can’t compete with some of the bigger players in terms of functionality and flexibility. For medium stores or those that expect to grow, it quickly becomes a bottleneck that prevents continued growth.
Prestashop is a good option if you’re looking for a platform that offers ease of use. But it trails behind some of the more powerful options in terms of functionality.
Magento, for example, offers a number of complex options and tools for managing omnichannel customer journeys and multi-site stores with localization requirements. This is an advantage that can particularly help stores with international customers. Localization with Prestashop doesn’t offer the same level of detail or a truly “local” experience.
Prestashop – just like Shopify- also falls down in terms of SEO. In fact, stock Prestashop doesn’t even have some SEO features you would expect to see, like meta titles and descriptions. To gain access to that functionality you have to download an extension.
Overall, Prestashop isn’t the best option on this list. It does, however, offer a suitable alternative to Magento for merchants looking to simplify their commerce experience.
Why choose Prestashop over Magento?
Prestashop is easier to use and develop with.
Prestashop offers a large number of themes and add-ons
Why choose Magento over Prestashop?
Prestashop has terrible SEO features
Magento offers more in terms of features and functionality
The post 6 Magento Alternatives You Should Be Considering After Magento 1 appeared first on Nexcess Blog.
Changes to your website are inevitable. Whether refreshing your theme or applying a critical security update, sites are living environments that can react unpredictably to well-intentioned changes.
Any change, small or significant, can disrupt or even break your site when carelessly applied. Such disruptions torpedo both your sales and your customers’ trust. Properly executing these changes can be the difference between an unnoticeable hiccup and a prolonged outage.
If you already enjoy the services of a knowledgeable web developer, then you’re likely all set. If you’re not – or if you have reason to suspect their qualifications – read on.
Hope for the Best, Plan for the Worst
Dev sites give web developers a way to test under-the-hood changes to a website with far less risk. It is a separate, private version of the live site that for safe testing of new code and features.
One common scenario is the discovery a critical security vulnerability in your CMS (Magento, WordPress, Drupal, what-have-you). A patch is quickly released, and every minute you delay applying makes you a bigger target for attack. Pressed for time, you immediately apply the patch to your production (live) site. The patch breaks your site. Worse, the lack of preparation makes reversion painful, and the outage extends into hours. You lose time, money, and customers.
As usual, the best solution is prevention. Making changes to your live site is, at best, a roll of the dice. Don’t hope your site functions after a patch or major update – know it by testing changes before making them live.
Not Just for Developers
It’s not uncommon to hear “dev” and “staging” used interchangeably. This is fine, provided your developer knows the difference. Even if you have no need of a developer, a functioning dev or staging site acts as a buffer between uncertainty and reliability.
In the traditional model of web development (dev > staging > production), dev servers are essentially a web developer’s sandbox. They often live on local machines, rather than servers. This is where developers experiment with new features and code, or other changes that aren’t ready to glimpse light of day. Sometimes, they function as approximate, non-public copies of your production site, while other times they bear little resemblance at all.
Staging acts as the bridge between dev and production, and is usually a private copy of your live site. It is hosted on a server and likely mirrors the resources and hardware used by your production site. As such, it will keep you from breaking your site by updates to:
Better with Backups
If your site breaks, having a current backup makes it much easier to revert. Full backups take considerable time and space, but these are usually required only when your team is uncertain of the changes’ scope. Patches and upgrades fit this bill. Small changes, such as those that edit a single file, may require only the backing up of a single file. Regardless of scope, these backups will accelerate any and all recovery attempts down the road.
As detailed in our Backup Policy, we provide automatic 30-day backups, but urge our clients to maintain a deeper and more current history. Redundant backups are the ultimate failsafe.
Flexible Dev Sites with Nexcess Cloud
For minimal cost, Nexcess Cloud clients can create a dev site at the touch of a button. We designed our dev site functionality to be flexible enough to meet the needs of any client or development process.
Nexcess Cloud dev sites mirror your production site and environment, including your database. The dev site-creation process replaces personally identifiable information (PII) with placeholders, which means you can hand off development work to agencies without having to worry about the security of your customer’s data.
Creating Dev Sites in the Nexcess Cloud
One of the many great things about Nexcess Cloud Services is the ability to deploy Magento and WordPress dev sites at the click of a button for a small additional cost. For more details, see How to create dev sites in Nexcess Cloud.
For help matching a hosting solution to your needs, please contact our sales team between 9 a.m. and 5 p.m. eastern time (ET), Monday – Friday.
The post What Is a Dev Site? appeared first on Nexcess Blog.
In our annual State of Hosting, we found that uptime remains the chief concern for most merchants. Uptime, though critical, is one of only many things that can go wrong with web hosting, and the measure of a solid web hosting provider often means more than 99% uptime.
Within, we highlight how to resolve or prevent common web hosting errors like poor uptime, slow performance, and other key areas.
Visitors have little patience for a slow site. Your product, customer service, and deals won’t matter much if it makes users wait. Over half of visitors leave a site when a page takes more than 3 seconds to load, and most of them will not return.
A slow site may not always be the fault of your hosting provider, though a credible one will do everything they can, such as:
Providing optimized environments for your chosen application (Magento, WordPress, WooCommerce, Drupal, and so on)
Current technology, though unproven “bleeding edge” tech can be cause for concern
Provide scalable solutions that can temporarily or permanently meet the needs of your growing business
What to Do About It
If your site sputters, start with your hosting provider’s support team. Competent support teams will investigate the issue and resolve it if they can. If the cause is beyond their control—poorly written website code, an unpatched Magento installation, unexpected surges in your site traffic—they can help diagnose the problem and suggest options for resolving it.
Beyond contacting support, you can try:
Using a CDN service
Limiting your use of dynamic content in favor of static content, especially on your high-volume landing pages
Enlisting the services of a developer, or having conversations with your current one
Patching the platform running your site
Limiting your use of third-party extensions, and make sure the ones you keep are current
Simplifying your web design
Enabling caching on your content management system of choice, if available
Poor Security or PCI Compliance
With security, you have enough to worry about on your end without wondering whether your hosting provider is holding up theirs. No security system can claim perfection, but consider any of the below to be hosting provider red flags:
Irregular or missing maintenance windows; though sometimes inconvenient, these represent a commitment to providing a secure and stable service
Inability to provide secure file transfer protocol (SFTP); FTP is generally considered unsecure
Failure to provide their AoC upon request (see below)
Support can’t answer your questions about SSL, a fundamental need of nearly every legitimate website
Unclear backup policy; while it’s best not to rely only on your hosting provider’s backups, every reputable provider will provide them
Outdated versions of PHP or MySQL; your provider should be using versions well outside end of life (EoL).
What to Do About It
The best policy here is prevention. Don’t wait until your host fails at security to verify its effectiveness. Ask your hosting provider for their Attestation of Compliance (AoC), and consider any resistance to providing it to be a huge red flag. And always remember that as a merchant, you must do your part for PCI compliance even after rolling with a PCI compliant hosting provider.
Learn more about How Nexcess Helps Your Store Stay PCI Compliant.
Beyond the AoC, check the hosting provider’s website, followed by their reputation. If they provide a fair amount of original content about PCI and security, then they likely have some experts on their team. If the hosting provider specializes in a particular platform, ask other people using that platform about that provider. People that experience problems with web hosts are rarely shy about sharing their story.
Although “high cost” is a common complaint, it’s usually more productive to think in terms of value. For example, unmanaged hosting is usually cheaper than managed hosting because the former offers little more than a power source, the network, and a secured facility. Support is usually not on the menu.
The end result is a low-cost hosting provider. This can suit the needs of some, but others would be wise to consider the value of well-managed hosting, even if it costs more in strict dollars. Managed hosting with a good provider means less maintenance, hands-free updates to server operating systems, and dedicated 24/7 support.
What to Do About It
If you feel your hosting provider doesn’t provide enough to justify their cost, it’s probably time to find another. Again, word-of-mouth and reputation go a long way here. Talk to others in your community—merchants using the same platform with similar needs—and ask them for suggestions. Go to a convention or two, spend some time on GitHub, or find a forum. Sure, it takes time, but it can save you downtime and headaches down the road.
When it comes to web hosting, troubleshooting is essential and expected. It is perfectly reasonable to expend your hosting provider to respect your time, and to respond to any service disruption to your service with urgency. Even if an outage is beyond the control of your hosting provider, they should be willing to communicate and sympathize with your situation throughout.
Ideally, the more ways to reach support, the better. 24/7 support is pretty much the standard for modern managed web hosting, with reasonable allowances for shopping-season ramp-ups.
What to Do About It
Assuming a slow response isn’t an outlier, express you dissatisfaction with a member of support leadership. Even when you have justifiable cause to be upset, keeping your temper in check while expressing your irritation often yields more desirable results. Humans act more efficiently when treated well and support teams are no exception.
However, if they’re grossly incompetent, then it’s time to shop around using the same method described in the above “Cost” section.
When it comes to hosting, nobody likes surprises. This applies to uptime, bandwidth, storage, scalability, and many other facets of your service. Reputable web hosts will be up front with how they distribute resources and bill for their services, and provide additional details when asked.
That said, take the time to read the provider’s Service Level Agreement, which tends to provide reasonable legal wiggle room in the event of unavoidable disruptions to your service. The presence of an SLA is not in-and-of-itself a red flag—nearly every hosting provider has one—but taking the time to read it can give you a better understanding of what to expect.
What to Do About It
Prevention does a lot. Do your homework on your hosting provider and ask their sales or support teams plenty of questions. If they break a promise or guarantee, hold them to it!
Site outages and downtime
Downtime costs you money. Most web hosts recognize this, and adopt proactive measures to minimize downtime as much as they can. “One hundred percent” uptime is strictly impossible, as even the most conscientious web host must perform occasional maintenance, failing upstream providers, and other issues beyond their direct control.
You should know about every planned maintenance window capable of affecting your service well in advance. The rare hiccup to your service is inevitable; the real tell is how your hosting provider reacts to it.
What to Do About It
The more times you answer “no” to these questions after any given outage, the more you should consider heading for another host.
Are disruptions and outages a rare event for this provider?
Are they reasonably transparent?
Did they apologize (even if not directly their fault)?
Did they respond to you in a reasonably prompt manner?
If they proposed a timeline, did they honor it?
Did they avoid accusing you of “breaking something”?
Did they resolve your issue, or at least guide you toward a solution?
If it was an extended outage, did they compensate you somehow?
If they required action on your part, did they provide clear instructions?
Ideally, your web host will make it relatively easy for your service to grow with your business. One of the major selling points of cloud services is quick-and-painless scalability. Cloud technology makes it easier to allocate extra resources to your service on-demand, as well as provides a cleaner, migration-free path to permanently upgrading (or downgrading) your service.
What to learn more about cloud hosting? ReadWhat Are the Advantages of Cloud Computing (and Hosting)?
If you’re married to a non-cloud solution and need to migrate, your hosting provider should be discussing options with you before pushing for migration. Respectable hosting providers look for ways to improve your service before upselling. If migration is necessary, they are transparent about the process, listening to your needs, and keeping you informed every step of the way.
What to Do About It
Cloud hosting is the answer in most cases. Yes, it tends to cost a little more than non-cloud hosting, but in exchange you receive flexibility. Your site will respond better to sudden, unforseen surges in traffic and be easier to move when your business outgrows your website.
Inadequate Tech Stack
A stack is a bundle of software designed to run a server. They range in complexity and purpose, and not so long ago a Linux/Apache/MySQL/PHP (LAMP) stack was considered adequate for hosting purposes. As modern web applications have risen to prominence and in complexity, this is no longer the case.
In 2019, stacks also serve to accelerate performance for the web applications running on those same servers. At Nexcess, our cloud web application draws on 20 years of experience to build a stack with components that work together to provide enough resources for modern web applications. While established players like Apache and PHP play undeniable roles, we’ve expanded it with several other technologies, most notably Nginx, Varnish, and for Magento, ElasticSearch.
Nginx is a full-featured, high-performance web server that excels at serving static content. In our cloud stack, it also handles Transport Layer Security (TLS) decryption necessary for HTTPS connections, and does so much more efficiently than other possible alternatives, like the web server itself.
When properly configured, Varnish takes over caching requests normally handled by Apache and Nginx, and so provides fast delivery of static and dynamic content.
ElasticSearch (Magento only)
ElasticSearch is a search engine that allows customers to quickly find one product among thousands. Available as part of our Magento cloud service, Elasticsearch is fast and scalable for both structured and unstructured data, with support for 34 languages.
Looking to add ElasticSearch to your Magento store? See our website for details.
What to Do About It
Before drawing any conclusions about a hosting provider’s tech stack, engage with their support or sales team to explore their other offerings. Be wary of any effort that doesn’t ask specific questions about your goals or business. Ethical hosting providers will work with you to identify and fulfill your needs, as opposed to just offering a knee-jerk upgrade.
Curious about how we optimize a CMS like Magento 2? Check out our white paper, The Definitive Guide to Magento 2 Optimization.
Each content management system had different needs. What works best for Magento often isn’t ideal for WordPress, and so on. Experienced web hosts know the “what” and “how” of these optimizations more than players new to the game. If your store uses Magento 2, ask your provider how long they’ve been hosting Magento 2 sites, and what they can offer you that other hosts can’t.
Need help finding a web hosting solution that works for you? Contact our sales team between 9 a.m.– 5 p.m. eastern time, Monday to Friday.
The post 8 Common Hosting Problems (and How to Avoid Them) appeared first on Nexcess Blog.
MagentoLive Europe 2019 arrives in only a few weeks, bringing Magento merchants and innovators from around the globe to Amsterdam for arguably the biggest ecommerce event on the continent.
What and When is MagentoLive?
The Magento community hosts various global events designed to connect and educate developers, merchants, and ecommerce influencers. The largest of these is Imagine, envisioned as the definitive global gathering of the Magento community. MagentoLive serves as a complement to that event, in essence a more “localized” version of Imagine.
The short version is almost anyone involved with Magento—in any capacity—will benefit from attending.
Adobe, who purchased Magento last year, will have a significant presence with four Keynotes and over two dozen Breakout Session speakers (out of 8 and 48 total, respectively). Add to this sessions from Magento Masters, Google, and other big players from the ecommerce space, and it’s impossible not to leave with new knowledge or inspiration.
Almost anyone involved with Magento—in any capacity—will benefit from attending.
MagentoLive Europe 2019 takes place between October 22–23 at the RAI Exhibition and Conference Center in Amsterdam, Netherlands. Magento expects over 2000 commerce professionals to attend—here’s how to get the most out of the event.
3 Reasons to Get Excited About MagentoLive Europe 2019
Get excited! It’ll make it easier to find time to plan ahead, and you’ll get significantly more return on your investment.
1. Session Variety
Whether you’re a Magento fanatic, developer, merchant, or even just considering adopting it for your storefront, there’s something for everyone at MagentoLive Amsterdam. Session topics include hands-on labs, marketing strategies, product reviews, technical solutions, and countless other options. Most sessions last an hour or less, but they can overlap.
You can get started prioritizing your favorites by viewing the MagentoLive agenda. Note that some events, hands-on labs, and certifications require registration in advance.
2. Networking Opportunities
Keep an eye on social media, starting with #MLEU, #NexcessLive, and feeds of your other favorites. Put names to faces in an environment where every vendor is putting their best foot forward to earn your business!
Not sure how to handle Magento 1 end-of-life in June 2020? Read our blog post, Magento 1 vs Magento 2: Should You Stay or Should You Go?
If you’re a developer, consider arriving a day early to take part in Contribution Day. See the Session Highlights section below for more information
3. Adobe’s Roadmap for Magento
Adobe’s 2018 acquisition made waves in the Magento community. Although they’ve integrated the platform into their Experience Cloud, they’ve also declared their intent to respect and utilize Magento open source community in this effort.
Judging by the volume of Adobe presenters at MagentoLive Europe 2019, the company appears intent on showing, rather than just telling, how they plan to proceed. President Paul Robson is only one of several members prominent keynote speakers from Adobe, and it’s fair to say they’re expecting your questions about what lies ahead.
Whether you’re a Magento fanatic, developer, merchant, or even just considering adopting it for your storefront, there’s something for everyone at MagentoLive Amsterdam.
Your mileage may vary according to your role and needs, but here’s some highlights of the wall-to-wall events at MagentoLiveEurope 2019. The variety caters to tech-savvy developers, commerce-focused merchants, and everything in between.Space is limited for some events, so register early whenever possible!
Monday, October 21, 9 a.m.–5 p.m.
Technically, this is pre-game as it starts a day before the official MagentoLive Amsterdam festivities. Contribution Day allows you to rub shoulders with talented members of the community, where you can learn about how to submit contributions or find solutions to your most pressing challenges. The event spans 7 hours, though day-long attendance is not required. Unwind afterward by closing with their cocktail hour.
Early Adopters of Progressive Web Apps
Tuesday, October 22, 9–10 a.m.
New to the ecommerce landscape in 2015, progressive web apps (PWAs) are now an industry standard. PWA Studio is a collection of tools designed to make the most of the technology on the Magento 2 platform. It’s a relatively pain-free way to learn from other people’s mistakes. Both presents are Adobe representatives: James Zetlan, Sr. MTS Architect and Eric Erway, Sr. Manager, Product Management.
How to Digitally Transform and Scale a Traditional B2B Business
Tuesday, October 22, 1:30–2:15 p.m.
The need to scale is usually a welcome symptom of success, yet still capable of causing headaches and sleepless nights for unprepared stores. Featuring the founder of Juzo, a medical compression manufacturer, and the Founder/CEO of Techdivision Gmbh, their developer, learn about how they addressed the challenge of configuring 50,000 product variants for their Magento store in less than 6 months.
Hands-On Labs: Get to Know Adobe Target and Adobe Analytics
Tuesday, October 22, 1:30–3 p.m. (arrive 15 minutes early)
As Magento is now part of the Adobe Experience Cloud, why not learn more about two other tools already optimized to work with this platform? Like all hands-on labs at these events, you’ll get your hands dirty with firsthand experience creating reports, dashboards, and analytics.
Migrating from Magento 1 to Magento 2: Strategic Planning for Business Leaders
Tuesday, October 22, 9–10 a.m.
Magento 1 end of life is just around the corner (June 2020). Whether you’ve settled on Magento 1 or not, this session will guide your strategy away from common mistakes and into the clearer waters of realistic timelines. Presented by the tandem of Ray Bogman, Adobe Sr. Business Solutions Architect, and Jos Pieters, Jac Hansen Ecommerce Manager & Product Owner.
Don’t get caught holding the bag. Check out Magento 1 End of Life: What You Need to Know.
Winning Loyalty on the Shipping Battleground
Tuesday, October 22, 2:30–3:15 p.m.
Remember the days of “Please allow 6 to 8 weeks for shipping?” Neither does anyone else. After quality, customer care, and shipping are the Big Three of sustainable growth. This session highlights the latest innovations from three presenters: Matthew Waslet, Adobe Product Marketing Manager; Aynsley Peet, Cox & Cox Head of Ecommerce; Leedert van Delft, DHL VP Global Sales & Digital Marketing.
Magento Product Roadmap
Tuesday, October 22, 3:45–4:30 p.m.
Want to know what the future holds for Magento and Adobe Experience Cloud? This is the place. Four Directors of Product Management from Adobe give you the scoop on Magento Commerce, Order Management, Business Intelligence, and Cloud.
Hands-on Labs: Getting Started with PWA Studio
Wednesday, October 23, 9–10:30 a.m. (arrive 15 minutes early)
Another hands-on lab, where attendees will set up Venia PWA on Magento 2, use Graph QL, and work with PWA Studio. Hosted by Adobe Sr MTS Architect James Zetlan.
Commerce Obsessed: How to Map a B2C Customer Journey
Wednesday, October 23, 10–10:45 a.m.
For consumers, the “cost” of your product also extends to the time involved paying for it. The more efficient and dare-we-say fun you can make your store experience, the more customers will tend to spend. Expect to learn about trends, but also to see real-world examples of customer journey experiences. Led by Ryan Green, Adobe Senior Manager of Strategy.
Expanding the User Experience: Site Reviews
Wednesday, October 23, 10–10:45 a.m.
Let the Magento UX experts review your store and provide constructive feedback on how to increase customer satisfaction. Almost any store has room for improvement. The emphasis is on “actionable advice,” so you stand to benefit as long as you check your ego at the door.
Secure Commerce with Magento
Wednesday, October 23, 10–10:45 a.m
Magento’s popularity makes it a prime target for bad actors. The good news is that Magento is well aware and working hard to stay ahead of the game. Topics include PCI compliance, cloud security, and general best practices for keeping your store secure. Led by Adobe Senior Product Managers Yevhenii Pyltiai and Piotr Kaminski,.
DevExchange & Networking Event
Wednesday, October 23, 3:30–5:30 p.m.
A laid back session that serves as last call to share brains with fellow developers. Compare war stories. Learn from each other. Meet awesome people. Led by Sherrie Rohde, Magento Community manager for Adobe.
The post How to Get Ready for MagentoLive Europe 2019 appeared first on Nexcess Blog.
At the beginning of the year, the Nexcess research team put together a report on the State of Hosting at the start of 2019. In it, we predicted that Data Protection would only increase in importance, headless implementations would become more mainstream, and development would improve as hosting infrastructure continued to decrease in visibility.
It’s now approaching the end of 2019, and many of these predictions have come to fruition. Most vitally, for ecommerce stores, this has meant an increased lack of division between content and commerce.
In 2018, 67 percent of Magento store owners stated that they plan to adopt PWA at some point in the future. Their reasons for doing as such were the improved development capabilities of headless implementations, and the ability to stay ahead of the curve. This wasn’t just because of infrastructure. It was also because of content.
The division between content and commerce isn’t what it once was. This means more opportunities in a wild west-esque content landscape.
According to Technavio, a leading market research company, the content marketing industry is set to grow by 16 percent between 2017 and 2021. According to their lead researcher, the reason for this is that “The effectiveness of traditional marketing is decreasing by the day. Companies must adopt the latest marketing trends to enhance their business and increase their consumer base.“
The important takeaway here is that companies are trying to adopt the latest marketing trends to stay ahead. In 2019 and 2020, that means content.
Is Content Marketing New?
Content Marketing is nothing new. According to the Content Marketing Institute, one of the first recognized examples of content marketing was from none other than Benjamin Franklin. In 1732, he published the yearly Poor Richard’s Almanack. The reason? To promote his publishing business.
Then, in 1801, the bookstore Librairie Galignani recruited a content strategist to help them grow their business. Most significantly, this meant creating a newspaper that featured excerpts from famous writers and books. And then there were many, many other content marketing efforts from companies around the world. Each more innovative and influential than the last.
Content Marketing has been around for a long time, but it’s only relatively recently that commerce businesses have started to ramp up its importance in the digital space.
Enter the digital age. Content marketing experts initially continued to invest heavily in traditional forms of content marketing. Then SEO started to make an appearance, and those strategies changed. Then Marketing automation and personalization appeared. Again, those strategies changed.
Today, content has become an important part of the buyer’s journey. It does more than just provide reading material. It helps to shape a brand, build advocates, and create a community that rallies around the same beliefs and ideas.
Enter Magento PWA and the Magento 1 End of Life
With the Magento 1 End of Life fast approaching, merchants now have an opportunity. Moving to a progressive web application is a very real possibility, and comes with a lot of advantages over current, single application deployments. A few of those advantages include:
More front-end control
The ability to create improved user experiences
Reduced cost of development
Cross device communication and mobile-first design
Continued engagement through automated push notifications
Improved multi-team collaborative processes
With these advantages, it almost seems as though PWA is the obvious choice for moving forward. Increasingly, hosting providers are also ramping up support for PWA application stacks. This means faster deployments, quicker page load times, and optimized development environments.
The Content + Commerce Mix: Magento Alternatives
Magento isn’t the only player in PWA. Also known as headless and decoupled, Drupal and WordPress have both been making strides into the space. Commerce platforms have also made a play, providing headless architecture as a way to satisfy the growing content demands of merchants.
There are headless and decoupled alternatives for several content platforms – most notably WordPress and Drupal.
One company doing this very well is BigCommerce. Their BigCommerce for WordPress (BC4WP) implementation has come a long way to offering merchants a reliable and scalable headless option. Moreover, with WordPress a well-known and well-used application, merchants are easily able to adapt their internal teams to the content management process.
The Possibilities of a Post-Magento 1 World
Now is the time to get your store ready for the next stage of its lifecycle. Now is the time to explore the possibilities open to you as a merchant for both improving the buyer’s journey on your site, and managing the complex range of development and content curation processes that already exist within your organization.
Interested in learning more about your options after Magento 1? Learn everything you need to know about the Magento 1 End of Life. Thinking of just moving to Magento 2? See how the two platforms compare and judge whether replatforming is right for your business. Alternatively, download our guide to After M1, offering a list of viable alternatives and why you should choose them.
The post Content + Commerce: A Magento 1 End of Life Discussion appeared first on Nexcess Blog.
You may have heard of BigCommerce the SaaS platform. An ecommerce platform that has gained popularity in recent years. But forget about the SaaS platform for a second, because what we’re talking about here is BigCommerce for WordPress (BC4WP): a headless ecommerce solution that lets merchants get started quickly by uploading products, setting prices, and finding the perfect BigCommerce for WordPress theme.
BigCommerce for WordPress works with any modern WordPress theme. This is because it was engineered in accordance with WordPress development guidelines. As a result, it’s straightforward for WordPress developers to build custom themes or to use one of the thousands of pre-built premium and free themes available for WordPress. The trick is finding one that lets you visualize the right ecommerce components in the best way possible.
We’d like to highlight some of the more flexible and user-friendly WordPress themes compatible with BigCommerce. Each of these themes is an ideal choice for an online retailer getting started with BigCommerce and WordPress on our BigCommerce for WordPress hosting platform.
What Is BigCommerce for WordPress?
BigCommerce is a headless cloud ecommerce platform that provides inventory management, a shopping cart, a PCI-compliant shopping cart, and built-in analytics.
As a headless ecommerce platform, BigCommerce handles the heavy lifting of online retail but relies on a front-end application to provide the store’s interface. As a result, the BigCommerce for WordPress plugin transforms WordPress into a BigCommerce front-end.
BigCommerce for WordPress offers the best of both ecommerce and content worlds. But to make the most of that, you’ll need the right theme.
WordPress is known for its capable content management features. So the combination of both applications means that merchants are able to make the most of ecommerce and content functionality; creating both an incredible storefront and an incredible content marketing platform.
Do you want to know more about how to integrate BigCommerce with WordPress. Learn more about our BigCommerce for WordPress hosting solutions.
However, to truly make the most of these features, you’ll need a WordPress theme that’s compatible with BigCommerce and provides an attractive platform for content delivery.
How to Choose a Good BigCommerce Theme
Choosing the right BigCommerce theme for your WordPress frontend can mean browsing through thousands of different options to narrow down the right one. Luckily, we’ve assembled a list of the four best themes available.
Previously, we talked about WordPress themes and what makes any specific one better than another. Yet those themes were more aimed at content sites and didn’t provide a user experience optimized for product delivery.
When it comes to choosing the right theme for a BC4WP site, there are five main areas you should consider. That way, you’ll end up with a site that delivers results for both ecommerce and content.
The most important factor you’ll want to keep an eye on is navigation. More specifically, how easy it is to find the right product.
Firstly, take a look at the menu. Is it prominent on the site? Does it come with accessibility features? Would you like using it to navigate around a site?
Bad navigation instantly turns customers away; or forces them to leave after they can’t find what they’re looking for. Remember, ecommerce navigation isn’t just about the nav, it’s also about paying attention to ecommerce SEO and categories. Categories make finding and navigating a site easier.
Beyond that, search is also vital. 70% of people rely on ecommerce product search, and searchers are 200% more likely to make a purchase than a browser.
When choosing a theme, it’s important to pay attention to the placement and clarity of the search experience. We’ve seen themes that don’t make it clear and this can have hard-hitting effects on conversion rates.
Your next key focus should be loading time. More specifically, how long does it take for assets and code to allow a user to browse content on a site?
A 1-second delay in page load time can lead to a 7% decrease in sales. So even the slightest delay as a result of load time can mean fewer sales.
What this means is making sure that time to interactivity is as quick as possible. Some theme developers talk about time to first byte (TTFB). We question this and think it’s more important to look at time to interactivity (a measure of how long before a user can actually engage with a page).
There are a number of tools available to site owners for testing page speed. Tools like GTmetrix are a good start. You can even test site speed with tools built into your browser, like Lighthouse.
If you’ve tried everything and your site is still slow, then it’s worth reaching out to your hosting provider to see if there are any configuration problems.
In some cases, your site may be slow as a result of your hosting provider. If you’ve tried optimizing code, cutting down on plugins and trying these speed optimization trends, and your site is still slow, then it’s a good idea to contact your provider and their support team to see if there is a problem with your server.
If you’re not offering a mobile responsive website yet, then you’re doing it wrong. Not only because it means you’re probably offering a terrible user experience, but also because it means you’re SEO is suffering.
Remember, Google now indexes sites based on a mobile-first policy. According to Google, that began July 1st, 2019. This means that all sites now not only have to offer a mobile version, but also provides an excellent user experience for those using it.
This ripples out into several different areas of site development; from UX to code, and more.
BigCommerce for WordPress is a headless application, so there’s no reason you shouldn’t be offering a mobile-optimized frontend. Being headless, BC4WP means you have complete control over the front-end. So take a look at the competition and make sure your site design isn’t out of date.
Bad themes are an easy goldmine for hackers looking to exploit vulnerabilities. Whether it’s bad coding practices, something missed by accident, or just simple laziness, a theme with security vulnerabilities can mean the end of your online store.
Yes, theme vulnerabilities are not as frequent as plugin or core vulnerabilities. But they still make up a sizeable amount in terms of numbers. And all it takes is one exploited vulnerability for you to find your store quickly losing the business and trust of your customers.
Sticking to official and officially supported themes means you’re picking a theme that complies to WordPress coding standards and is a lot safer.
Try sticking to themes that are either available in the official WordPress theme bank, or that have official support from BigCommerce. Stay away from anything you have to download and install manually.
If you’ve already decided on a theme and want to know how secure it is, we recommend taking a look at the WPScan Vulnerability Database. Here, you’ll be able to see a list of vulnerabilities identified from not just themes, but also plugins, and core.
Code links into pretty much everything we’ve just said. Bad theme coding means problems with design, security, and the user experience.
For most non-technical merchants, you’re probably not able to check the code for yourself. So just like with themes, the best option is to take a look at the creator of the theme. If it’s a trusted source, chances are they have followed coding standards. Remember, any themes available through the WordPress theme bank have been checked to make sure they match up to the WordPress theme standards.
Four BigCommerce for WordPress Themes We Recommend
Divi, by Elegant Themes, is one of the most popular premium WordPress themes on the market. Divi is billed as a “website building platform” rather than simply a theme. The highlight feature is a powerful page builder that allows WordPress users to visually construct pages from the wide selection of elements that are built into the theme.
A true drag-and-drop solution, Divi incorporates over 40 different page elements, including sliders, galleries, and forms. Divi can be used to create any type of site, but it includes several features aimed at ecommerce retailers, including pricing tables.
WordPress users who buy a Divi license also gain access to over 100 layout packs, including ecommerce designs with page layouts, images, and graphics.
Make is a free theme that aims to make it simple to build an attractive WordPress site. It has fewer features than all-in-one plugins like Divi, but that’s deliberate, and it has made Make a favorite of WordPress users who have downloaded the theme more than a million times.
The free version of Make includes a page layout engine with several built-in layouts. Make integrates well with the Customizer, providing over a hundred settings that can be visually tweaked.
For users who need access to advanced features, the Make Plus premium tier includes additional ecommerce features and advanced layout options.
Shapely is an elegant one-page theme suitable for simple stores with a handful of products. Unlike the other themes we’ve looked at, Shapely is intended for store owners who want to choose a pixel-perfect design and stick with it. It doesn’t include a heavy page-builder, but there are plenty of Customizer options to bring the theme in-line with a store’s branding.
We have looked at just four of the thousands of WordPress themes that are compatible with BigCommerce for WordPress. To learn more about BigCommerce for WordPress, check out “Introduction to BigCommerce for WordPress, Important Concepts” by BigCommerce WordPress Evangelist Topher DeRosia.
The post The Best BigCommerce for WordPress Themes Out There Right Now appeared first on Nexcess Blog.
Modern web applications are large, complex, and resource-intensive. The methods of hosting these applications have changed drastically as as result. It is no longer ideal to simply host a modern web application on a Linux/Apache/MySQL/PHP (LAMP) stack, as doing so will severely limit the performance capabilities of modern web applications.
A web application stack is a collection of software that works together to provide modern, secure, and fast application delivery. These modern application stacks go beyond a typical LAMP stack and include additional components such as Nginx and Varnish. Extensive tuning keeps these components working together for the best end user experience.
Learn more about the Nexcess Application Stack.
This article covers the different applications and technology that make up our Nexcess Cloud web application stack, focusing specifically on application delivery.
Discover the Nexcess Stack
Nginx is a full-featured, high-performance web server that we use as a reverse proxy within our web application stack. Favored by many websites, Nginx has been a popular replacement for the Apache Web Server because it excels at serving static content.
Nginx makes serving static content a walk in the park, with improved object caching, TLS Termination, and HTTP/2 Support.
With this in mind, we use Nginx together with Apache web server in our application stack. The use of Nginx in front of Apache as a reverse proxy allows each to focus on their respective strengths.
This benefits low-traffic and high-traffic sites, as cached objects prevent the need to retrieve the object from the web server with every request. Many modern CMSs can have well over 100 static objects per page load, all of which can be served by the Nginx micro cache. This removes significant load from the dynamic content web server, noticeably so during peak web traffic times.
TLS terminators handle the decryption of HTTPS connections. Typically, the web server application handles TLS decryption, although this is often not ideal. Varnish and other caching proxies do not currently support HTTPS connections, and so require decryption of TLS connections before they reach your caching layer. Load-balanced solutions also require the TLS certificate to be installed on every application server when not using a TLS terminator.
A solution to these limitations is to let Nginx handle TLS decryption. While alternatives such as Pound and HAProxy exist, Nginx handles it natively and can also provide load balancing if necessary, removing the need for additional load balancer services.
Modern TLS Support
Transport Layer Security (TLS) is the successor to the older encryption protocol, Secure Sockets Layer (SSL). TLS provides the encryption for HTTPS connections, which is nearly a requirement for all modern websites.
Current security standards (most notably, PCI DSS) have flagged older SSL and even some early TLS as inadequate, and only modern TLS ciphers make it possible to meet these evolving standards.
Like SSL, TLS has several versions, the most recent being TLS 1.3. As a PCI-compliant hosting provider, we enable only secure ciphers according to the Mozilla Modern standards.
Nginx fully supports the latest HTTP/2 protocol. HTTP/2 is a revision of the original HTTP 1.1 protocol released in 1999. It focuses on improved performance, perceived end-user latency, and use of a multiplex connection between web servers and browsers. HTTP/2 is currently supported by all major browsers and is enabled by default in Nginx on Nexcess Cloud solutions.
Nginx also has plans to support the new QUIC – HTTP/3 protocol, which we will also support as soon as it becomes available.
Data compression is not a new idea. If site data can be quickly compressed on the server and uncompressed in the browser, this reduces the size of transferred data, thereby saving time.
Web servers and browsers have supported several compression algorithms such as gzip and deflate for years. While both of these have historically worked well for content delivery, a modern and more efficient option is available: Brotli.
Compression algorithms like gzip have been supported for years, but we support a more efficient option: Brotli.
Brotli is a data specification that uses a dictionary-based compression algorithm designed specifically for the transfer of text-based web application static files such as HTML and CSS. Due to its specialized role, it offers significant upgrades over other common web compression algorithms in both compression ratio and compression speed. All modern browsers and web servers now support Brotli including Nginx, which is enabled in our configuration.
Apache is an industry-standard open source web server that first saw the light of day in 1995. In 2012, the release of version 2.4 began the support of a significant feature set that continues to improve to this day.
One of Apache’s strengths is the ability to deliver dynamic content at high concurrencies through various application interfaces like the FastCGI Process Manager (FPM). We utilize PHP-FPM for all PHP-based applications on our cloud application stack. Beyond fast dynamic application support, Apache 2.4 has several other notable features, as described below.
The Event MPM
Apache 2.4 saw the release of the event multiprocessing module (MPM), which provided significant performance gains over previous prefork and worker MPMs of previous versions. The event MPM makes Apache much more efficient with memory usage and increases thread handling for incoming connections in a manner similar to Nginx. Nexcess Cloud plans use a carefully tuned event MPM configuration as part of our application stack.
Web Application Firewall
A web application firewall (WAF) is an essential security feature for any website. Their purpose is to provide an HTTP content filter for common vulnerabilities, including SQL injection, cross-site scripting, and request forgeries, among others. WAFs also provide protection for known application vulnerabilities and backdoors, protecting known remote shells and unpatched software from being exploited.
Our application stack uses ModSecurity, an open source WAF for application protection. Having ModSecurity in place with Apache provides additional protection to web applications, and helps meet security and compliance requirements such as PCI DSS.
Front end optimizations are smart for site development, but time constraints often lead to them being pushed to the wayside. That’s when Mod_Pagespeed becomes invaluable.
While front end optimizations are smart for site development, time constraints sometimes kick these to the wayside. In these cases, Mod_Pagespeed is invaluable.
While Mod_Pagespeed is available for both Nginx and Apache, we have enabled it with Apache web server. This allows it to optimize the code as part of Apache, when it then can be cached optimally in the Nginx micro cache.
As mentioned earlier, any web application can be configured under Nginx or Apache, but the latter’s support of .htaccess sometimes makes Apache a more suitable candidate. Some CMSs use .htaccess configurations not fully supported by Nginx. While there are pros and cons to using .htaccess files as a whole, it is generally preferable to make them available, rather than force our clients to modify their site to Nginx standards.
Varnish is a caching HTTP accelerator that provides high-performance static and dynamic content delivery. When enabled and properly configured, content requests normally handled by Apache and Nginx are now handled by Varnish, which directly delivers cached assets from memory to users’ browsers. Dynamic sites with complex back ends that require considerable PHP interpretation (such as Magento) can benefit greatly from the use of Varnish.
If you’re running a dynamic site that relies on PHP interpretation – Magento, WordPress, WooCommerce, and more – then Varnish can greatly improve load times for users.
One downside to Varnish is its complexity in implementation. Controlling which content is cached can be tricky, especially with dynamic content. Extra care must be taken when dealing with session-based eCommerce sites to keep shopping carts updating properly. Varnish handles these configurations using its Varnish Configuration Language (VCL). The VCL can be customized for websites, and some applications such as Magento 2 provide a base VCL file to get the application up and running.
Currently, Varnish only supports the HTTP protocol, not HTTPS. This requires the use of an SSL terminator in front of Varnish, which is handled by Nginx in our web application stack.
Get started with a Magento Cloud solution that gives you the speed your store needs.
PHP – Software Collections
Our web application stack utilizes RedHat’s Software Collections (SCL) for application language support. SCL allows multiple languages and versions such as PHP, Ruby, and Node.js immediately available for any given site. SCL also makes it easy to switch language versions. As an example, our clients may set their PHP version for any given account to any version between 5.6 and 7.3 from their Client Portal.
Opcache is a PHP-caching accelerator that increases performance by optimizing and storing precompiled script bytecode in shared memory. The integration of a properly tuned Opcache instance with PHP allows frequently used scripts to be read directly from memory, skipping the intensive compilation process. This has dramatically reduces load times for most applications.
Opcache is included with modern versions of PHP and the latest release of 7.3, and has replaced older PHP script-caching methods such as eAccelerator and APC. To fully realize the benefits of Opcache, we have spent considerable time tuning the Opcache default variables within our application stack. This is frequently overlooked but nonetheless critical, as neglecting to tune the default Opcache configuration to the size of the hosted application can negate any performance gains.
While not a local part of our application stack, nearly any website will benefit from using a content delivery network (CDN). A CDN caches frequently used static content on servers around the globe, thus giving users’ browsers a local option for retrieving site content and reducing latency. We offer a CDN solution with our cloud solutions and strongly recommend its use.
Tying It All Together
Modern web applications are mammoth and have considerable system requirements for best performance. While it is possible to host an application on a simple Apache or Nginx instance, it sacrifices performance for convenience. Apache, Nginx, and Varnish have complementary strengths, and using them together grants the best results for performance and scalability.
While our application stack is complex, it has been engineered with two decades of experience using these systems, and was tested and tuned for a variety of applications. It is also constantly evolving. As new technology and features becomes available for respective components of our application stack, we test these new elements before rolling them out.
The first of these considerations are the various headers used across the different services, each of which must be carefully managed. Nginx, Apace, and Varnish each provide default and custom headers for content control, cache control, and debugging information. Headers from external CDN or accelerator services can complicate this even further. Configuring headers properly ensures proper placement of caching and streamlines the flow of data through the stack.
Logging also presents a challenge, both for debugging and compliance requirements. Each service in the stack generates a log, all of which must be stored in a secure remote location to facilitate tracking of each request and response through these various components.
Threading, connection limits, and resource utilization must also be taken into account. Any component in this application stack can be a bottleneck if not properly tuned.. Many of these configurations are outlined in our paper, The Definitive Guide to Magento 2 Optimization.
The post A Modern Web Application Stack From Nexcess appeared first on Nexcess Blog.
Unlike a PCI assessment, which merchants can perform themselves, a PCI audit can only be performed by a qualified security assessor (QSA). If you’re facing an audit, then you’re likely a large store doing so voluntarily, or a smaller merchant ordered to undergo one because of a recent data breach in your store. These audits are mandated by major credit card companies, and failure to comply can have dire consequences for your business.
Read on to learn what to expect from such an audit and how to prepare for it.
Top Reasons to Become PCI DSS Compliant
PCI DSS refers to Payment Card Industry Data Security Standards, and it is required for any store that accepts credit cards as payment. This applies both to stores that process credit cards, and stores that limit themselves to transmitting card data to third party payment gateways like PayPal and others.
The case for “why PCI compliance” is two-fold:
The five major credit card companies on the PCI Council (Visa, MasterCard, American Express, Discover, JCB) say it is.
PCI-compliant merchants are more effective at protecting their customers’ data than merchants that are non-compliant.
Or, as a third argument for the merchants unmoved by the first two: PCI DSS helps prevent breaches, and breaches cause downtime and lost revenue.
Learn more about How Nexcess Helps Your Store Stay PCI Compliant.
For a more detailed breakdown of PCI compliance, see How Nexcess Helps Your Store Stay PCI Compliant.
PCI DSS Risks
Only 29 percent of companies remain compliant a year after their initial validation because they pass once, then drift into complacency.
Annual assessments are a required component of PCI compliance for every merchant, regardless of level. For smaller merchants, audits are usually the consequence of a data breach and a mandate from a major credit card company or bank.
It may be tempting to wonder about the consequences for non-compliance, or to just pay it lip service. Some might resent what they perceive as the credit card’s stranglehold on ecommerce. Others might just “have better things to do with my time, like run my business.”
What’s the worst that could happen?
43% of customers stop doing business with merchants after being victims of fraud, and 60% of breached small businesses close within 6 months.
The short answer is non-compliant merchants can be breached, audited, fined, and suffer damage to their brand reputation. The longer answer is although PCI compliance is required, it’s the beginning of security, not the end. Consider it as the “minimum acceptable standard” for securing your customers’ data.
How Much Does a PCI Audit Cost?
On average, a typical PCI audit for a smaller merchant costs about $15,000. This adds to other factors influencing PCI DSS certification cost, which usually relate to infrastructure and paying qualified personnel to apply and maintain best practices of data security. While this is not insignificant, the cost of ignoring compliance is far greater.
Beyond ethical concerns, failure to comply can result in:
Fines by credit card companies ranging between $5000—$100,000
Security breaches, which often involve downtime to resolve
Legal action by endangered customers and third parties
Damaged reputation and loss of consumer trust
Loss of revenue
How Does a PCI DSS Audit Work?
If you’re facing an upcoming audit, then you’re likely either a level 1 merchant with more than 6 million credit card transactions per year, or a merchant from lower PCI compliance levels (2–4) that suffered a recent data breach.
Credit card companies and banks stand to lose money from these breaches. If your store has been breached, they may view your store as a potential liability and forbid the use of their credit card in your store unless you can demonstrate PCI compliance by passing the audit. The central goal of the audit is to find non-compliance, provide guidance on how to fix it, and verify you’ve addressed any and all issues.
The first step is finding a Qualified Security Assessor (QSA) to perform the audit. Only QSAs are licensed to perform the audits, as these organizations are certified by the PCI council to understand their data security standards.
The simplest way to find a QSA is by choosing one from the list on the PCI website. As with any service, it is usually wise to talk to a few, as not all are created equal. Never hire a company claiming to be a QSA if not present on the PCI list; these companies are either outsourcing your request, or planning to sell you other services.
Once onsite, the auditor will assess multiple areas of your business. As you might expect, this includes your cardholder data environment (CDE), defined as any device, component, network, or application that stores, processes, or transmits cardholder data. It also includes your policies and procedures surrounding your use of these systems.
PCI Audit Requirements
Transparency and cooperation
Completed PCI audit checklist
Understanding of current PCI DSS
Your printed copy of your Report on Compliance (ROC) from the previous year
Evidence of quarterly scanning and penetration testing
Evidence of regular event log checks
Documentation on how you handle third party vulnerabilities
Remember: the role of the auditor is to prevent the compromise of cardholder data, not to punish your company. As long as you’re cooperative and vested, the auditor will explain where you need to improve and help you do it. To execute these changes efficiently, consider appointing a compliance leader within your organization. This individual takes responsibility for compliance efforts, but also should have the authority to compel change across your team.
9 Common PCI Mistakes Revealed by PCI Audits
If you care enough about PCI compliance to read this article, then you’re on the right track. Following are nine common mistakes for merchants undergoing audit, though your experience may vary according to your business needs and PCI compliance level.
Hiring a PCI compliant hosting provider like Nexcess will go a long way toward preventing these mistakes, but it’s not a magic bullet. Merchants must do their part as well, but most hosting providers can assist you in this task.
Reminder: CDE, or cardholder data environment, refers to any device, component, network, or application that stores, processes, or transmits cardholder data.
Unnecessary storage of credit card data
As a general rule, you should take every reasonable step to avoid storing credit card data, and never store CVV numbers for any reason. Many merchants choose to store data to accelerate their customers’ checkout process without fully understanding the implications for compliance. Don’t be one of them.
Failure to separate the CDE network from rest the organization’s IT infrastructure
The key phrase to remember in PCI-compliance and access to cardholder data is “as-needed.” Make it your mantra. This applies more so to sub-networks within your organization. When applied to your network, it is known as “network segmentation,” though it usually applies to sub-networks within your organization. Sub-networks used for internal office communications should have no access—direct or indirect—to the sub-networks with access to the CDE.
Failure to restrict access to the CDE to only those employees that need it
Once again, only employees needing access should have it. This refers both to physical access to areas housing devices within the CDE, but also permissions and passwords.
Insufficient training and security awareness
This extends to your team as well as yourself. If you employ a team, consider appointing someone as a Compliance Officer to take responsibility for training efforts, and give them enough authority to get the job done.
Weak password security policy
Passwords to any system within the CDE should be unique, complex, and never shared between employees. Password managers like LastPass, Zoho, 1Password, and many others are invaluable for safely generating and storing complex passwords. If your team isn’t using one, then it’s a red flag for your security practices. Two-factor authentication for any CDE system is likewise essential, whether Google Authenticator, Duo, or something similar.
Missing web application firewall (WAF)
A web application firewall (WAF) identifies and interrupts malicious activity and exploits. Most merchants don’t use one in their infrastructure. You can pass a PCI assessment without, but it requires a code audit any time you make changes to your application (Magento, WordPress, and so on). Most hosting providers can provide a WAF solution, or you can use a cloud-based one, which will increase security and simplify PCI compliance.
Inadequate network activity logs
A network log is a record of events, and is crucial for identifying and tracking the efforts of bad actors attempting to gain access. Again, if you’re a level 1 merchant that processes millions of credit card transactions per year, you’re an inviting target and likely have a network administrator in place. If you’re not a Level 1 merchant and you’re facing audit, then it means you were recently breached
Missing or poorly configured firewalls and routers
The security of a network firewall (not to be confused with web application firewall) or router is only as good as the person configuring it. Know your stuff or employ someone that does.
Unclear or outdated security incident response procedures
Whether you use Magento, WooCommerce, or any other platform, you or your system administrator should take great pains to stay current on the latest vulnerabilities. Have a plan to respond to exploits when—not if, but when—they occur.
Don’t Wait for Your Audit to Get Started
As a final point, never forget that PCI compliance is an ongoing effort. Annual audits are only one component of compliance, but a proactive approach with upcoming changes to your CDE will often pay dividends. Engage your QSA about these changes well before they happen, as they can provide sage advice about maintaining compliance.
For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.
The post What Is a PCI DSS Audit? appeared first on Nexcess Blog.
Search is an essential feature of an ecommerce store. And for any store with more than a handful of products, it’s one of a handful of ways that customers can narrow product selection to a manageable number. So finding the right search engine for your store is vital. For Magento merchants and developers, that search engine is Elasticsearch.
Despite the advantages of Elasticsearch, many Magento merchants still run their stores on obsolete and outdated search software. In fact, 42% of companies don’t try to optimize search as all.
Originally developed in 2010, Elasticsearch has grown to become one of the biggest players in search offerings. It has largely replaced rivals SOLR and Sphinx. For Magento sites, it’s now become the default search option, replacing MySQL which has been deprecated.
Improve your Magento search with the Nexcess Elasticsearch Container.
How Elasticsearch Works for Ecommerce
Magento includes built-in search functionality that previously, by default, used a MySQL database. MySQL and its variants are powerful, but they aren’t the ideal back-end for a search engine. We use search engines every day and we are accustomed to a sophisticated search interface that can turn our vague and often badly spelled queries into useful results.
MySQL isn’t well-optimized for that use case, which is why Magento previously would – on occasion – return less-than-useful search results.
ElasticSearch, on the other hand, is highly optimized for fast and accurate search. As a Java-based document store – what used to be called a NoSQL database – it’s engineered to store huge numbers of JSON documents and retrieve them according to criteria supplied by the user.
Imagine wanting to find a specific set of headphones which have something to do with Master Class about them, but it’s not their name. You type it in and you’re given a large selection of products you really aren’t interested in.
Customers frustrated with their Magento search experiences?
Don’t worry, Elasticsearch is here! ES allows for a merchant to specify different criteria the user may be searching for – beyond just the name. This may include the description, the manufacturer, the release date, and more.
In short, it makes an ideal search engine back-end for ecommerce stores and many other types of website. It also makes the ecommerce search experience just that much better.
And when combined with Magento, ElasticSearch’s built-in functionality augments ecommerce search with a host of useful improvements.
Extremely Fast Search
ElasticSearch is much faster than Magento’s default search, especially when searching through large product catalogs. It can run searches over millions of products without breaking a sweat, and it’s a rare ecommerce store that approaches that number of products.
The speed at which ElasticSearch returns results can be used for features such as continuously updating results: as the user types their query, the search results update immediately because ElasticSearch searches faster than users can type.
More Accurate Results
Shoppers don’t want to have to carefully craft search queries. They want to enter a vaguely appropriate query and have the search engine to figure out what they mean. ElasticSearch is packed with features that help match queries to relevant results, even when the queries aren’t especially well-formed.
Among the features is fuzzy searching, which matches products similar to the query but not exactly the same with a technique called the Damerau-Levenshtein distance formula. Fuzzy searching helps stores to surface and rank the right products from their catalog even when the shopper mistypes or searches for a related product that isn’t in the catalog.
Easy to Use
Given the complexity of what ElasticSearch does, you might expect that it would be difficult to use. In fact, it couldn’t be easier. Once you hook ElasticSearch up to Magento, search is immediately improved without any complicated configuration. ElasticSearch ships with sensible indexing defaults and can begin returning better results in no time at all.
The average user spends just 8 seconds looking at a search results page. That’s 8 seconds to provide them with the right answers – in this case, products. Miss that time frame and you’re at risk of them looking somewhere else. After all, would you stay in a store if the attendant kept trying to sell you something you didn’t want?
It’s for this reason that product search is so vital. And with that browsing time only decreasing, the benefits of Elasticsearch give merchants less to worry about.
Elasticsearch improves Magento UX by combining all of the features mentioned above. Faster speed means customers are able to find products faster. More accurate results mean they’re able to find the right products. And ease of use means merchants are able to enable it without too much extra work.
Get Started with Elasticsearch for Magento the Easy Way
With Nexcess ElasticSearch cloud hosting, Magento retailers can deploy a scalable and secure ElasticSearch instance in minutes.
We’re happy to help Magento hosting customers to integrate their ElasticSearch instance with Magento. Get in touch today to learn more about Magento and ElasticSearch.
The post ElasticSearch Makes Magento Search Faster and More Accurate appeared first on Nexcess Blog.
Google, Firefox, and Apple certainly think so. Extended Validation (EV) SSLs are effectively being put out to pasture. Upcoming changes to Chrome and Firefox will soon remove the EV badge from their browsers, citing concerns with its diminished reputation for protecting consumers.
Standard vs. EV SSL certificates
If you’re already familiar with SSL certificates and the difference between Standard and Extended Validation (EV) varieties, skip ahead to the Why Are Browsers Burying EV SSL Certificates? section.
See our knowledge base for more information about how SSL certificates work and the different available types.
SSL certificates are digital certificates that authenticate the identity of a website and allow for secure transmission of credit card data, login credentials, and other sensitive information. Though many types are available, standard SSL certificates provide the padlock icon in most browsers, help make your site PCI-compliant, and are a good choice for most merchants.
In most browsers, sites without SSL certification receive the “Not Secure” label, and anyone clicking on it will read a dire warning.
Furthermore, most browsers also will warn the user before entering any credit card information. Even if they don’t notice the lock, it’s almost impossible to miss the alert upon checkout. This tends to have a chilling effect on most users’ buying experience.
Need an SSL certificate, or have questions about which one is right for you? We can help!
EV SSL certificates attempt to enhance this authentication with a more rigorous (and expensive) validation process. The end result is the addition of the merchant’s established legal identity just to the left of the web address.
In theory, this provides an additional visual cue for consumers, which makes them feel safer and more likely to spend their money on the site. In practice, most consumers don’t notice the absence of a site’s “legal identity,” meaning the EV SSL certificate provide little value to anyone other than the organization selling it.
Why Are Browsers Burying EV SSL Certificates?
In cyber security circles, criticism of EV SSL is not new. The stated goals for EV SSL are 1) to make it harder for phishing scams to fake their online identity, and 2) make consumers feel more safe. Their argument is that EV SSLs are only marginally effective at #1, and utterly ineffective at #2.
The core failing in the “legal identity” tactic against phishing scams is the relative fluidity of those legal identities. The phrase itself is a misnomer, one that falsely invokes images of face-to-face authentication and triple-checked claims. As demonstrated by one industry professional, the methods of identity verification vary by state, with many ranging between “woefully inadequate” and “cursory.” A determined bad actor would have little trouble registering “Identity Verified” or some other devious “legal identity” to dupe unsuspecting consumers into feeling secure.
However, such efforts would likely be wasted, because the same experts claim most users simply fail to notice the presence or absence of the legal identity. Apple has alread removed the visual cue from Safari and Mojave for this very reason. Recently, Chrome and Firefox announced their intent to follow suit, with the former stating:
Users do not appear to make choices (such as not entering password or credit card information) when the UI is altered or removed, as would be necessary for EV UI to provide meaningful protection.
For Chrome, this takes effect on September 10. The change comes to Firefox on October 22. The legal identifier will still be available, but buried in the interface and only accessible to the determined clicks of a knowledgeable user.
Despite the exaggerated claims of organizations eager to sell EV certificates, most users are content to see the padlock and not see any warnings at checkout, both of which are provided by other, less expensive SSL certificates.
If you have questions about which SSL certificate is right for you, contact our sales team for assistance.
The post Is the End Near for EV SSL Certificates? appeared first on Nexcess Blog.
In this post we’re going to go through installing the BigCommerce for WordPress plugin, starting with a mostly empty WordPress install. But before we begin, I want to briefly note that if you’re new to Nexcess and/or want to add a BigCommerce for WordPress retail plan to your existing Nexcess hosting account, you can do so by visiting this page, selecting a plan and auto-installing BigCommerce for WordPress in one click. For those who need an enterprise-level solution, you’ll follow the steps outlined in this blog to manually install.
The BigCommerce for WordPress plugin is available on WordPress.org, like most plugins. This makes it easy to install, right from within the WordPress admin interface.
Start by logging into WordPress and in the left admin menu, choose Plugins ➞ Add New.
Then in the top right search area search for BigCommerce. When the results appear, click on Install Now on the BigCommerce plugin.
Once it’s installed you’ll need to activate it.
As soon as the plugin is activated it will take you to an Onboarding Wizard to help you configure it properly. Your first step will be to either connect your WordPress site to an existing BigCommerce store or create a new BigCommerce store from right within WordPress.
For this post we’ll choose Create New Account.
The form is longer than what you see in the screenshot, but it asks for normal contact information like address, city, state, zip, phone, etc.
When creating a new account like this it’s creating a free 15-day trial. If you decide you don’t like it, you can simply let it expire. If you decide you’d like to sign up for BigCommerce you may do that in your Account page in the BigCommerce admin area.
Once you’ve created an account you’ll need to make a Channel. Channels in BigCommerce allow you to specify what products appear in what storefront. For example, Amazon can be a channel, and you can say “These products appear in Amazon”.
With WordPress, each WordPress instance in a channel, so you can show certain products on one WordPress site, and other products on another WordPress site.
Of course if you wish you may show all products on your WordPress site, but this Channel we’re making is the method by which that happens.
As shown in the screenshot above you may choose to have all products immediately imported or have none so that you may go back later and specifically choose which products get imported.
The next option is to choose a Full Featured Store or set up a Blogging store. If you choose Simple Blogging then it will skip helping you set up a Navigation Menu and disable the Cart and the Embedded Checkout. So customers will click to Buy a product and it will send them to the BigCommerce store. If you choose this and change your mind it’s easy to switch back later.
For this post we’re going to choose Full Featured Store.
Once you’ve chosen Full Featured Store, the next step is to optionally set up a WordPress Navigation Menu. Checkboxes are provided for all of the pages that BigCommerce creates during this install, including Product Listing Pages, Brand Pages, Category Pages, Shopping Cart, Checkout, etc. You can also choose a Menu Location, exactly like in the default WordPress menu builder.
After you complete the Navigation configuration you’re essentially done with setting up WordPress. If you wish you can go into BigCommerce ➞ Settings and make some changes, but that’s not required.
The final page of the Setup Wizard offers some links to finish setting up your store, and these must be done before your store will function properly. These things include setting up your payment gateway, taxes, and shipping.
Once these last admin things have been set up you’re ready to sell!
Learn more about the BC4WP plugin with Nexcess here.
The post Installing BigCommerce for WordPress, Step by Step appeared first on Nexcess Blog.
Every year, on the fourth Friday of November, shopping chaos unfolds.
Stores cut their prices, customers flock to their nearest outlets, and deals are had by everyone.
But not anymore. Thanks to ecommerce, customers no longer have to leave the comfort of their home to take part in Black Friday. Keeping an eye on advertisements and pre-event newsletters, customers can easily turn on their laptop, click add to cart, and checkout as soon as the clock strikes twelve.
For customers, this is great. For merchants, it means competition has only gotten more fierce (if you thought that possible). It’s no longer just about having the best deals; it’s about having the best visibility.
Get started this Black Friday with an optimized Magento Platform.
Why Black Friday Matters
Black Friday is the busiest shopping day of the year, with American shoppers spending a record $5 billion in 2017. In 2018, this number then grew by 19%, with over 14.8 million online transactions recorded. With so much money up for grabs, Black Friday can be one of the most profitable days of the year for some businesses. In some cases, it even defines a stores annual profit.
In the jewelry industry, for example, Black Friday can account for 40% of a business’s annual revenue. With such a large percentage from only a single day, these merchants are often forced to ensure their Black Friday campaigns do better year-over-year. The alternative is something many can’t think about.
Hopefully, your sales are not so dependent on Black Friday. However, there’s still a lot of money available to those savvy enough to take advantage of the digital opportunities available to merchants.
But with more demand and more customers, the chance of something going wrong only increases. If you want to be successful this Black Friday, you can’t treat it like any other sales day, or even any other sales event.
Black Friday Ecommerce Statistics
According to NRF, shoppers who took part both online and in-store were up 40% from 2017, with multi-channel shoppers outspending single-channel shoppers by $93. This year, ecommerce merchants can expect to see another huge increase in online shoppers, following on from 2018’s substantial growth.
With Black Friday now online, shoppers no longer have to venture outside to chaotic shopping centers and can instead make their purchases from the comfort of their sofa.
This is despite in-store shoppers declining by roughly 1%, and 44% of consumers saying they would shop online in 2017 vs just 42% in 2018.
Industry Ecommerce Benchmarks for Black Friday
Prior to the 2018 Black Friday event, Blackfriday.com questioned their users on what they planned to look for in the sales.
Clothing took top spot, with 23% of consumers aiming to score a good deal on fashion items. This was quickly followed by tech, with 22% of consumers looking for their next gadget.
Towards the bottom of the pile was travel. With it being less of an impulse buy, just 9% of consumers aimed to find some travel deals for the coming year.
If you’re a clothes or tech merchants, Black Friday and Cyber Monday are going to be the days you want to get ready for.
Getting Your Site Ready for Black Friday
Getting ready for Black Friday means getting ready for more than just the products you’re going to sell. Expect to see:
An increase in traffic
An increase in server strain
An increase in the potential for things to go wrong
We’ve seen it all too many times. Merchants who wait until the last second to address these potential pitfalls, and as a result: they fall.
Getting yourself ready for Black Friday doesn’t have to be complicated, and it doesn’t have to be a lengthy process. But it will mean that you’re able to maximize ROI from the event, and secure your place among the Black Friday customer go-tos for years to come.
Get Started Early
The earlier you start targeting Black Friday shoppers, the better results you’re going to have. Getting started early means ramping up everything from prep work to marketing strategy.
Some merchants start their Black Friday marketing efforts as early as October, with others beginning to ramp up marketing in early September.
When considering how early you will begin your marketing strategy, take a step back and analyze these factors.
Budget: How much do you have to spend on Black Friday marketing? Where should that budget be spent? Will you increase adwords spend, ramp up email products, or instead focus on more traditional print-media?
Resources: November is a resource-intensive time. Christmas is just around the corner, and depending on where you’re located, Singles Day is just a few short weeks ahead of Black Friday. Calculating ROI on resource spend is going to make a huge difference. You don’t want to run out of money before Black Friday has even started.
Potential: While it would be great if we all had unlimited products and opportunities, that’s more often not the case. Perhaps you’re limited in terms of stock or fulfillment processes. The less potential for your Black Friday campaign, the less time should be dedicated to it.
Once you’ve drawn a clear picture of these areas, it’s a good idea to outline the different channels and audiences your aiming to target and assign any associated dates.
Getting Your Ecommerce Site (and hosting) Ready for Black Friday
If you’re running a Black Friday sale, that means you can all but guarantee an influx of traffic. That means more opportunities for something to go wrong. Don’t let it be your hosting platform.
As the foundation of your site, hosting problems can mean slow user experiences, broken page elements, and, in the most extreme cases, site-wide outages. Luckily, there are specific steps you can take to ensure a smooth Black Friday experience for your customers and keep those conversions rolling in.
What’s Your Limit?
How much can your hosting actually take?
Every hosting package you purchase will have its limits. If your site is seeing more visitors than those limits can handle, then your site won’t crash. Instead, it will slow to a crawl, queuing page load requests until it eventually becomes long enough for the dreaded timeout.
If you’re already seeing traffic hover around your limit, it’s definitely worth upgrading your hosting to the next level. If you’re running on the Nexcess Cloud, you can also enable auto scaling in your Client Portal. Just a flick of a button and you’ll be set for any unexpected (or expected) traffic spikes.
Prepare for International Sales
International sales can add a whole new level of complexity to a store. For the merchant, alternate payment options, different order fulfillment choices, and tweaks to content are only the start. On top of those, delivering digital assets to countries halfway around the world presents its own problem.
Yes, digital transfer speeds are fast, but running your website through cables located under the Atlantic is going to lead to some lag, especially if demand is high (like on Black Friday). How can you solve this?
For most stores looking to serve international customers, purchasing a CDN add-on for their store will allow static assets such as images to be held in server locations around the world. This way, regardless of where your customers are coming from, they’re going to be able to access high-bandwidth assets from a local location. That means faster load times and more conversions.
Check in with Our Support Techs… Why Not?
Our philosophy is that it’s always worth exploring every avenue available to you, to see if there’s something you’ve been missing. That’s why we recommend all of our clients expecting an influx of traffic during Black Friday to check in and see if there’s anything we can do to help.
There may not be. Perhaps you’ve already prepared your store for any eventuality. But what if you’ve missed something and it ends up coming back to haunt you? We’ll often reach out to clients we expect to encounter a problem, so keep an eye on your inbox. Or, start the conversation yourself.
At the very least, it’s worth letting the team here know that you’re planning to run a sale over those dates, that way our team can take extra steps to keep an eye on your hosting platform and how it’s performing.
Black Friday Ecommerce Strategy
Start Marketing Early
Any good Black Friday ecommerce strategy means ramping up interest before Black Friday actually begins. After all, some customers spend weeks looking for deals they’re going to jump on during the sales.
Getting started early means promoting your company’s email newsletter through organic and paid channels. This will give you a lot of leads to follow up with once your really start marketing your discounts.
The earlier you start marketing your Black Friday discounts, the more customers are going to come knocking on the big day.
Start promotions with enticing statements about how your sales event is unique. Statements like “Over 80% off this Black Friday, sign up to stay ahead of the curve” work well to draw in subscriptions, especially when they’re paired with tantalizing artwork.
Get Creating Niche Gift Guides
You’ve got awesome products so why not let them market themselves? Your Black Friday marketing strategy doesn’t have to only be about target Black Friday shoppers. There’s a whole internet of customers you have access to.
This means creating marketing material that will draw in those interested in your niche, but not Black Friday.
Gift guides are a great way to target long tail ecommerce SEO keywords. They not only target Black Friday Shoppers, but everyone looking for your products.
One of the best ways to do this is by creating a gift guide that suits your target audience. If you sell shoes, how about creating the ultimate gift guide to Men’s Fashion in 2019? If you sell hats, do the same thing. If you have a larger product range, make your gift guide broader. The possibilities are limitless.
Prepare Upsells and Cross-sells
With the average person spending $289.19 during Black Friday in 2018, it’s the perfect opportunity to push upsells and cross-sells. This may be grouping items for an improved discount, or providing recommendations for related products during checkout.
Just remember, a good upsell and cross-sell strategy revolves around providing your buyer value. Don’t just indiscriminately group items together, think of how grouping multiple items provides buyers with a benefit.
For example, if you’re selling shoes, shoe care products are a great upsell. They can potentially increase the longevity of a product, fitting perfectly within the buyer narrative of saving money.
If you’re selling a specific type of gift, think about other products that complement it. The more you think about and push the narrative of buyer benefit, the more you’re going to be successful here.
Prepare Your Email Strategy
Did you know that 25% of Black Friday sales start with an email? At least, that’s what Custora says.
That means you should be jumping on the email bandwagon if you want to maximize ROI. But how?
Great email campaigns start with two things: timing and subject lines.
If you haven’t already, begin testing what times are best for sending emails to your customers. Which days of the week work best and when are they going to check their inbox?
If you spend 1 hour creating the perfect email, spend 2 crafting the subject line.
Then work on your subject lines. These sentences should be the core of your content. If you spend 1 hour creating the perfect email content, spend 2 crafting the subject line. The subject line will encourage opens, click-throughs, and sales.
Learn how to tailor your emails to the customers with our guide to email personalization.
Go Beyond Black Friday
There are four days of shopping to be had around Black Friday: not just Black Friday itself. Make sure to target each of these days individually.
Then, think about how your Black Friday marketing strategy can continue to bring sales in even after the sales event is over. Use it as an opportunity to increase reach, and audience knowledge of your brand.
Don’t Shrug Off Black Friday in 2019
We’ve seen it all too often: merchants not preparing their stores for Black Friday and then suffering from site slowdowns and outages. Don’t let that be you.
Talking to a sales rep to ensure you’re ready is one of the most crucial steps merchants can make in the run up to November 29th this year.
Interested in learning more about how Nexcess solutions can benefit you? See some more benefits we’re offering merchants this year and get 75% off of new services or upgrades with code HolidayPrep19.
The post The 2019 Black Friday Ecommerce Prep Guide appeared first on Nexcess Blog.
Four years ago, we expanded our European hosting services to include Amsterdam, arguably one of best-connected cities in the world. Now, we’re bringing the scalability and versatility of Nexcess Cloud to our Amsterdam data center!
Why Amsterdam Matters for Ecommerce
Amsterdam hosts about one-third of Europe’s data center capacity, and for good reason. In North Holland (Netherlands) and near the Amsterdam Internet Exchange (AMS-IX), the combination of geography and technology provides reliable low-latency connections to France, Germany, Scandinavia, and much of eastern Europe.
The city continues to stand as a center of information technology and ecommerce entrepreneurship, with proven network infrastructure and expansive connectivity to key EU markets. Amsterdam’s history as an international trade hub played will see further exposure this October, when the city hosts MagentoLive Europe, a gathering of 2,000 merchants and developers from around the world.
A Closer Look at the Amsterdam Facility
As a PCI-compliant hosting provider, we apply the same high standards of reliability and security that we apply to all of our data centers. The Amsterdam facility occupies a state-of-the-art data center only minutes away from AMS-IX and uses redundant Tier 1 carriers for dependable connectivity and speed.
Sixteen generators and 2N redundancy keep the data center ready for nearly every power-loss scenario. As for security, the facility upholds triple-authentication access with biometric readers, as well as 24-hour manned security stations, intrusion detection, and camera surveillance.
With the launch of Amsterdam Cloud Services, our clients can expect the same security and performance already present in all of our global data centers. We built this platform to make it easier than ever for your service to grow with your business.All Nexcess Cloud services include:
24-hour support and monitoring
PCI-compliant cloud hosting
optimized application hosting for Magento, WooCommerce, WordPress, Drupal, and others.
If you’re a Nexcess Cloud client, you may also add:
Auto Scaling: Ensure your site stays online during foreseen and unforeseen traffic spikes. Be billed only for what you use, when you use it.
Cloud Accelerator: Boost your site’s delivery of static content (.jpg, .gif, .png, .bmp, .js, .css, among many others) to deliver a near-instant experience to your site visitors.
Instant Dev Sites: Create dev and staging environments at the touch of a button. Test changes without fear and maintain user security with auto-scrubbing of personally identifiable information (PII).
Questions? Our sales team has answers! Contact them at firstname.lastname@example.org between 9 a.m.– 5 p.m. eastern, Monday to Friday.
The post Nexcess Amsterdam Data Center Launches Cloud Servers appeared first on Nexcess Blog.
Having a PCI-compliant store requires the sustained efforts of both yourself and your hosting provider. Although there are no shortcuts, choosing a credible web hosting provider is an effective place to start. Even so, most PCI requirements can only be met by you, the merchant. Read on to learn more about the dividing line between host and merchant, and why it can be worthwhile to go beyond PCI for your customers.
Are you looking for PCI Compliant hosting? Visit our PCI Compliance page to learn more.
What Is PCI?
In ecommerce, PCI is shorthand for Payment Card Industry Data Security Standards (PCI DSS). Created in 2004, PCI DSS aim to help protect consumers and prevent credit card fraud. It is required for any organization that receives, processes, or stores credit card data of any of the five members of the PCI Security Council: VISA, MasterCard, American Express, Discover, and JCB.
The list of requirements is extensive, to put it mildly. The requirements span six categories, and each category is divided into several hundred specific requirements. Some fall exclusively under the domain of either merchants or hosting providers, while some extend to both. PCI compliance is also not a one-time requirement, as the Security Council makes periodic adjustments to address new threats to consumers.
Compliance is not a “one-and-done” event. It requires daily, weekly, monthly, and annual tasks to maintain compliance. There are 12 general requirements divided among six categories. For illustrative purposes, we’ve listed these same categories, but also included more specific requirements from within PCI DSS.
6 Key Categories for PCI Compliance
Build and maintain a secure network. Install and maintain a firewall. Use unique, high-security passwords with special care to replace default passwords.
Protect cardholder data. Whenever possible, do not store cardholder data. If there is a business need to store cardholder data, then you must protect this data. Encrypt any data passed across public networks, including data passed between your shopping cart, your Web-hosting provider, and your customers.
Maintain a vulnerability management program. Use antivirus software and keep it up to date. Develop and maintain secure operating systems and payment applications. Ensure your antivirus software applications are compliant with your chosen card companies.
Implement strong access control measures. Access to cardholder data, both electronic and physical, should be on a need-to-know basis. Ensure those people with electronic access have a unique ID and password. Do not allow people to share login credentials. Educate yourself and your employees on data security, and specifically the PCI Data Security Standard (DSS).
Regularly monitor and test networks. Track and monitor all access to networks and cardholder data. Maintain a regular testing schedule for security systems and processes, including: firewalls, patches, web servers, email servers, and antivirus.
Maintain an information security policy. Establish a clear and thorough organizational data security policy. Disseminate and update this policy regularly.
PCI non-compliance can result in fines ranging between $5000—$100,000 per month, depending on the size of the offending organization, its severity, and other factors. Non-compliance can also result in legal action, security breaches, and lost revenue.
PCI Requirements for Hosting Providers
It is virtually impossible for the typical merchant to be PCI compliant without enlisting the services of a compliant hosting provider. Merchants that host their own websites must meet hosting provider requirements in addition to meeting those for merchants. Such a model works for massive enterprises like Amazon and WalMart, but few others.
Following are some of the highlights of our systems and policies that uphold our status as a PCI-compliant hosting provider. The term “cardholder data environment” refers to any system that stores, processes, or transmits credit card data as well as any system that has access to cardholder data environment itself.
We maintain a web application firewall (WAF), which monitors all connections between the cardholder data environment and other networks. ModSec prohibits public access to sensitive areas, identifies untrusted connections, and hides IP addresses and routing information from unauthorized parties.
We apply industry-accepted configuration standards for all system components that address all known security vulnerabilities. This extends to our internal and external network, our operating systems, and hardware required to host web services.
We apply cryptography and security protocols that encrypt and protect cardholder data even when transmitted across public networks. SSL certificates and other trusted security keys are unilaterally enforced. Only modern TLS ciphers are permitted.
We restrict physical access to our data center with 24-hour security policies and a team trained to implement them. This includes, but is not limited to:
Video surveillance with 90-day footage history
Secured entry with at least two-factor authentication (PIN, access card) in most areas, and three-factor authentication (PIN, access card, thumbprint) in areas housing the cardholder data environment
Visible identification on all team members
Visitor policy that prevents unauthorized public access; authorized external individuals have access only to required areas and are escorted at all times
Team members are given access to the cardholder data environment only if their role requires it
Restricted access to network jacks, wireless access points, gateways, networks, and other lines of communication
We track and monitor access to network resources and cardholder data, though it falls to clients to maintain logs and monitor logins for their own applications (Magento, WordPress, and so on).
We regularly test our security systems and processes, and perform internal penetration testing at regular intervals as well as after any significant infrastructure upgrade.
PCI Requirements for Merchants
Properly implemented, PCI compliance helps merchants adhere to commonly accepted best practices of data security. Hosting with a PCI-compliant provider is a solid first step, but becoming compliant still requires action on your partt.
If your store accepts credit cards as payment, it must be PCI-compliant whether you store that data or not. Choosing a PCI-compliant web host is only the first step. Most credible web hosts can provide merchants with materials outlining their respective responsibilities upon request, but ultimately it is on merchants to understand and meet these requirements.
Regrettably, there is no “one size fits all” checklist. Your specific responsibilities will vary according to your merchant level (1–4, with 1 being the highest), which is generally determined by the number of credit card transactions your store processes annually.
The general process for most merchants is:
Identify, understand, and implement the appropriate PCI DSS requirements.
Complete a Self Assessment Questionnaire (SAQ). The SAQ is a checklist outlining the requirements. Depending on your level, some or all of them will apply to you. Level 1 merchants have the most requirements; level 4, the least.
Resist the temptation to simply “check every box” in the SAQ. Doing so endangers your customers and exposes your business to liability. The PCI stands to lose money from breaches, and in response may investigate your SAQ and AOC.
Submit to a quarterly scan by an Approved Scanning Vendor (ASV), an independent, qualified authority that performs external vulnerability scans on your systems.
Complete the Attestation of Compliance (AOC), a document asserting that you are both eligible to perform and have in fact performed the SAQ to the best of your ability.
If classified as a level 1 merchant, you must take additional steps, including an on-site assessment.
If climbing the considerable hurdle of PCI compliance doesn’t appeal to you, you’re not alone. Your hosting provider can answer questions related to overlapping responsibility, and third party Qualified Security Assessors (QSAs) can help businesses run the PCI gauntlet (for a price).
Even businesses offering only PayPal, Auth.net, and other payment services as payment options must be PCI-compliant because those businesses must still transmit credit card data.
One universal component is the need to confirm that all of your service providers are PCI-compliant. This includes your hosting provider, but also extends to payment processors, payment gateways, POS providers, and any other entities that touch your customers’ cardholder data.
Some PCI Essentials for Merchants
Maintain PCI compliance. Compliance requires ongoing awareness and daily application. Tasks range between daily and annual, but all are recurring.
Don’t just check “Yes” to every question in the SAQ. Due diligence protects your business and your customers.
Know your code, or use a developer that does. Implement best practices of deployment using staging and dev sites without exception.
Establish a secure password policy. Use complex, unique passwords and never allow your staff to share login credentials or use default passwords.
Enable two-factor authentication for all of your internal users, and consider providing it as an option for customers logging in to your site.
Use a web application firewall (WAF). At Nexcess, we provide one for all clients and it’s enabled by default.
Don’t just take your hosting provider’s word for it. Confirm they’re PCI-compliant and competent by asking for (and getting) their Attestation of Compliance (AOC).
Keep your applications and extensions current to the latest stable release, and actively monitor for new threats and versions.
If PCI compliance were enough, breaches of high-profile organizations would be far less common. Compliant should not mean complacent.
In reality, PCI compliance is “Cardholder Data Security 101.” It is the minimum acceptable standard and a reasonable introduction, but PCI is far from infallible. Credit card companies require compliance. Merchants adhering to PCI standards will be more effective at protecting consumers than businesses that just pay them lip service, but PCI compliance is only the first step.
The very nature of PCI — a large, curated document updated only periodically — makes it vulnerable. Standards deemed sufficient in the “current” version are often exposed as inadequate. It can take months or even years for PCI to “catch up,” and bad actors are well aware of its limitations.
The best protection is knowledge. At Nexcess, we have team members that specialize in web security who stay well-versed in the newest threats, breaches, and countermeasures. Many merchants may be reluctant to enlist the services of a security expert. At the very least, we recommend subscribing to security notifications for your ecommerce application and following at least one credible web security news source. Both sources react much faster than the PCI, and following them will help you “spot the smoke” before it becomes a fire.
We’re on the List!
Don’t forget, we’re “On the List” of PCI compliant providers officially recognized by the Visa Global Registry. That means we’ve shown a continued commitment to reviewing and improving our security policies to match and exceed PCI compliance requirements. If you’re looking for a PCI compliant provider, hosting with Nexcess means you’re hosting with an approved and recognized provider. Learn more about the PCI compliant hosting with Nexcess.
For guidance with PCI compliance, contact our sales team between 9 a.m.–5 p.m. eastern time, Monday to Friday.
The post How Nexcess Helps Your Store Stay PCI-Compliant appeared first on Nexcess Blog.
With Magento Live Europe just around the corner, we’re gearing up for one of the biggest Magento events of the year. Before we pack our bags and head to Europe though, there are a couple of other events that we’ve been excited about attending all year, and that you definitely shouldn’t miss out on.
Since September is one of the busiest Magento event times of the year, we’ve brought together the events we’re planning to attend, so you can pick and mix based on where your favorite Magento hosting company are going to be.
If you can’t make it, we’ll be publishing what we think the main Magento takeaways are from each event. So keep an eye on our blog post-event.
What to Know Before You Go
Magento events have a lot of opportunities for merchants, developers, and everyone in between. In order to take the most away from these opportunities, it’s important to know what they are and where you’ll find them.
Before launching into the events themselves, we want to make sure you know what you can expect from each of them.
All Magento events have sessions. They range from highly technical to more business orientated, and are probably your best source of information at a Magento event.
Before attending, take a look at the event’s website to see what sessions they have in place and which really speak to you and your needs. Try to manage a timetable where you can take advantage of all three things on this list, but prioritize the most important sessions. After all, you’re probably attending a Magento event to learn.
Sponsors are a big part of the Magento community, and almost every event has at least a handful of them. They’re great to talk to because they can potentially provide you with some awesome ideas for how to improve your Magento store.
They’re also a really good source for keeping a pulse on the Magento community. Most of the time they know what’s happening, who’s who, and what the latest developments have been. Why not go over and ask they about their Magento experiences, if nothing else.
We’ll be sponsoring several of the events below and will have our own booth. Come and talk to the team to learn more about how we’re a cloud company that has been with Magento since the start and will continue to support Magento merchants no matter what.
We know, after a long day of listening to sessions and speaking to sponsors, you probably just want to go home. But wait, there’s still more!
Networking events often take place around Magento events. They offer a good place to meet fellow merchants and developers, and continue that conversation with that one sponsor.
We suggest making an appearance and talking to a handful of people, at least. The Magento community is really helpful and supportive of newcomers and existing faces alike.
These events also tend to come with free food and drink as well!
Meet Magento NYC 2019
September 5-6, 2019
Meet Magento New York is the only Meet Magento event in the US. It provides existing and new Magento merchants with a space for meeting and discussing developments in ecommerce.
It’s also a great chance to meet some Magento sponsors, discuss best practices, and just become a part of the community.
This year, our very own VP, Josh Ward, will be discussing what Magento 1 merchants can do after the End of Life in June 2020. We’ll take a look at what you need to be paying attention to, how it’s going to affect the Magento community, and why even Magento 2 merchants should be keeping an eye out.
Interested in catching up on what happened last year? Fill out this form for access to all of the videos and presentations from 2018.
Mage X Austin
September 13-14, 2019
Mage X events are the place to be if you’re looking to learn more about the application that underlies your ecommerce solution. As a space of learning, Mage X events tend to offer diverse sessions on business and technical topics. You’ll walk away from this knowing a lot more about Magento than you did coming in.
Don’t forget to take advantage of everything on show this year, including a focus on PWA and Headless. Learn more about what it means to code headless or PWA stores, and how they benefit a variety of business models.
This year, our very own Magento Master, Miguel Balparda, will be leading a panel about Community Engineering. Here he’ll talk about what it means to be a maintainer, and how you can contribute to an Open Source project too.
Meet Magento Poland
September 16-17 , 2019
Meet Magento Poland has been going since 2012, and every year the number of attendees only grows.
Just like any other Meet Magento session, Poland offers a perfect opportunity to learn more about Magento and meet interesting people involved in creating the ecommerce platform.
Make sure to join in with the Q&A sessions and ask any questions you have. Also don’t miss out on talking to the Magento representatives onsite. With over 600 attendees expected to be present, it may seem like a busy event but it’s also very personable.
This year, we’re going to be attending, so keep your eyes out for Nexcess team members walking the floor and joining you in the sessions. Don’t be shy, come and say hi!
Catch Us Around the World
Interested in knowing what events we’ll be attending in the future? Check out our events page and stay up to date. You can also catch us on social media, either through our Facebook, Twitter, or LinkedIn accounts. Keep an eye on our timelines and we’ll let you know when our next event is.
The post Magento Events in September 2019 appeared first on blog.nexcess.net.
The Industry Buzz section is divided into three major sections, which is then subdivided into smaller sections.
Corporate Blogs which include official blogs from web hosts, registrars, search engines and other related sites.
Magazines & Blogs include interesting websites related to the hosting industry, but not necessarily from official company blogs.
Industry Leaders include personal blogs from important industry leaders, such as employees from Google and WordPress. These blogs sometimes include insights on how industry leaders think, but also may contain topics not related to hosting.