Category Archives: Magento

Magento 2.3 Released

Magento 2.3 Released!

Magento 2.3: Multi-source Inventory, Progressive Web Apps (PWA) support, and more!

The long awaited release of both the Magento Commerce and Open Source editions is available now at Magento.com.

Mobile Experience

Firstly, the Progressive Web Applications (PWA) Studio enables merchants to deliver their mobile store in an all-new app-like experience on modern, compatible devices. The new experience is faster and more responsive than traditional mobile skins, therefore improving conversions and sales across mobile channels.

Better Inventory

In addition to an improved mobile experience, the new Multi Source Inventory improves your supply chain management. The new system lets merchants manage inventory located in physically distinct warehouses and source channels in a single interface. Track inventory per source location and globally so that you can now know what quantity you have and where it’s located in your supply chain!

New Design Features

PageBuilder is an all-new drag-and-drop editing tool for site content. This new tool will help store operators update the look-and-feel of their site without having to hire a developer. In addition, this new tool uses a flexible grid-system, so that you can make new pages or tweak existing pages, without worrying about placement issues.

Other Changes

  • New options for shipping and order fulfillment.
  • A new declarative database schema; making life easier for developers.
  • Improved performance indexing site content,
  • Lastly, better security with update reCAPTCHA and Two Factor Authentication (2FA) options.

You can see the full list of changes by accessing the release notes for Magento Commerce and Magento Open Source, respectively.

For assistance upgrade, or to discuss how the new features of the Magento platform can aid your store, contact BCS Engineering today!

Magento 1 to be Supported Through 2020

Magento 1 long-term support through June 2020

Magento announced today a long-term strategy for the Magento franchise.

According to the post:

For Magento Commerce 1, we are providing software support through June 2020. Depending on your version, software support may include both quality fixes and security patches. Please review our Magento Software Lifecycle Policy to see how your version of Magento Commerce 1 is supported.
(Source)

and regarding the open-source edition (formerly known as the Community Edition):

For Magento Open Source 1, we are providing software security patches through June 2020 to ensure those sites remain secure and compliant. Please visit our Legal Terms page and review our Magento Open Source Software Maintenance Policy to see which versions of Magento Open Source 1 continue to receive software security maintenance.
(Source)

Therefore, it is of vital importance that e-commerce stores who are currently using Magento 1 begin the process of transitioning. This could be either via an upgrade to Magento 2, or via migration to another cart provider.

Need to Upgrade from Magento 1 to Magento 2?

At BCS Engineering, our e-Commerce focus is customer-centric. Our aim is provide you with the simplest path from where you are to where you need to be. If you’re currently hosting a Magento 1 e-commerce website, our Magento experts can assist you in multiple ways:

  • We’ll move your store from Magento 1 to Magento 2 — or any other platform — for you; let us do it all!
  • Do you just need some custom functionality ported to your new store? Our certified developers are ready to help.
  • Or, are you so completely overwhelmed with the idea of moving your store that you don’t even know where to begin? Don’t worry, we’ve been doing this since 2002… this isn’t our first rodeo.

Contact BCS Engineering today! We can help you navigate the upgrade process and keep your store working smooth… until 2020 and beyond!

Magento 2.2.6 Released!

The latest release of Magento — version 2.2.6 — is out now and includes multiple bug fixes. New enhancements designed to increase the overall security of the platform include:

  • 25 critical security fixes (addressing cross-site scripting and other vulnerabilities)
  • 7 major performance improvements (including product indexing and improvements for multi-site)
  • Updated Amazon Pay, Google Tag Manager, and dotmailer integrations
  • Over 150 product quality enhancements

Further notable enhancements include:

  • improved reliability of the checkout process,
  • CAPTCHA improvements, and
  • sales/payments improvements (including Braintree and Paypal integrations).

There are multiple other enhancements to improvements in shipping, sitemap, themes, as well as minor code and interface corrections. You can find the complete list of changes in the release notes for 2.2.6 Open Source or 2.2.6 Commerce. From Magento:

Although this release includes these security enhancements, no confirmed attacks related to these issues have occurred to date.

A minor patch is also available for Magento 2.1 — version 2.1.15 — that addresses these security concerns. For a full discussion of the vulnerabilities that have been addressed, see this discussion at the Security Center.

Do You Need Help with Your Magento Upgrade?

BCS Engineering’s certified Magento developers are standing by and ready to assist your e-commerce store with upgrading to the latest version of Magento! Our team are experts at deploying new major and minor upgrades, as well as assisting with your store’s theme, adding custom features to your store, or addressing security and performance issues. Contact us to find out how we can help with your store today!

Securing Magento 101: The Basics

Securing Magento

“It takes 20 years to build a reputation and five minutes to ruin it.”

— Warren Buffett

In the age of e-commerce that five minutes could be considerably shorter. Your e-Commerce business hinges upon your customer’s trusting your site completely.

With an install base of nearly 100,000 live websites, and a market share that’s surpassed 13%, Magento sites around the globe represent a huge target for malicious actors looking to compromise a sites for profit.

Just last week, a “massive website hacking campaign that has infected 7,339 Magento stores” was announced. Would you want to be one of those site owners? Would you want to explain to your customers that their credit card info was stolen.

Nope.

That’s why securing Magento is an absolutely critical step for your e-commerce business.

Typically the way that hackers compromise a Magento site is a cyclical process. It looks something like this:

The four stages of an eCommerce attack; you need to understand this process in order for effectively securing Magento.

  1. Identify a specific vulnerability in the e-commerce platform (Magento).
  2. Target an e-commerce store with this vulnerability.
  3. Attack the store with this vulnerability.
  4. Exploit the vulnerability until it’s found and patched; then repeat.

So our goal is simple… we prevent the cycle show above from ever starting. Here are some super-simple basic rules that every Magento site-operation should follow.


Ten Tips for Securing Magento

1. Regularly Apply Patches

Patches remove security holes regularly, and provide critical improvements to your Magento store that can prevent holes from being found by forcing a “moving target.”

2. Use Modules/Extensions from Authentic Sources

One of the reasons that your probably chose Magento was it’s sensibility and the large number of modules and extensions available for the platform. Make sure you only install modules and extensions from Magento Marketplace. You should also investigate the background of a module’s developer, and thoroughly read the module’s reviews, before you trust installing it to your store.

3. Change Passwords Before and After you Seek Any External Assistance

Any time you ask a developer to work on your store — even us — you’ll need to share credentials with them. You should always provide the minimal set of credentials needed for the work. This usually amounts to a Magento admin username and password. The proper way to do this is to make a new administrator account for the developer, with a random password, and once they have finished the work they set out to do you should disable that account and/or change that account’s password. In some circumstances, they’ll need SSH access, and the same principle holds there… disable that SSH user account and/or change the account’s password.

Bonus tip: restrict only certain IP addresses from connecting to your store via SSH, and use a non-standard TCP port number for added security. Your hosting provider can assist you with configuring this aspect.

4. Schedule a Recurring Security Review

We highly recommended not becoming complacent about securing Magento; that is, just because you’re safe today doesn’t mean you’re safe tomorrow. With that in mind you aren’t a security expert, either, so it makes sense to have an independent review of your store regularly to ensure that everything is working smoothly and, most important, securely.

Schedule a recurring security review of the Magento e-commerce store with a certified Magento developer to ensure that your store is always as safe as it can be.

5. Use SSL/HTTPS

SSL is to encrypts all data that passes between browsers and servers; this ensures that a third-party can’t view or manipulate the data as it passes from the user to the server. It’s absolutely essential to securing your store and is a strict requirement for PCI compliance.

6. Use SFTP

SFTP uses encryption to upload data to your Magento store. Like SSL/HTTPS, using SFTP prevents third parties from intercepting or manipulating data that you upload to your store.

7. Change the Administrative URL, Username and Password

One of the commonly exploited vulnerabilities across web is using default administrative URLs and credentials. You’re in a hurry to get your store up-and-running, you don’t have a good way to store a password, so you just leave things set to the default. Making just a few small changes — setting the admin URL to something that only you know, specifying a robust admin username, and using a secure password — can change your store from a soft target to a hard target instantly.

8. Consider Using a WAF for Added Security

A Web Application Firewall (WAF) works differently than a traditional firewall. A “regular” firewall typically only looks at network traffic at a very low-level; for example, to allow TCP port 80 (web traffic), or deny TCP port 22 (SSH traffic).

A WAF works at the layer closest to the user, looking at the actual HTTP requests, and can be used to block attempts at injecting SQL, preventing Cross-Site Scripting (XSS), and other complex attacks that no traditional firewall would ever detect.

Therefore WAFs assist in securing Magento by providing an added layer of protection to your threat reduction model and could very easily save your business someday.

10. Have a Disaster Recovery and Backup Plan in Place

An often unrecognized aspect of securing Magento is knowing what to do when something goes wrong. Think about how you would recover from a hack before it happens and have a plan in place. You’ll react quicker when you discover a problem, and won’t have to worry about what to do; just follow the plan and solve the problem. Having a good backup strategy, talking through with a developer what to do if you discover a problem, and staying calm because you have a plan can mean the difference between your site being down for a few hours and a few days.

Time spent preparing now will work out in the long run to be much less expensive than the lost revenue of an extending downtime event.


Conclusion

Because Magento is a robust platform, it has many safeguards to keep your e-Commerce store safe, but no piece of software is ever 100% invulnerable. The best thing that you can do is to implement a security-first mindset, follow expert advice on securing Magento, and never hesitate to ask questions about what’s best for your e-Commerce environment.

If you’d like to discuss your Magento store’s security, contact BCS Engineering: our professional, Magento-certified staff can assist you with improving your site’s speed and security today!

GDPR Support for Magento

GDPR Magento Support

BCS Engineering is fully capable of helping you with your Magento GDPR Compliance. We can implement and analyze your Magento applications to help you achieve compliance & assist you with any other issues that you might have regarding GDPR. We are offering a 4 Hour Magento Support Consultation which includes a phone discussion to understand your business processes.  We will then use that information to look into your Magento site and propose changes that we recognize & provide a time estimate to achieve those changes.  If there is time remaining in the 4 hour consult after completing the above tasks, we will use that remaining time to start implementing the changes that we identify to your Magento site.

We will base our work off of current best practices regarding GDPR & do our best at that point in time to help you achieve compliance.  However, we do want our clients to understand that these regulations are a moving target & constantly changing.  We encourage you to review all services and contracts connected to third-party companies with your legal counsel, in order to confirm GDPR compliance.

GDPR changes go into effect on 5/25/2018. Contact us for a quote to help you with your specific needs!

Magento Sites Targeted by Hackers

Has your Magento Site Been Hacked?

Researchers at Flashpoint have discovered that at least 1,000 sites running Magento have been compromised by brute force attacks to scrape credit card numbers and install malware that mines cryptocurrency. The Magento sites are being compromised through brute-force attacks using common and known default Magento credentials. These attacks occur when admins fail to change the credentials upon installation of the platform. Attackers can then build simple, automated scripts loaded with known credentials to facilitate access of the panels.

Once the hacker has access, they are able to install any script that they choose.  With this attack they are inserting malicious code in the Magento core file, allowing them access to pages where payment data is processed. POST requests to the server containing sensitive data are then intercepted and redirected to the attacker. Furthermore, the compromised sites will then return a fake adobe flash file which will install malicious malware on the victim’s computer.

If you think your site has been hacked or would like assistance with your site, please contact us!  We are happy to help you secure your site. You can read more detail about these attacks in this Flashpoint Blog.

Authorize.net Eliminates $49 Setup Fee!

 

 

Say Goodbye to the $49 Setup Fee

Effective April 19, 2018 Authorize.net will be removing the $49 fee for all newly created Authorize.net Payment Gateway Accounts!  If you’re thinking of switching or need a payment processor, Authorize.net just made their deal a whole lot sweeter.  You can obtain this special pricing by using this link

We can help you with your set up or answer any questions that you might have.  Contact us today for any assistance that you might need!

We also offer modules to assist you in implementing this payment processor for your shopping cart:

Magento Authorize.net CIM Module

X-Cart Authorize.net DPM Module

We cannot stress the importance of PCI Compliance & your shopping cart enough and this is a wonderful opportunity for you to take the steps to make sure your site is as secure as possible. We’ve been helping clients secure their sites and maintain PCI compliance since 2002 and can make this transition smooth for you.  Contact us today!

New Versions of Magento Commerce & Open Source!

 

Important Magento Support Information

Magento has released new versions of Commerce and Open Source to increase product security and functionality:

– Open Source and Commerce 2.2.3
– Open Source and Commerce 2.1.12
– Open Source and Commerce 2.0.18
– Open Source 1.9.3.8
– Commerce 1.14.3.8
– SUPEE-10570 to patch earlier 1.x versions

These releases contain almost 50 security changes that help close cross-site request forgery (CSRF), unauthorized data leak, and authenticated Admin user remote code execution vulnerabilities. These releases also support API changes implemented recently by USPS. Additionally, Commerce and Open Source 2.2.3 introduce finer permissions for common cache management tasks. This enhancement enables qualified administrators to assign permissions for discrete cache management tasks such as flushing cache storage and refreshing cache types.

We strongly recommend that all merchants upgrade as soon as is reasonably possible.  Please contact us to help you with your upgrade today or with any eCommerce support questions that you may have.

More information about the security changes is available on:

2.x Security Updates <http://email2.magento.com/XsX0v1G0q000DsMTC02eGJ0>

1.x and SUPEE-10570 Security Updates <http://email2.magento.com/R00XMTeGCs0020v0GKDs2q0>

Full details are
available in the Open Source release notes:

Open Source 2.2.3 <http://email2.magento.com/P000q0sGXG0vLM0s0T3DeC2>
Open Source 2.1.12 <http://email2.magento.com/m000q420M0CseXvTGsM0GD0>
Open Source 2.0.18 <http://email2.magento.com/gN0TMqX0C20eGD0sG0005sv>
Open
Source 1.9.3.8 <http://email2.magento.com/JG2XGC0OeD0q6sT0sv000M0>

Full details are available in the Commerce release notes:

Commerce 2.2.3 <http://email2.magento.com/DGPM0070DGT00s0eXq2v0sC>
Commerce 2.1.12 <http://email2.magento.com/wGTDqMsGX0000ve800C2Q0s>
Commerce 2.0.18 <http://email2.magento.com/i9sG0qGevRX00s000TC2D0M>
Commerce 1.14.3.8 <http://email2.magento.com/tsDv2C0sGT0Xa00qGM000eS>

The staff at BCSE has a diverse skill set to make your technology visions a reality. We have experience in several eCommerce platforms and we also provide extensive hosting and customization options. Whatever you choose to do with your website, we can make it happen. Contact us for a free quote or for more information on how we can help you with all of your eCommerce Needs!

Phasing Out of Amazon Webstore Platform

According to this article from Internet Retailer, Amazon has begun notifying customers of the phasing out of Amazon Webstore by 2016. From the launch announcement of Amazon Webstore, it is “a full-featured e-commerce product that enables small- to medium-sized retailers and manufacturers to quickly design, build and manage their multichannel e-commerce businesses using Amazon’s technology.” This follows the somewhat recent notification from Magento regarding the discontinuation of the MagentoGo platform.

Along these lines, if you are currently utilizing the Amazon Webstore as an e-commerce platform or if you had been planning to utilize the platform in the near future, there are other alternatives available. We support conversions to X-Cart, BigCommerce, and Magento. Contact us for a free quote on your e-commerce conversion needs!

Magento Go End-of-Life Reminder

As a reminder, in less than three weeks (February 1st), Magento Go and ProStores are shutting down. At this time:

  • All merchants’ stores on these platforms will be closed
  • Merchants will lose access to store and customer data
  • Merchants will lose access to store content and images
  • Customer support for both of these platforms will be shut down

One of the options suggested by Magento as an alternative, Bigcommerce, is offering discounted services to clients moving from Magento Go and ProStores, including:

  • Free migration
  • First month free
  • Advanced eBay integration through ChannelUnity with no monthly fee and just 1% commission

Click the following link to get started: http://bcse.bigcommerce.com