eCommerce Development Sydney

Magento Security Recommendations

The truth is that no Content Management system is a 100% secure. Despite of continuous improvements in the core software and related extensions/plugins, there is always a slight possibility of your website or web application’s security being compromised. There are a number of ways to hack into a system: remote access, brute force, SQL injections, DDoS etc.

Magento Security Recommendations

Magento being one of the popular eCommerce platforms in the world, powering roughly 29% of the eCommerce stores in the world followed by WooCommerce and Shopify, is no stranger to such attacks as well. Although the security team at Magento is continuously towards making Magento as secure as possible, evident from the launch of Magento 2 that has lead to tremendous improvements from a security point of view. These include 20 potential vulnerabilities, including remote code execution, information disclosure / leakage, cross-site scripting, etc. 

Here is are some recommendations that our team of Magento developers have put together that might be useful for Magento store owners,

  1. Use HTTPs instead of HTTP- This can be done by simply getting an SSL certificate for your website. What this essentially means is that your users will always be connected to the server via a secure (encrypted) connection. If you have an existing eCommerce store then it is best you talk to your eCommerce developer in order to undertake this change as you will require some amount of technical information in order to make the switch.
  2. Update the Environment Regularly- This includes upgrading the Magento core software, installing any latest security patches, upgrading extensions and upgrading the server.
  3. Protect the Admin Panel- Admin Panels are always susceptible to Brute Force attacks and there are plenty of steps that can be taken to reduce the likelihood of such attacks taking place. Some of these include;
  • Changing the Admin URL
  • Using Two-Factor Authentication
  • Restricting Access to the Admin Panel by IP Whitelisting
  • Using Strong Passwords and Changing them Regularly
  1. Use a SFTP to transfer files to and from the server- FTP password interceptions can be another technique used by hackers to gain access to a system. SFTP, which stands for SSH File Transfer Protocol, or Secure File Transfer Protocol, is a separate protocol packaged with SSH that works in a similar way over a secure connection. The advantage is the ability to use a secure connection to transfer files and traverse the file-system on both the local and remote servers.
  2. Take Backups Regularly- If things do go wrong backups can be your saving grace. It is important that you take backups of the entire setup including the database on a daily basis. Some hosting companies provide this as a part of the hosting plan but you can always use a extension to complete a backup. Backup Guard Lite and MagePlace Backup Extension are two options you can look at.
  1. Use a Magento Security Extension- There are plenty of extensions available for Magento that provide protection against commonly known attacks. Some of these include;
  • MageFence
  • Sucuri
  • TotalSecurity

Hope you find this information useful!

 

WordPress eCommerce Development- What Are Your Options when it comes to Plugins?

Thinking of setting up an eCommerce store? Chances are WordPress has come up as one of the possible options to setup your online store. Now the next question is which plugin will be best suited for powering your eCommerce store. There are plenty of options available in the marketplace therefore it is best you prepare a list of your requirements beforehand. You can then use this list to narrow down your search for a suitable eCommerce plugin/solution that will power your eCommerce store.

Here is a list of some useful points that you can add in your list;

  • Digital V/s Physical Products
  • Shipping Carriers
  • Budget to develop the store
  • Target Audience (National V/s International)
  • Complete managed solution V/s Self managed solution (hosting, security, maintenance)
  • Offline Selling or Pure Online Play
  • Level of Support
  • Can you afford a development team?
  • Social Media Store Required or Not?
  • SEO
  • Integration of any other software with the eCommerce store e.g. inventory/ accounting software.

Our eCommerce development team has put together a comparison of 4 leading eCommerce plugins/solutions for WordPress. In this comparison our eCommerce developers have looked at factors such as Cost, Security, Ongoing maintenance, SEO, Skills required for setup, Shipping, Taxation and so on.

The Plugins

  1. WooCommerce
  2. Jigoshop
  3. Shopify
  4. Ecwid 

The Factors

Cost

Woocommerce and Jigoshop are free to download but you can expect to pay more when you need to integrate functionalities that are not a part of the core software.

On the other hand Shopify and Ecwid have a monthly subscription fee. For Shopify you can expect to pay $29-$299 per month and for Ecwid you can expect to pay from $0 to $99 a month. Each subscription level has deferent features and functionalities available.

Hosting & SSL Certificate

With WooCommerce and Jigoshop you will need to maintain your own hosting and SSL certificate whereas with Shopify and Ecwid, hosting and SSL certificate are included in the monthly subscription fee.

Offline Selling

You can sell offline using the four plugins. For WooCommerce and Jigoshop, you will need third party plugin/extension to enable offline selling. On the other hand for Shopify you will need a Shopify POS system and for Ecwid you will need to enable the offline mode on the website.

Type Of Products

All the four plugins/services allow for selling digital and physical products.

Setup

WooCommerce and Jigoshop may require development skills for setup and maintenance where as this is not the case with Shopify and Ecwid.

Support

WooCommerce- Support provided through online forums or documentation.

Jigoshop- !4 day support available for purchased plugins and various support packages available on their official website. Support available through online forums available as well.

Shopify- There is 24/7 support available as a part of your subscription. You can reach the support team through phone, email or chat.

Ecwid- There is free setup assistance available. Also there are various packages available for ad-hoc services and continued support. Online help portal available as well.

Design

WooCommerce- Can work with most of the WordPress themes available in the market however it is important that the theme follows certain minimum standards put forward by WooCommerce. Most themes can be customised as per your requirements or custom themes can be developed as well.

Jigoshop- More than 70 themes available on Jigoshop.com and third-party options available as well.

Shopify- Comes with themes specifically designed for eCommerce stores. Some themes are free while others are paid for. There themes are highly customisable thus allowing you to create unique store fronts.

Ecwid- Third party themes available and the company also provides a theme customisation service.

Social Media

All the four plugins/services are capable of setting up social media stores (Facebook) and provide seamless integration & centralised inventory management.

SEO

WooCommerce- SEO friendly plugin, allows you to create custom page titles, custom navigation links and custom page URL’s.

Jigoshop- Requires a separate extension to be purchased that gives a store owner access to advanced SEO features.

Shopify- Some basic feaatures that are included in every plan include editing of title tags, meta descriptions, alt tags and automatically generated canonical URL tags. For advanced features a separate app needs to be purchased from the Shopify app store.

Ecwid- Ecwid provides access to advanced SEO features paid customers only.

 Shipping

WooCommerce- Various free and paid shipping extensions that provide access to major carriers across the world are available.

Jigoshop- There are various free and paid extensions available to calculate shipping based on the customer’s location.

Shopify- Various third-party apps available.

Ecwid- Smart shipping calculator that allows customers to calculate freight rates based on their location.

In our opinion, WooCommerce comes up as a clear winner when it comes to a self managed eCommerce solution given that It provides you complete control of your store however this comes with a cost. All the features and functionalities that are not a part of the core plugin need to be purchased separately. If budget is a concern then Shopify and Ecwid will both do the job for you. The deciding factor here will be which eCommerce service can cover all the functionalities that you want in the least minimum monthly amount.