Here, you’ll find insights on programming languages, frameworks, and techniques that shape the web and software landscape. Whether you’re a developer looking to refine your skills or simply curious about how things work behind the scenes, this space offers practical knowledge and thoughtful perspectives.
If your online store is not secure, it doesnât matter how much revenue it brings inâthe right cyberattack could cripple your ability to run online transactions.
This in mind, itâs critical for users of both Magento Enterprise and Community to install a critical security update called SUPEE-8788. In this blog post, Iâll go through the details of this patch and what my team at ABT learned from this process.
Who Is Affected?
If you use a version of Magento Enterprise older than 1.14.2.4 or a version of Magento Community older than 1.9.2.4, you need to apply this update.
What Exactly Does This Update Do?
SUPEE-8788 addresses 17 different APPSEC vulnerabilities in Magento, including ones found in the payments system, user sessions, the Flash-based media uploader, and within the Zend Framework itself (which Magento has assumed maintenance of since ZF1 passed end-of-life).
In addition to the security updates in the SUPEE-8788, Magento versions 1.9.3 (CE) and 1.14.3 (EE) also provide several dozen other fixes and updates, including:
Tax calculation fixes
Shopping cart and checkout fixes
Catalog fixes
Price rule fixes
Configurable swatches fixes
Import/export fixes
Indexer fixes
Visual Merchandiser fixes (EE-only)
How Do I Apply This Update?
Visit Magentoâs Security Patches page and follow the instructions to either update your version of Magento or download and install a patch alleviating these security issues. Because the patch can be applied quicker and with less complication than the version upgrade, we recommend installing the patch immediately if you donât have the time or resources to perform a full Magento upgrade.
Wait, Why Do I Need More Time to Perform This Magento Upgrade?
Magento upgrades take a lot more than clicking a button and waiting a few minutes. Your developers will need to ensure the new version installs correctly and works with your existing design and customizations. We also recommend a thorough QA process across all areas of your online store when you install the upgrade. Making matters more complex, the new versions of Magento differ greatly in quality based on whether youâre using Community or Enterprise.
How Should Magento Community and Enterprise Users Handle the Upgrade?
Magento CE 1.9 users, especially those on 1.9.2, should review the fixes and features in the 1.9.3 upgrade to determine if itâs worth extra time to upgrade rather than install the patch. Spend some time reviewing the Magento forums, StackOverflow, and subreddit to see what kinds of issues people are reporting with the upgrade. This will help you anticipate and resolve any common issues or conflicts youâre likely to encounter with the upgrade.
Magento Enterprise users should be more cautious regarding the upgrade. While itâs always preferable to be on the latest version whenever possible, weâve been disappointed in the lack of quality control in this release. Our Magento developers have already identified multiple bugs in the EE-specific changes which required hotfixes. Thereâs also currently little public discussion around 1.14.3, so itâs difficult to find solutions by comparing notes with other users. While this update does fix some long-standing bugs and the aforementioned security issue, the update trades these problems for new ones without proven fixes. This makes it easier to just install the patch if you use Magento Enterprise.
What If I Need Help or Have More Questions?
Feel free to post any questions or thoughts in the comments section below. If youâre interested in getting Atlantic BTâs help in handling your upgrade, contact us today to get started.
This year will be known for sweeping changes in pay-per-click advertising. For starters, Google changed our available ad position from eight spaces to three. This increased our competition and the average cost per click. However, even though it now costs more to advertise on Google, the other changes to AdWords give us the chance to produce astounding results.
Just a warning: Because this article deals with recent changes to Google AdWords, having a familiarity with Google’s PPC platform will help you get the most out of this post.
Shoot for the Moon with Pay-Per-Click
If your marketing strategy depends on pay-per-click, I want you to shoot for the moon. The changes this year might seem scary because they were new, but the new features that Google has rolled out give you the ability to make the best campaigns of your life. You can achieve moments of triumph that are the advertising equivalent of scoring the winning touchdown at the end of the second half, or whatever sports-related metaphor gets you going.
1. Just Rewrite All Your Ads
Pay-per-click success is easyâjust completely rewrite all your ads.
Seriously though, if you haven’t rewritten your ads since the introduction of expanded text ads, you’re missing out. Expanded text ads increase your options for character counts and take up more space on screen. More space equals more customer attention. Expanded text ads also put a renewed focus on headlines, allowing you to experiment with the headline to drive better ad performance.
2. Be More Negative
Campaigns improve the most by cutting the ads that aren’t working. Be relentless in your review of negative keywords and search terms. Eliminate any words that either 1: Have the wrong intent or 2: Prove themselves to be bad keywords.
Segmented keyword lists are satisfying on a variety of levels.
3. Get the Best of Both Worlds
Demographic targeting for search ads gives you the best of both worlds: keyword-focused advertising cross referenced with demographics. You’ll need some quality data about your audience to make this work, but the availability of this option gives you unprecedented precision in targeting your audience.
4. Identify Audacious Audiences
AdWords gives you the ability to create audiences based on existing customer data. Some methods could include targeting specific customers for a special offer. Alternatively, you could also exclude audiences from a particular campaign to focus on new customers.
5. Drive Conversions or Die
I believe that any pay-per-click campaign should have a conversion action and that tracking is critical to know if your campaigns are producing results. Periodically reviewing your dimensions tab is important to cut historically bad campaigns, ad groups, ads, or keywords. If it doesn’t produce, it dies. Simple as that.
6. Extend Yourself
Filling in all those ad extensions is like figuring out every possible deduction on your tax return: it’s tedious work, but it adds up to a bigger return. Here are my picks for great extensions to boost your campaign numbers:
Location Extensions
Location extensions allow people to see where your business is located, so these extensions are critical if customers need to physically visit your store to buy something. To set these up, you’ll need to connect your Google My Business account with AdWords.
Call Extensions
Call extensions are essential for any service-based business. A lot of people would rather call and talk to a person instead of filling out a form on a website. Make sure you’re tracking these as a conversion and set up number tracking in AdWords.
Messaging Extensions
These extensions allow customers to text message you from a mobile ad. This is a good way to tap into younger consumers who would rather text than talk to a sales associate on the phone.
Price Extensions
Price extensions allow you to reference products or services in a variety of formats. I like them for two reasons. First, they can act as a filter for value-focused consumers who won’t pay your prices. These people ultimately end up wasting budgets because they participate in the information-gathering phase of how much services or goods costs without actually buying. Second, I believe people who aren’t price-sensitive enjoy the transparency of seeing a real number. This is especially relevant with services where direct comparisons may be difficult.
Structured Snippet Extensions
Structured snippets are basically a permutation of callouts. These extensions focus on lists of brands, services, or types of products that a business offers. In my experience, Google is finicky on rejecting these extensions and is often unaware if something is a service or product.
Structured snippets get into nuanced attributes that you wouldn’t mention in a main ad.
The Future Is Bright
Make no mistake, it’s tougher environment for pay-per-click advertising. But you can still win big at AdWords if you can adapt to recent changes from Google. The key is taking advantage of every new option available and, above all else, experimenting with every aspect of your campaigns.
Take the six steps outlined earlier in this post, and you can shoot for the moon with your PPC strategy.
During a regular day at work, while working at an Umbraco 7 instance, a client asked me for an easier way to move content from development to production and vice versa. Any Umbraco user knows that any changes you make in development need to be replicated in production, unless you use a tool to do it for you. When it comes to tools, you have options: build your own tool (Umbraco gives you all the resources you need to build your own), you can use a third-party one, or you can use Umbraco Courier. I elected to use Umbraco Courierâitâs simple, ÂŁ99 per site, really cost-effective, and if you meet their partner standards you get it for free.
Setting up your Umbraco Courier is pretty straightforward IF you don’t have a complicated setup for your servers. Login to Umbraco > Developer > Packages > Umbraco package Repository > Lookup for Courier > Install; answer a few questions; go to the new Courier section and login to download your license and get going. But, in this case, the configuration was not that straightforward.
Courier wasn’t accurately replicating the content that we employed it to replicate. The content wasn’t successfully transitioning through the URL rewrite rule and Courier wasn’t logging real information about the problems it was encountering. It took me working with three of their developers just to pinpoint the issue. Fixing it with our system would prove to be another challenge entirely.
Let me walk you through this client’s infrastructure setup and explain the problems I faced that required long hours and serious headaches to correct. With an understanding of that framework it will be much easier to understand how I corrected the issue.
The Root of the Issue
After installing Courier on our dev server and configuring the courier.config with my three environments (localhost, dev and prod), the first error we got was:
“Object moved”
The stack for this instance might look like this:
System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message,WebResponse response,Stream responseStream,Boolean asyncCall) at System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName,Object[] parameters) at Umbraco.Courier.RepositoryProviders.WebServiceProvider.RepositoryWebservice.OpenSession(String sessionKey,String username,String password)
This was really frustrating. The logs donât provide any real information about the problem as Courier is, apparently, very convoluted regarding licensing errors.
Important Note:
The client setup contained an ELB, which was hosting the SSL, in front of the EC2 instances for both dev and prod, and it incorporated URL Rewrite rules to enforce the http protocol.
How We Solved the Problem
To address this Courier problem check for the following in your Umbraco code:
Client in AWS with load balancer
Server where site is hosted
Site has an HTTP to HTTPS rewrite rule which forces client to go from an open connection to a secure one
Once you’ve confirmed this is the issue you’re dealing with, you can address it easily. First, ensure all servers that will have Courier installed are up and running. If your production server is not ready yet, then only include the servers that ARE ready to be tested in the Courier Config file. Next, modify the rewrite rule to ignore all the Umbraco routes.
Once you’ve done this, Courier should be able to replicate your content accurately across instances and you can start taking full advantage of the softwareâs functionality such as large uninterrupted deployments to remote instances, custom automated deployment functions, and free open-source software.
To Address Your Own Umbraco Issues
While this step-by-step should help you correct this particular issue with Umbraco, weâre always eager to hear what other problems you may be encountering. Feel free to respond via email or in the comments section to highlight the Umbraco issues youâre currently struggling to remedy.
Pokemon GO is taking over. After its US release July 5th and upcoming release in other countries throughout the rest of the month, it now seems like everyoneâs trying to become a Pokemon Master. According to SimilarWeb’s Digital Vision, itâs been downloaded by
â5.16% of all Android devices in the US. If that doesnât seem like much, consider that by Thursday, July 7th, Pokemon GO was already installed on more US Android phones than Tinderâ.
In addition, more than 60% of those who have downloaded the app in the US are using it daily.
Pokemon GO is an app that uses your phoneâs GPS and clock to make Pokemon âappearâ around you. It also uses your camera so you can âcatchâ them in real time, of course depending on your location and time. It takes the plot of Pokemon games where you try to catalog as many Pokemon as you can in your Pokedex for scientists and implements the quest to become a Pokemon Master. The difference is that you can do it in the âreal worldâ. People are catching Mareep in parking lots, Nidoran in convenience stores, and Tangelas in malls.
Believe it or not, Pokemon GO has a lot to teach usâand Iâm not talking about whether or not your apartment complex has a Rattata infestation. The way that Nintendo has created this virtual reality and the way you play the game is a brilliant example of how to conduct a successful marketing campaign. Here are 5 lessons from Pokemon GO you can use to digitally promote your business:
When youâre playing Pokemon GO and youâre not where the Pokemon are, you start walking to make sure you get there. If youâre strolling through a park and you see there are some Blastoise if you start moving leftâyou go left. Why would it be different in marketing? You need to target the consumers in the places where people actually are buying your product. When you catch Pokemon, you donât stay in the same place hoping one will just pop upâyou go to the place where itâs well-populated. As a digital marketer you have the power of analytics to show you which customers you need to catch and how to target them with the right ads.
Letâs take this point further. Youâre not going to go to a different country to find Pokemon; youâre going to look near your home. Just as people search for Pokemon while walking near their favorite stores, their places of work, and around their neighborhoods, people are also trying to find your business on their smartphones. When people want to find somewhere to shop or eat, theyâre trying to find the business thatâs closest to them. By targeting locations near your business and registering your address and information to Google Maps, you can help your customers find you.
2. Have a Flexible Approach
via Pokemon Wiki
When youâre trying to catch a particularly difficult Pokemon or battling at the Gym, you need to be able to adjust the technique youâre using. Is the Pokemon too far away to throw the ball accurately? Get closer. Does the ball keep missing and rolling away? Try not to throw it so hard. Is tackling not working? Try using the âSlashâ move or something more powerful.
Just like battling and catching Pokemon, itâs important to have a flexible marketing Strategy so you can take different approaches to different problems. Just as you look at the type of Pokemon to see how to attack it, you should also look at your analytics to see how you can fix a marketing problem. Analytics can show you how long people are staying on your site, what demographics are ending up on your site, and what search terms are leading people there. All these findings can help you refine your approach. If the most people found your service using a particular search term, test that out and try to amplify it. If people arenât lasting long on your site, try to determine if there are performance issues. By using data to form multiple strategies and testing new tactics, you can get closer to being a marketing master.
Anyone familiar at all with the Pokemon universe is aware of the threat of a criminal element, or Team Rocket. Pokemon trainers are sworn to protect their Pokemon, keeping them happy and safe, as companions. Team Rocket is known for abusing Pokemon by enslaving them or poaching them for parts. Niantic, developer of the app, does not include Team Rocket in Pokemon GO, but you donât need to add a criminal element to the âreal worldâ. There have been accounts of criminals using the app to track people and mug them. This involves muggers going to places where a lot of Pokemon are and attacking users distracted by playing the game. In addition, the app has had major issues with security. As Tech Crunch reports:
âWhen you use Google to sign into PokĂŠmon Go, as so many of you have already, the popular game for some reason grants itself (for some iOS users, anyway) the highest possible level of access to your Google account, meaning it can read your email, location history⌠pretty much everything.â
That means the application could see and modify nearly all the information in your Google Account. While players do have the option not to sign up with Google and create a âTrainerâ account, the servers have been so overwhelmed that many players just used Google.
While Niantic has stated they are addressing the security risk and Google is already working to reduce the permissions, thereâs a lesson here about the importance of keeping your customers safe. Make sure your online shopping experience is secure and easy to use. Not sure whatâs rustling in the tall grass of your code? Make sure to get a programmer on the inside to make sure your platform isnât leaving the door open to hackers. To learn more on what dangers could be lurking, check out this blog post on eCommerce security or request a code audit to find weaknesses in the platform youâre using. In addition, if you have any questions about security and app permissions for your own products, feel free to contact us for help.
4. Let the âReal Worldâ Inform Your Virtual One
Pokemon GO is one of the most innovative things Nintendo has done with the franchise in at least 7 years, if not longer. More or less, new releases of Pokemon have felt the same since 1996. The places the characters traveled to become Pokemon Masters changed names and more Pokemon were added, but it often seemed like the same plot every single game. It was clear that they wanted to bring Pokemon out into the physical world in 2009 when they bundled experience-gaining Pokewalker pedometers with every copy of HeartGold and SoulSilver, but you still couldnât see Pokemon in your world. Now, you can see Pokemon in your everyday life, find them in real locations, and see them in your smartphone camera. It brings a âreal worldâ experience to something wholly virtual.
Whatever youâre trying to market, whether a standard website for your business or one that hosts an eCommerce platform, itâs important to merge that âreal worldâ feel. Itâs hard to imagine, but many people actually discover products and services outside of a smartphone or computer screen: from posters and billboards, seeing the products in their friend’s homes, and hearing people recommend things in spoken conversation. To bring that real-world feel back into the sphere of technology, try using social media. Maintain an active presence on Twitter, LinkedIn, Facebook, and even Pinterest to help customers find you within the virtual worlds they inhabit every day. That way people can tag you and post reviews on your business to help you reach their friends. This helps people see you the way they would in the âreal worldââand hopefully theyâll get just as excited about you as when they realize thereâs a Jigglypuff near them.
5. Donât Do It Alone
Pokemon GO is a lot more fun when youâre running around with a group of friends because you can support and challenge each other. Just as you shouldnât wander around at night by yourself because you think there might be Gyrarados at that creek behind your house, you shouldnât take marketing risks alone. For example, if youâre running an eCommerce store, you should have a programmer on the inside to make sure your code is secure and clean. The best case scenario is having a full team helping with marketing, content, design, and everything your site needs to pull leads. Donât you wanna be the very best? In the Pokemon universe, Ash had Misty, Professor Oak, Brock, and countless friends along the way. That in mind, you should have dedicated designers, marketers and programmers on your team.
Whether youâre trying to be a Pokemon Master or Marketing Master, itâs important to be aware of your environment, integrate virtual and tangible experiences, and to work on a great team. If you want more help, consider adding Atlantic BT Marketing to your team. From analytics to user engagement to brand discovery to successful online advertising, we can help you catch âem all.
If your brick-and-mortar store was on fire, what would you do? Youâd call 911, drop everything you were planning, and do whatever it took to put the fire out.
Hereâs the scary part: thereâs an excellent chance your store IS actually on fireâonly weâre not talking about your physical store, weâre talking about your Magento eCommerce platform. If you donât think so, ask yourself when you last had a code audit. If the answer is more than a year ago, your online store probably has security vulnerabilities that are just as dangerous as a raging fire inside a physical building. And if there were fire hazards in your actual store, would you just cross your fingers and hope for the best? Of course notâbut this is how many eCommerce companies handle their Magento stores.
Donât wait until you smell smoke. Just as every building has a fire escape plan, you need a strategy to handle an eCommerce blaze. Here are three steps to put out a Magento eCommerce fire.
1. Check it on Magereport
If your building was on fire, whatâs the first thing you do? You wouldnât run around flailing and screamingâyouâd stop and evaluate the situation. You would look at where the fire is before you tried to figure out how to stop it.
The same principle applies to protecting your website. While you canât make your code stop, drop, and roll, you can check for the flames by visiting Magereportand entering your URL. If you see any orange or red boxes, you have serious security vulnerabilities that need resolving. While Magereport makes it easy for you to see your siteâs weaknesses, it also makes it easy for everyone else to see any security weaknesses you have. How would you feel if someone could type the address of your store and see how easy it would be to break in? Â Â
Thatâs why you need to know if your store is on fire. Just as possessions and assets can go up in flames in a real fire, weaknesses in Magento can destroy your life. Sure, you might be thinking,
âPeople can see my weaknesses on Magereport, but do I really need to be afraid of? Iâm not Sony or the White House, why would my data be valuable to anyone?â
Two-word answer: online payments. Getting the customer payment information that your platform processes is incredibly lucrative for hackers. Without the right patches, someone can run a script that will scrape the credit cards of everyone who uses your site. This can cause online payment processors to pull out of your site and you could be sued for damage inflicted by the scraping, effectively ending your business. The lesson? Donât let code weaknesses destroy your online store.
2. Get Expert Help
Once you determine that there is a fire, you need to find the cause. More than Magereport, you need to know where your eCommerce issues are and how you can fix them. Whenâs the last time you reviewed the code for your website? Several months? More than a year? Â No matter how you answer, your site can benefit from an outside expert checking your security and store functionality. The way Atlantic BT handles that is by doing a code audit.
Essentially, a code audit reviews core Magento code, any plugins, modules, or third party integrations and the code functionality. In every audit, we:
Document third party dependencies and integration points
Identify areas for improved ease of administration
Identify if versions of Magento/PHP will also need to be upgraded based on Theme selection
All of this can tell us how your website can run better and what youâre at risk for. That way, we can eliminate virtual fire hazards before they burn your website to the ground.
Itâs important to note that, while a code audit does run analytics for your online store to evaluate site performance, this is not the main focus of a code audit. A code audit is not a marketing tool designed to directly leads to sales; itâs about seeing whatâs broken. While you might think your budget is better spent on improving your online marketing, remember that you canât market a hacked website with revoked payment methodsâjust like you wouldnât spend money on more advertising if your physical storefront was on fire.
3. Clean Up Your Code
Just as a messy store environment can be more of a fire risk, messy code can make your eCommerce platform more vulnerable by allowing hackers more opportunities to enter your system. Too much clutter in the backend can also slow your website down and make it harder for customers to navigate. Unused plugins, the wrong version of Magento, or using poorly-designed themes are all things that we look for in a code audit. More specifically, we:
Identify themes that will have the least impact to the siteâs functionality.
Make estimates of future design and development phases based on theme selection.
Checking on the themes, what plugins are actually being used, and other site analytics can tell us how your eCommerce page is performing. Not sure this is an issue for you? Check it out yourself. In this blog post, we take you through step by step to check for browser rendering issues in Google Analytics. Once you see whatâs going on, our code audit can give you a good look at whatâs contributing to that in the code.
Donât Fight Fires Alone
Finally, donât forget to get someone to help you along the way. At Atlantic BT, we have the resources to perform code audits and put out your eCommerce fires as well. Once you see how your site is doing with Magereport, reach out to us about getting started with a code audit.
Companies attend the Magento Imagine conference for many reasons. Atlantic BT came to learn. We wanted to hear the latest ground-breaking strategy for eCommerce, find out how different digital leaders aspire to change the online marketplace, and connect with forward-thinking companies to learn their big ideas.
This recap represents our best efforts to share what we learned during the 3-day event. This post features our favorite moments and ideas from Magento Imagine 2016.
Twitter Updates 4/11:
As your eCommerce site grows, more integration maybe be needed. Magento 2 makes this easier #MagentoImagine – @WeJobes
All extensions written for Magento2 are written for varnish. – @AntonKril #MagentoImagine #deepdive – (RT by @CRDuffy)
Hooray. Varnish Cache is default installed in Magento 2. Â – (RT by @CRDuffy)
Don’t use “best” “optimal or “fastest” in your user stories @SteveAtMagento – (RT by @CRDuffy)
Make sure that user stories cover the admin functionality – @SteveAtMagento #MagentoImagine – (RT by @CRDuffy)
Requirements: Functional, Integration, Infrastructure. Â @steveatmagento “a lot of people skip over the infrastructure” #MagentoImagine – (@ABTProctor)
Front loading discovery reduces the need for freakout testing a week before launch – @SteveAtMagento #MagentoImagine – (@ABTProctor)
Build technology from a marketers perspective, not from a developers perspective – Drew Pearson of @LewkOfficial #magentoimagine – (@ABTProctor)
Twitter Updates 4/12:
30% of transactions on PayPal were mobile transactions last year.  Very significant number #MagentoImagine – (@CRDuffy)
Dimension specific customer segmentation #MagentoImagine – (@CRDuffy)
Key takeaways for importance of site performance #MagentoImagine – (@CRDuffy)
It’s the same code. If you can do it in M2EE, you can do it in Magento Enterprise Cloud Edition. Â – (RT by @WeJobes)
Default integrations with new relic and blackfire.io is definitely a nice touch for the PaaS offering #MagentoImagine – (@CRDuffy)
eCommerce Sites are like custom buildings – @robtull Keys to a successful magento project #MagentoImagine – (@ABTProctor)
Twitter Updates 4/13:
Magento 2.1, the first feature release for Magento 2, comes out in June. – (@WeJobes)
Crazy performance improvements from Magento 1 to Magento 2 with varnish @JoshuaSWarren #MagentoImagine – (@ABTProctor)
For our future conference insights and Twitter updates, follow our official Atlantic BT account:@AtlanticBTÂ
