Your Business Website Is A Crucial Tool During COVID-19

by | May 17, 2020 | Consumer Trends, eCommerce, Email Campaigns, General, Local News, Website Maintenance

The coronavirus pandemic is a troubling time for local small businesses. Use your website to keep your operation running smoothly.

While the spring and summer of 2020 haven’t gone the way any of us in the business community might have planned, many businesses large and small are finding ways to adapt to an economy that seems to change daily. Practicing social distancing can be difficult while also trying to keep a business running. Use the tools you have available to make things easy and safe for your staff and customers.

Update crucial information on your website

Have your hours or availability changed to help prevent the spread of COVID-19? Have you closed your lobby or started offering curbside pickup? Be sure to update your website to reflect these changes. Update this information on your Contact Us and About Us pages. Add banners and other notes on your front page to be an eye-catching way to present the new information.

Remember that your customers aren’t just looking for this information directly on your website! Update this information on your Facebook, Instagram, and other social media. If you manage your Google Business listing update your hours and availability there. If you don’t mange your Google Business listing, now is the perfect time to get started on learning how to use this important tool.

Keep your customers informed with a pop-up

Pop-ups don’t have to be the same annoyance they were in the 1990’s and 2000’s. A well-designed and unobtrusive pop-up can be an easy way to communicate important information about COVID-19 policy changes to your customers. Plugins make it simple to make a pop-up box that blends in well with your website and won’t be in the way.

A well-placed pop-up combined with updated information throughout the site will make sure that anyone checking your site will know if you’re offering additional services during this complicated time.

Local business offering curbside service during coronavirus pandemic - ITD Interactive

Local businesses are offering curbside pickup to serve customers with less close contact.

Revitalize your business model with online ordering

During the pandemic many restaurants and businesses have switched to pickup and curbside service. You can streamline this process for your small business by setting up online ordering on your website. You can use forms to do anything from requesting pickup for an item, filling out an entire restaurant order, or even collecting payment online. Adapt your model to an online system to keep your employees and customers safe while keeping your doors open.

Use your mailing list to send updates

Have you been building a database of loyal customers in a mass emailer? Now is the perfect time to send messages to your users to let them know about changes in your hours and business practices. Restaurants offering specials and modified menus can use these email lists to get the word out. Combine mass emails with website changes and social media updates for an effective strategy.

Coming together as a community

If there’s any silver lining to the coronavirus pandemic for a business owner, it’s that many are turning to local businesses for support and normalcy during this time of uncertainty. A business that learns to adapt will emerge stronger and with a better grasp of how to use their website.

Contact ITD Interactive today if you want more information on how to update your website to keep your customers informed. Now is a great time to set up an online ordering system!

Developing an SEO Strategy for Tennessee Businesses

by | Sep 22, 2019 | eCommerce, General, Inbound Marketing, Local SEO, SEO, SEO for Small Business, Web Marketing, Websites

SEO for Nashville, Knoxville, Johnson City, Memphis, and Everything In Between

The business community in Tennessee is thriving. New businesses are popping up all over the state: new restaurants, new microbreweries, new and expanding manufacturing, and so much more. A strong economy and increased access to high-speed internet services has created a boom in new businesses that need websites and successful SEO strategies to get them noticed.

If you’re one of the many new Tennessee business owners (or one that’s been around for a while) and you’re looking for a way to give your website a boost in search engine results in a clean and organic way, we’re Tennessee-based SEO experts and we’re here to help!

SEO in Johnson City, TN

Johnson City, TN thriving downtown - ITD Interactive SEO blog

Photo by mrgriffter / Wikimedia Commons

At ITD Interactive we’re partial to Johnson City because that’s where we’re based! Our local economy has taken off in the past several years with a big focus on the downtown area. Dozens of formerly vacant buildings have been developed into restaurants, breweries, local retailers, and more. The downtown area and beyond have turned into a hotspot of activity with tons of foot traffic that should be appealing to anyone with a dream to open their own business. A good SEO strategy for a developing area like Johnson City is to leverage the “shop local” movement as customers transition from shopping at the chains and big box stores that have been here for decades to focusing more on new locally owned and family businesses.

SEO in Knoxville, TN

Knoxville, TN skyline - ITD Interactive SEO blog

Photo by Nathan C. Fortner / Wikimedia Commons

Knoxville is a unique city when it comes to the local business community. It’s a large city of over 185,000 and home to the University of Tennessee. Knoxville has a thriving and eclectic downtown area full of local retailers, breweries and restaurants. The greater Knoxville area is home to many corporate offices, industries, retailers, and much more. To stand out in search results against other Knoxville businesses you’ll need to use a strategy that competes against those with a long history in the area. A strategy that utilizes landing pages to target specific services or products you offer will help you funnel potential customers from a search engine directly into your inbox.

SEO in Nashville, TN

Nashville, TN music scene and night life - ITD Interactive SEO blog

Photo by dconvertini / Wikimedia Commons

The heart of Nashville is naturally the music industry, but Tennessee’s capital is also known for its honky tonks, restaurants, breweries, and other industries that cater to tourism. Professional sports help bring in millions of tourists annually with the Tennessee Titans football team, Nashville Predators hockey team, and a pro soccer team coming soon. Higher education and related industries are important to the city economy as well – Nashville boasts many universities and colleges including Vanderbilt, Belmont, Tennessee State University along with several other schools in the city and in the general area. Any new business in Nashville catering to these industries absolutely needs to leverage those areas of activity when considering SEO services. It can be difficult to rank highly in an area saturated with so many existing businesses but the right SEO strategy using long tail keywords can help you find interested customers in a crowded market.

SEO in the Rest of Tennessee

Tennessee is a big state and every part of it is different when it comes to business. The right SEO strategy for your Tennessee business website needs to be customized for you and where you’re based, not a one-size-fits-all solution. If you’re ready to get your website noticed, contact us today and see how ITD Interactive can create the right SEO strategy for you.

Magento Navision Integration Strategies

by | Apr 29, 2019 | eCommerce, eCommerce Security, magento, Navision

Integrating Magento with other platforms is always a challenge.  Likewise, integrating Navision with other platforms is always a challenge.  Naturally, trying to tackle  a Magento Navision Integration project will not disappoint, if you are looking for a challenge!  It is possible, however, and in this article we’ll provide a brief overview of how we approach getting Magento and Navision to talk to each other with our own clients.

No, There’s Not A Plugin For That

Let’s get this out of the way.  You cannot simply go to the Magento Market place and grab a plugin to connect Magento with Navision.  This can be a frustrating truth, however, if you consider the customized nature of Navision – it’s not hard to understand why.  No two Navision installations are alike, and rarely are two Magento installations alike.  Given that level of customization, there would be no way to create a one-size solution to integrate the two platforms.  Often you’ll see plugins available, but when you investigate, you’ll see these are typically a custom development service for sale.

Our Approach to the Magento Navision Integration Project

First – Conquer the Language Barrier

Magento and Navision operate on different platforms.  One sits in a linux environment with a MySQL database, while the other sits in a Windows environment with a MS SQL database.  The two platforms alway speak different languages.  Magento 2 utilizes a REST API that is quite customizeable.  Navision relies on a SOAP API that takes a slightly different approach.  Because both platforms have different access methods, and reside on different servers, the most common sense approach was to develop a stand-alone piece that communicates with both.

Next – Configure Each Platform

Magento:  In Magento 2, in order to communicate via the API you must create a user, then assign that user API priveleges.  These can be highly customized to only the software areas needed for the integration.  i.e. billing, inventory, etc.

Navision:  Navision utilizes a set of services called ‘Web Services’.  After the 2009 release, Nav allows access to web services via NTLM authentication.  Once enabled and configured, Web Services will make XML data available through a web interface.  A user can view XML structure documents as well as perform CRUD options via the SOAP API.

Then – Develop the Middleware

Our solution centers around a piece of custom software, we develop, that operates in between the two platforms.  This ‘middleware’ is designed to read and write data to both platforms and perform whichever operations we choose.  Since we primarily work with Magento, and our preferred platform is Linux, we prefer to build our middleware in a LAMP / LEMP environment.  We use an OOP PHP framework, typically running on a Linux / Nginx / MySQL environment.  The basic structure of our solution is this:

  1. Middleware queries Magento via the REST API. (generate an array of orders, customers, products, etc)
  2. Middleware parses through each record and writes / updates that data to the Navision platform.

 

Finally – Create A Schedule

Once your middleware piece is testing and performing as planned, the most simple method of automation is to create a scheduled server script.  There are numerous ways to do this, and most developers have their own preference.  In a nutshell though – decide how often your script needs to run, and how to control record volume to keep in line with memory / resource constraints, and set your schedule accordingly.

Gotchas & Other Considerations

While the overall concept is simple, actually creating a fine-tuned integration is rarely that simple.  You’ll likely run into to issues with memory, Navision server performance, bandwidth limitations, and more.  The PHP > Magento API connection is fairly efficient.  However, the connection to Navision can vary widely, depending on the setup.  Some Navision setups can handle non-stop processing of data through web services, while others need to have it metered out in small doses to keep from having locked tables and such.   There are also quirks with Navision to contend with – such as the way you have to create an empty record first, and then update it with data.  Make a 2-step process where you would think it only needed to be one.  There are many more, but this is our basic approach and the main goal here is to get you off on the right path.

Much of our Magento Navision Integration success can be traced back to this article:  Freddy’s Blog – Connecting to NAV We Services from PHP.   This is not Magento specific, but goes into detail about the basic PHP to NAV connection, using NTLM services, and even links to an NTLM library you can use in your custom application.

Need Help with your Magento Navision Integration?

We (ITD Interactive) have built numerous eCommece solutions on the Magento Platform, and have successfully integrated many of them with the Navision Platform.  If you would like to chat with us about your project, or if you are in the marketing for an eCommerce developer with experience in Navision Integration, we’d love to hear from you!.

Contact Us about eCommerce / Magento Navision Integration

eCommerce Search Engine Optimization – 7 Tips for Success

by | Nov 5, 2018 | eCommerce, SEO, SEO Checklist, Websites

eCommerce Search Engine Optimization – 7 Tips for Success

If you rely on your website as a key part of your business, then i’m sure I don’t have to tell you how important it is that you have a strategy for maintaining good search engine optimization.  Having a well optimized site that ranks well for your main keywords is a crucial part of building any strong online business.  For most types of websites, the rules are the same.  Content, content, content!  But what about eCommerce search engine optimization?  Optimizing a blog post for a particular keyword is one thing, but what about product pages?  How do you manage category pages?

eCommerce sites definitely have their own unique challenges and pitfalls when it comes to search engine optimization.  In this article, we’ll touch on 7 tips to make sure your eCommerce site is well optimized and attracting valuable traffic!

Why is eCommerce search engine optimization more challenging?

SEO for eCommerce - 7 Tips for SuccessTo get to the root of this, you have to understand how the search engines crawl and index websites.  The search engines will typically land on your front page, and then follow every link they come across.  It will then follow every link on those pages until it has exhausted new links to crawl.  On a typical website, which might have anywhere from 10-20 total content pages, this is a pretty simple feat.

Now, think about your typical eCommerce site.  Not only do you have your regular company / content pages, but you have product pages, category pages, product comparison pages, reviews, shopping carts, search results, etc.  Many of these top-level pages have multiple views (filter by price, name, etc) and many pages are divided into even more sub pages!  A category with 35 products in it will likely result in 3-4 pages with previous and next buttons to make it easier to browse.  As a result of these common eCommerce site features, the search engine spider will often encounter thousands of links to follow and evaluate, many of which are circular, or all wind up at different versions of the same page.  If left unchecked – you may find yourself with a site that appears to be full of duplicate titles, content, and just an overall poor navigation path – which Google takes into account in determining your rankings.

Below, we cover 7 areas you need to pay attention to with any eCommerce site, to ensure your web store is easy to crawl and index, as appears to be well organized and of high quality.

1) Don’t forget the basics

Every page needs the core SEO elements taken care of.  By this we mean that every page should have a properly written Meta Title, Meta Description, and the content within the page should be properly organized with headings and paragraphs, all of which should be relevant to the most important keywords you are targeting.  This holds true for all of your pages, whether it is a content-heavy “about us” page, or a product page.  Good SEO will ALWAYS start with good, high quality content. Because eCommerce sites can have large catalogs – it is easy to gloss over these and forget.

Why this is a problem:  It’s easy to forgot your basic SEO best practices when you’re working on an eCommerce site.  Having a well formed title, well written meta elements, proper usage of heading tags, and 300-600 words of well-written content are still your basic target.  As shoppers – we don’t necessarily want to read 300-600 words about a product, but Google has a hard time indexing and sorting that product if there isn’t enough content to analyze.

How do I fix this?  Take the time to write plenty of content about your products, and also on category pages.  Keep in mind that even if a page is automatically generated from your catalog, it is still a page as far as google is concerned.  It needs to follow SEO best practices to ensure maximum performance in search.

2) Make proper use of rel=canonical.

If this seems like greek, then you should probably talk to your web developer or SEO provider and make sure.  Simply put though, rel=canonical is a tag that lets you tell the search engine which version of a URL is THE correct version.  For instance, http://itdint.wpengine.com and http://itdinteractive.com are of course the same URL – but the search engine doesn’t know that.  As far as the search engine is concerned, those are two very different URLs.  with eCommerce sites, the need for the rel=canonical tag is nothing short of critical.  For instance, you might have 2 URLs for the same category page:  http://www.mysite.com/widgets and http://www.mysite.com/widgets?page=2.  If these pages have the rel=canonical tag stating that the actual URL should be http://www.mysite.com/widgets – the search engine would simply assume that these are two completely separate pages.  This example only has two pages – you might have a category with so many products that your eCommerce site breaks it up into 10 sub pages.  Without the rel=canonical tag notifying the search engine of the canonical URL, the spider will log every single page as a unique page.

Why this is a problem:  10 unique pages of content is a great thing.  10 pages of mostly similar content, that share the exact same title and meta descriptions is absolutely NOT a good thing.  It looks like you have 10 pages that you didn’t bother to assign unique titles to.  This leave the search engine with a bad impression of your site’s organization.

How do I fix this?  Most standard eCommerce platforms either have configuration settings to enable the rel=canonical tag, or readily available plugins that do the same thing.  If you aren’t comfortable tackling this yourself, you should reach out to your web developer and get them to point you in the right direction.

3) Utilize rel=PREV and rel=NEXT.

If you have a category listing with multiple pages of products, the crawler will likely think that you have a bunch of pages with duplicate title and meta tags.

Why this is a problem:  If you have a large catalog of products, you will most likely have listings that are broken down into multiple pages.  While this makes it easier for your customer to browser through the catalog – it can cause confusion when Google comes around to index the page.  Let’s say you have a category called ‘iPhone Cases’.  If you had 8 pages of iphone cases to scroll through, then Google would think you have 8 pages with the identical main title and description – resulting in a ding against you for duplicate content.

How do I fix this?  By properly utilizing the rel=PREV and rel=NEXT, Google, or any of the indexers, will understand that each page is just a continuation of the original listing and take that into account in their index.  There are different ways to implement this, depending on what eCommerce platform you are using, so refer to the documentation or talk with your developer.  There are often plugins that will take care of this for you as well.

4) Avoid big chunks of boiler-plate content.

If you have a lot of products that are similar, avoid the temptation to boilerplate the product description and only change the color or style information.  Duplicate content is a big concern with SEO and if you have 20 products that share the same 2-3 paragraphs, you run the risk of those pages being buried in the index – google assuming they are of low quality.

Why this is a problem:  We all like to save time where we can – and duplicating similar products to add to your catalog is a common practice.  The problem arises when you duplicate a product several times, and essentially only change the title, picture and maybe a sentence or two in the description.  This can be challenging especially if you have accessory products that are basically the same, but that work with different systems – like phone accessories, computer accessories, etc.

How do I fix this?  There isn’t really a quick fix for this issue, unfortunately.  The key here is to take the time to either write original content for all or your products, or better organize products that share too many similarities.  For instance – if you have a battery charger that comes in 6 different varieties for 6 different devices, don’t create 6 individual products and try to write custom content for each.  Create it as ONE product with well written content, and allow the shopper to pick which device they are shopping for from an option list.

5) Avoid skimpy product and category pages.

Category and Product pages are fantastic opportunities to provide the user with valuable information about your products, their value and why they should be interested in them.

Why this is a problem: For sites with lots of products, however, it is all too common to only write a sentence or two for each. If your page has barely a paragraph of content, the search engines really can’t evaluate what it is about and you’ll never be able to rank very high for that page.  Take the time and craft great content around your products.  Category pages are an even greater opportunity to develop great content since they are more of an overview page.

How do I fix this?  Take the time to carefully organize your categories.  If you have too many categories – then you will also have too many category pages to edit!  Once you priorities your category breakdown, take time to flesh out each category page with unique content about the products contained in that category.  Typical SEO rules apply to the category page just as they would a blog post or other informational page.

6) Beware of built-in SEO title and meta values.

Many eCommerce platforms allow you to set a global title and description.  The idea here is that it is better than nothing, should you forget to set them individually in your product and category pages, but this is a terrible practice.

Why this is a problem:  If you set a global title and description, and fail to individually set these items on other pages, the search engine will register duplicate titles and descriptions for all of your pages.  Multiply this problem by however many products and categories you create!  This gets tricky because as a viewer, you see product titles and pictures.  To the indexer, however, they see an entire catalog full of items bearing the same title and description.  These duplicate titles and descriptions can, and will, also shop up in google listings which looks terrible.

How do I fix this?  Each product, category, and informational page in your eCommerce platform should have an area where you can specify the meta information.  Some may automatically grab the product title and an excerpt of the description, or short description. However, if you have the default meta title / description set, it could override this feature.  In this case – automatically grabbing the products title and excerpt is your ‘better than nothing’ option.  However, to gain the most benefit, you should really take the time to edit the meta information for each fo your products.

7) Don’t forget the ALT tags.

eCommerce sites tend to have a lot of photos.  Any decent eCommerce software will allow you to edit the alt text for any photo you insert.  Make sure you do not skip this step.  Aside from stronger overall optimization, alt text provides an opportunity to add relevant keywords in the context of your products and services.  Google’s image search is a powerful tool that relies on the alt text heavily to determine what a photo is all about.

Why this is a problem:  Many eCommerce platforms make it easy to jump loads of pictures onto your website.  Everyone wants to see multiple views of a product, or pics of the product in use.  This is great – but if you do not take the time to set the alt tag information for each picture, they will be indexed by their file name.  All too often – file names are just part numbers, or generic names that are abbreviated or chopped up to save typing.

How do I fix this?  By intentionally editing the meta information for each image – primarily the alt tag – you can take advantage of the entire image side of Google’s indexing services.  Often image search results will show up alongside text searches and that can be another opportunity to have links to your store show up in a potential customers search.  Each platform handles this slightly differently, but any major eCommerce platform should have an easy interface to edit this information.

Wrapping Up

eCommerce SEO can be a tricky subject, and often takes more on-going effort than SEO on an information or service oriented website.  Ignoring SEO best practices can have a huge detrimental effect on the performance site, however, so the effort for an eCommerce site can return a huge payoff.  It’s worth the time to do it right.  If you feel you do not have time to tackle this yourself, you should seek out an SEO service provider who can help you!  This is a service we provide to many of our clients, and we would be happy to talk with you as well.

If you would be interested in a free consultation – there is a link in the side bar.  We would be happy to look over your eCommerce site and offer insight into areas that might be holding you back – and there is no obligation. 

eCommerce Security Checklist for 2015

by | Jun 17, 2015 | eCommerce, eCommerce Security, Security

eCommerce Security ChecklistSo far, 2015 has been a busy year from an eCommerce security standpoint.  At our shop, our ecommerce solutions are primarily built on the Magento platform, with a few smaller shops electing to use WordPress with an eCommerce plugin.  All the same – we have had to install many upgrades and patches over the last few months.  Given all the activity as of late – I thought I would throw together a quick eCommerce Security Checklist.  This article is for developers that might not be familiar with best practices for eCommerce security, or even online shop keepers that are wondering if they are doing everything they can to keep their store, and their customer’s data safe!  We hope you find this useful and if you feel we have missed anything, please feel free to add it to the comments!

1.  Secure your eCommerce Software

eCommerce Usage Data

This eCommerce usage chart was compiled by AheadWorks, a premium supplier of Magento Extensions. Check them out at AheadWorks.com

There are so many eCommerce platforms out there.  As I mentioned, most of our projects fall under Magento or WooCommerce – heavy on the Magento side.  As you can see in the chart on the right, Magento and WooCommerce make up close to half of all eCommerce platforms out there!  This means they are well respected and popular, but it also means they have a bit target on their backs.  Take every precaution to make sure your eCommerce software is updated and secure!  Below are some steps to help you do just that.

  • Magento Security Patches:  Magento, specifically, uses a security patch method of handling urgent updates.  Unfortunately, there is no quick “click this button to update” feature within the Magento interface.  You have to have your developer apply these patches, unless you are comfortable logging in through a terminal window and applying them yourself.  Magento has released 3 critical patches this year alone and if you are using a magento site, it is critical that you install them.  You can test your site for vulnerability and find out more about the patches here:  Magento Security Patch Page & Testing Tool
  • WordPress Automatic Updates:  If you are using the WordPress platform, with WooCommerce or any other eCommerce plugin, we highly recommend taking advantage of their automated update features.  Wordpress releases updates quite often and they are generally in response to security threats.  The WordPress team is quite vigilant in making sure their core software is as secure as possible.  For more information on configuring automatic updates, visit this page:  Configuring Automatic Background Updates
  • WordPress Plugin Updates:  Securing WordPress is only half of the battle.  Unfortunately, you can have a fully secured WordPress installation and with even ONE out of date plugin, your whole site could be at risk!  Since we are dealing with eCommerce, we would be naturally interested in making sure that WooCommerce, WP eCommerce, or whatever platform you use is updated.  However – every single plugin in your WordPress site can be a potential security risk.  Make sure they are all updated and as a general rule of thumb, if they aren’t critically necessary to your site – delete them!  People are generally unaware how a seemingly simple plugin feature can be exploited to hack into your site.  UPDATE THOSE PLUGINS!  
  • WordPress Theme Updates:  While you are at it – make sure theme files are updated as well.  Many of the more modern wordpress themes come bundled with all kinds of tools and widgets that could be subject to vulnerabilities.  Check your Wordpress update notifications periodically to make sure there isn’t an available update.  NOTE:  Updating a theme can potentially trash your website if you, or your developer made changes to the theme’s core pages.  If you are unsure, ask your developer.  When you can, always develop using a Child Theme – this way, you can take advantage of your master theme updates without the risk of losing all of your page design settings!  Read here about child theme development strategies.  It’s really pretty easy and it makes for a MUCH safer setup.

2. SSL Security

SSL Security ConsiderationsIf you use an eCommerce tool such as MagentoGo, Volusion or other hosted solution – you won’t have to worry too much about this.  If your site is self hosted, either on your own server, or a server your web developer set up, then you NEED to take these steps!

Note:  This section only applies if your site has an SSL certificate.  If you access your shop like this: https://www.myshop.com then you are using an SSL certificate.  If your site is processing transactions and taking credit card information under a regular http://www.myshop.com address, you are not using SSL.  If that is the case, you NEED to be using SSL.  Talk to your developer immediately and get this taken care of.  If your site only takes payments through third party services such as PayPal, and all transactions happen OFF of your site, then you have nothing to worry about and you can skip this SSL Security section altogether.

  • Heartbleed Bug Vulnerability:  Late last year, a huge vulnerability was discovered in the software that manages SSL security on web servers (OpenSSL).  They called this the Heartbleed bug and everyone was encouraged to update their software to newer, patched versions.  You can check your site for this vulnerability here:  Heartbleed Vulnerability Scanner
  • Poodle Vulnerability:  Funny name – not so funny if you don’t have it fixed!  This is a vulnerability that has to do with what types of SSL protocols your server allows.  Many servers, by default, allow SSLv2 and SSLv3.  Both of these are vulnerable and you want to make sure that your server only allows TLS varieties of SSL protocols.  You can check for this vulnerability here:  Poodle Vulnerability Scanner
  • General SSL Health:  This tool is one we use quite often and it scans your server and reports back on several SSL security issues.  The result of the scan will be a grade letter – A through F.  If you run this and get a C, D or F – you need to talk to your developer or host and get the issues resolved.  A score of C – you might still be ok, depending on which issues it flagged.  If the scanner comes back with any items in red – then you NEED to pay attention to those!  View the SSLLabs Server Scanning Tool.

If you sell things online, AND you take credit card information ON your website, please make sure you have a proper SSL certificate installed.  Get with your developer or host and find out what to do.  You can even give us a shout and we would be glad to tell you what you need to do – or do it for you if you need us to.  As I said before – if your sales all happen somewhere else, such as PayPal, 2CheckOut, or something like that, then you don’t have anything to worry about.

3. Secure your Admin Panel

Admin Panel Security Steps

Keep this guy out of your site’s admin panel!

Some hacks happen through known vulnerabilities where hackers can exploit something as simple as an image directory that still has write access and upload their own files to gain access to your site.  Many times, however, hackers use known admin panel logins to simply log into your sites admin panel and then do whatever they want!. Don’t make it so easy on them!  Below are some steps you need to consider to secure your admin access.

  • Change Admin Username:  Please, please PLEASE – do NOT use “admin” as your username.  This is the default username for many systems and hackers are counting on this.  They have software that guesses passwords – and it only works if they know your username to begin with!  If you use a non-standard username like “MyStoreAdmin” or something that doesn’t even have the word “admin” in it, then no only would they have to guess the password, they would have to guess your username first.  That is often enough to make a hacker move along to a site with a much less savvy administrator.
  • Changing the Admin Path:  Wordpress sites use /wp-admin for their admin panel.  Magento uses /admin by default.  Most sites have a default admin panel link and again, the hackers know this.  If you change this to something non standard, it basically takes your site off of the hacker’s “low hanging fruit” list.  Make breaking in even a little bit difficult and they often move on to another target.  In Magento, you choose the path during setup.  In WordPress – changing this is easiest with a security plugin that offers this option.  We have used the iThemes Security plugin on many sites and it works really well.

4. Secure Transactions

Online Transaction Guidelines for eCommerce SecurityIn your store’s eCommerce settings – you have a lot of control over the types of transactions you allow, and how those transactions are processed.  Below are some things to consider when taking people’s money online:

  • Never Store a Credit Card Number:  For reasons I do not understand, many eCommerce apps, including the great Magento, still offer offline credit card processing  as a standard payment option.  NEVER (i can’t repeat this enough) use this option.  This is the option that saves the credit card number in fully readable fashion, for you to manually process later.  They trust you will delete the number – but many people do not.  I have seen this happen to store owners before and it is not pretty. The fines and liability you will face are significant.
  • Use Off-Site Processing When Possible:  If you are a small shop and you do not have a merchant account, a gateway account and all of that good stuff yet – that’s ok!  Taking payments with PayPal express, or any host of other off-site processors might be a small headache to your clients, but it saves a lot of grief in the end.  Sure – you’ll eventually want to handle everything on your site, but when you are starting out – it’s a good idea to use these services as long as you can.  In fact, I find that on a lot of our websites that offer both – a huge portion of shoppers still prefer to use PayPal over entering their credit card numbers on our sites.

5. PCI-DSS Auditing / Compliance

PCI-DSS Compliance for eCommerce Store OwnersThere are countless smaller shops out there that never give PCI-DSS compliance a second thought.  Unfortunately, even if you sell 1 item a year, if your site is hacked and that breach results in credit card numbers or other personal information being released into the wild, the Payment Card Institute can, and will come down on you.  If your site is established and is a regular part of your revenue stream, then you really have little excuse to ignore PCI-DSS compliance.  We don’t have time to go into what all is involved in PCI-DSS compliance in this article, but you can find out more here:  Why Comply with PCI Security Standards?

Final Thoughts

The biggest rule of thumb in dealing with your site’s security is to be PROactive and not reactive.  Spending half an hour installing that patch is much better than losing days trying to rebuild a site that has been hacked, defaced and trashed.  As bad as that is, it can always be worse.  If you operate a store and your customer’s data is stolen and used fraudulently – you could be looking at significant liability if they are able to trace the breach back to your site.  When you are dealing with eCommerce, security is simply too critical of an issue to take lightly.  We hope this has been helpful and again – if you have anything to add or share, please leave a comment!  That only makes the article more useful for others.