Supee-6788 – A Critical Security Patch Magento Update to Install Immediately

The next big release of Magento “Supee-6788” has just come to the attention of Magento community. Supee-6788 is Magento’s next most powerful security patch as it is a bundle of patches & helps in resolving several security-related issues. It may possibly require many extensions/customizations changes and as a result will affect your Magento store. Thus, it seems to be different one from other Magento security patches released before and will surely make some waves in the Magento community.

So, you should first make sure that you have installed all previous security patches before proceeding with Supee-6788 installation, which further ensures about its proper installation. The followings are some security related issues addressed by Supee-6788:

  • Error Reporting in Setup Exposes Configuration – APPSEC-1102
  • Filter Directives Can Allow Access to Protected Data – APPSEC-1057
  • XXE/XEE attack on Zend XML functionality using multi-byte payloads
  • Potential SQL Injection in Magento Core Model Based Classes – APPSEC-1063
  • Potential remote code execution using Cron – APPSEC-1037
  • Remote Code Execution/Information Leak Using File Custom Option – APPSEC-1079
  • Cross site scripting with error messages – APPSEC-1039
  • Potential remote code execution using error reports and downloadable products – APPSEC-1032
  • Admin Path Disclosure – APPSEC-1034
  • Insufficient Protection of Password Reset Process – APPSEC-1027
  • Dev Folder Not Protected – APPSEC-1124
  • Cross-site Scripting/Cache Poisoning – APPSEC-1030

Therefore, if you really don’t want that your customers see any above mentioned issues at your store or find your store to break on the front-end or exposing their any protected information, just remember to update your Magento store by installing Supee-6788 immediately.

Credits: http://magento.com/security/patches/supee-6788

Magento 2 Admin Links Not Working on localhost – Easy Solution

In our earlier blog post, we explained Magento 2.0 installation in a practical step by step process to successfully install & practice the latest master version of Magento 2. Today, we would like to focus on a critical issue occurring after Magento 2.0installation on localhost. The issue is critical as it disables all the admin links of your Magento 2.0 backend. Let’s dive in& check how this issue impacts your admin panel and what you can do to resolve it.

  • Once,after installing Magento 2.0, you will face a critical issue that disables all your admin links.
  • The js and css will also not load in your local

Here is the Solution:

Open the file “app/etc/di.xml” and locate the coding section from580 to 586 or xml snippet shown below:

<arguments>

<argument name="strategiesList" xsi:type="array">

<item name="view_preprocessed" xsi:type="object">Magento\Framework\App\View\Asset\MaterializationStrategy\Symlink</item>
<item name="default" xsi:type="object">Magento\Framework\App\View\Asset\MaterializationStrategy\Copy</item>

</argument>

</arguments>

Replace the “Symlink” in the above with “Copy”. The following XML snippet is the correct form that you will get after performing such modifications in the above lines:

<arguments>

<argument name="strategiesList" xsi:type="array">

<item name="view_preprocessed" xsi:type="object">Magento\Framework\App\View\Asset\MaterializationStrategy\Copy</item>

<item name="default" xsi:type="object">Magento\Framework\App\View\Asset\MaterializationStrategy\Copy</item>

</argument>

Nothing is faultless. Since Magento 2 is still shaping up so when you do a download of master build from github remember, it is still being worked upon these issues. This issues is the most common & critical issue encountering by a number of Magento developers. Before proceeding to make above mentioned changes in the core code, it will be wise to first ensure that you are comfortable with the Magento coding environment. Although, it is an open-source platform, but you must be cautious while making such modifications in the code.

Scary Halloween Treat – FREE Bootstrap Mobile App Landing Page

Envision Ecommerce is in the Halloween spirit – As you can notice our website’s store is completely “zombied” up – and ready to give out you a scary Halloween treat of 20% discount across the entire store.

This Halloween, we would also like to offer you Bootstrap mobile app landing page at free of costs. The landing page can be easily used to showcase your mobile app’s best recognizable features, descriptions, app download option, screenshots, contact form, social media icons & every other thing serve your clients better. It is an awesome platform to promote your app and keep customers informed in very creative and unexpected ways. The bootstrap based landing page comes along with some great features & benefits:

  • Compatibility with every screen size (whether a tablet, desktop or mobile device)
  • Compressed CSS Based Theme
  • In-Tune with the Latest Version of HTML5
  • Different Color Scheme Choices
  • Special Offer – Free of Cost
  • And Much More

If you want to save a big, browse our store and pick up some spooky savings for you, before they disappear into the dark night of this scary Halloween!

Spooktacular 20% OFF Treat Across the Store This Halloween

Hello everyone! As we all know, Halloween (the spookiest day of the year) is just around the corner & we are immersing into the festivity of this occasion with discounts on our each product & service, only to make this occasion unforgettable for you. So on this Halloween, we decide to give you a big surprise by offering Spooktacular 20% discount across the store.  From Magento extensions to spooky WooCommerce plugins and effective eCommerce solutions – you can now save a big hand of your hard earned money with our Halloween sale deal by using BOO20% promo code.

This spooktacular treat is scary-good until November 1, 2015. We believe that our customers are our major support system and this treat is just a way to point up – how valuable you are to us. Through our discount offer, we want to offer you just another reason to smile on this Halloween.

Moreover, our Halloween discount deal is also a money saving bonus for those who are seeking efficient eCommerce services & products. So, it is not wise to wait too long, just head over to Envision Ecommerce store to pick up best Magento extensions, WooCommerce plugins and other eCommerce services for your eCommerce store at an absolute 20% off treat.

Happy Halloween!

New Magento Updates (SUPEE-6788 & Malware Issue) May Affect Some Extensions

Magento is looking to prove once again its power & value after announcing in advance about its two upcoming security updates. These updates include the information about a malware issue impacting some Magento websites & a pre-announcement of the release of a security patch, i.e., SUPEE-6788.

Magento is actively examining the Magento websites who appear to be targeted by Guruincsite malware (as discussed in our previous blog) and has not found any new attacking vector for now. Almost all impacted websites have been found vulnerable to an earlier discovered issue, i.e., “Code execution issue” And, the sites, that are not vulnerable to this code execution issue, point up other unpatched issues. The admin accounts, which are using weak passwords, phishing, or other unpatched vulnerability that grants for admin access, need to be conscious about this malware by checking for all created user & demo account. A new security patch (SUPEE-6788) is also going to be released by Magento very soon. This release can further affect some Magento extensions and customizations.

Patches are accessible for Magento Enterprise Edition 1.7 and afterward releases and Magento Community Edition 1.4 and afterward releases. The online merchants can also upgrade to Magento Enterprise Edition 1.14.2.2 or Community Edition 1.9.2.2. We will update you as we get more information about this new patch, how to download it and all other, once after the release of new security patch from Magento.

How to Get Your Magento Store Ready For Holiday Season?

With the time crossing by, the holiday season is very near. The upcoming months are coming along with some popular festivals like Halloween, Veterans Day, ThanksGiving (Black Friday) day, Christmas, and New Year.  This is the season for Shopping and sales. With the growth of eCommerce, it is the season of Ecommerce. So, it is the time to start an eCommerce website for your physical store and keep it buzzing with festive images, special offers, graphics and all. A fully functional eCommerce store can be a revenue booster during this holiday season.

But, today’s eCommerce marketplace is engaged with sophisticated online shoppers, and why wouldn’t it be? Some of the biggest online retailers like Amazon & Zappos have made this possible. These retailers serve their customers in the best ways to make them sophisticated & also habitual of online buying. They invest millions in using some tools and techniques with the help of which they observe user’s online behavior & invest more than that millions to create cutting-edge solutions as per customers’ desires. Luckily, these tools & techniques are also accessible to any small business at an affordable solution, i.e., The Enterprise Edition Magento.

Magento is a flexible & affordable solution that can meet almost any fast growing or large business’s needs. It is an open source accessible with some advanced tools, functions & a wide range of extensions. However, even though there is an availability of thousands of Magento extensions, it is still essential to start planning with some basic things to acquire a successful Magento eCommerce site in this festival season. These basics cover the followings:

1. KNOW & UNDERSTAND YOUR AUDIENCE

Tage Audience

Start by knowing & understanding your target audience. Whether it is color-texture of your eCommerce brand, navigation structure or design of your entire website, all will be going to affect your audience. Know your audience and understand as narrowly as you can in terms of gender, age, location, authority level, area of expertise, popular festive by region and business or technical professional.

2. CORRAL ALL OF YOUR CONTENT

Although every eCommerce based website’s main aim is to sell products, but the CONTENT IS KING that originally drives sales. The appearance of your website, layouts, images, design, and videos are not only sufficient to attract visitors and turn them into your customers. So, WHAT IS IMPORTANT? The implementation of creative thoughts & content along with every aspect of your eCommerce site can keep your customers with you long enough till buying. Consider the following important things to increase your website’s growth:

a) Good Design & Fast Loading Website Matters

Website-Speed-optimization

A faster loading website with quick content downloadable at this upcoming festive season – is the foundation of a successful eCommerce website. A good loading speed also helps in reducing the bounce rate of a website. All of your visitors should able to understand quickly about what you sell by your content’s main headlines. Also make sure to make your site attractive with upcoming festivals related graphics, images and designs.

b) Some Best Color Matters

Festive-Colors

As per some research studies, it has been found that green, purple, and blue are some best colors that encourage SITE GROWTH. On the other hand, red color is found as one of the proven causes that results in a visits drop. It doesn’t mean that you should avoid red color for your website, but avoid it to use as a primary color. The worthy usage of red color is its presence on something attentive, e.g. discount offers at festivals, to catch your visitor’s eye.

c) Content Layout Matters

content-layout

The way you layout your website’s content affects your visitor engagement. Most of the visitors start scanning of online content from the top section of your web page first, like headers, sub headers, images & then videos. If you have organized your web page horizontally, you should keep the visitor’s travel, in your mind, i.e., backwards “Z” motion. However, if the page is composed vertically, the visitor’s travel will start from left-hand side and then turn into the main content section of your web page. Thus, ensure that you are composing your web pages according to the type of content central to your eCommerce business and also content equipped with snappy headers, interesting videos, festival related themes, discount offers and attentive festive images to engage your visitors.

d) Responsiveness Matters

Viewing-platforms

In this era of mobile, visitors increasingly prefer mobile devices to surf the web over desktop and other devices. Thus, the responsiveness of a website becomes a necessity. The responsiveness does not simply mean to shrinking web pages to get adapt according to the screen size of different devices. It is something more than such adaptation. For example, a site presents a vertical organization of home page content to a Smartphone user along with cut down menu solution. A responsive eCommerce site presents itself in the best way on a variety of devices without requiring the visitor to resize the site.

e) Compelling Festive Images Matter

Festive-images

The usage of compelling, content featuring & festive images increase the credibility of an eCommerce website in the visitors’ eyes and make a big impact on user engagement. Therefore, while using images on your Magento based website, keep the following things in mind:

  • Ability to Zoom-in sufficiently to display proper details of your products.
  • Professional in quality and relevant as per your site’s content.
  • Use images related to upcoming festivals & events
  • Content Featured
  • Fast Downloadable
  • Compressed in the Right File Format.
  • Use Images Consistent in Style.

f) Impressive Videos Also Matter

using Videos in Websites

Similar to compelling images, impressive videos also play an important role to increase customer engagement and conversion. Moreover, the videos that are customized as per the upcoming festivals & events, work more impressively and effectively for your store.

Explainer videos about your products compel visitors to make a purchase at your Magento site.

Videos available on the landing page of your Magento site are more effective in encouraging average page conversions by 86%.

g) Gift Wrapping Options Matter

gift_wrap_front

Almost all customers love to shop gifts for their family or relatives during festival season. They don’t want to buy a separate wrapping paper & all to pack gifts themselves. Free gift wrapping options come absolutely handy on festival days & saves customers’ time and money.

3. Turn Your Customers into Your Best Sale People

You can turn your customers into a sales force by linking your social media accounts on each page of your Magento site. And also customers believe in other customers rather than online merchants. Thus, it is recommended you to get available on social media and blogs to build trust among customers and earn some social proof. Also allow visitors to login into your Magento site with your social media logins to start the checkout process that further results in lowering abandoned cart issues. Be an open book to your customers by doing a SUCCESSFUL BLOGGING. Here are some tips to keep in mind to become a successful blogger:

  • Add a blog page to your Magento website
  • Always write a blog in a conversational tone
  • Don’t post just to push a sale
  • Posts should be chatty and interesting
  • Update blog on Festival Seasons
  • Announce your new products and important information via blogs
  • Write on topics mainly related to your customers’ interest.
  • Provide a comment section for visitors and respond promptly as soon as you get a comment
  • Keep updating your blog; else you will damage your Magento site’s credibility.

4. Tailored Magento Website for a Perfect Fit

Modify your Magento based website according to your customers’ need to turn into a perfect fit for your customers. Customize the following important factors of your Magento based eCommerce website:

a) Layout: Customize your layouts according to what will most optimistically impact your Magento site’s conversion rates. For example, Halloween getup of your eCommerce store during Halloween festival.

 b) Advanced Search Option: Help your customers in easily finding your products by using the advanced search option instead of using simple search function. Advanced search option helps customers in narrowing down the search results to an extent that would not overwhelm them.

 c) Simplified Checkout Process: One step checkout process is not only fast, but also reduces the rate of abandoned shopping cart.

 d) Provide Multiple Shipping Options: Customize your shipping options, and provide your customers with as many of the shipping options in order to keep the changes long enough with the business changes requirements.

 e) Magento Extensions: Magento extensions are a great way to add additional functions or capabilities to your Magento based website. There are multiple companies who offer such extensions. Therefore, it is recommended you to find an eCommerce consultant or a certified Magento developer to make such extensions work for you perfectly.

 f) Choose the Right Host Mainly Focused on Magento: You can make your Magento site to run faster and more consistently, if you choose the right host mainly focused on Magento and you can get help whenever you need.

 g) PCI Compliance: PCI compliance is responsible for handling your customer’s credit card data with greater security during the whole transaction process. And also there is a need of host to support this compliance for activities like automatic update of security patches on your Magento website. So, it is recommended to you to have a conversation with your host about PCI compliance before choosing that host.

 h) Support & Helpdesk: Make sure to offer enough support hours-availability to your customers as compared to your competitors, especially during festivals.

 i) SEO: Search engine optimization is not hard to do by yourself, but it might be a lengthy & detail oriented process for you. Since your core business is eCommerce related and not SEO, it is wise for you to outsource this SEO process. A professional SEO expert is able to conduct the whole SEO process like:

  • Site Map
  • TXT
  • Feeds
  • Meta Data
  • URL Management
  • SEO Audit
  • Pre-Launch Testing
  • 301-Redirects
  • SSL certification
  • Site Monitoring
  • Post-Launch Testing, etc.

Starting a Magento website, especially in this wonderful upcoming festival season, does not only include the above planning, designing & building steps, but also require a systematic approach in order to get enough for the work you put into your Magento site. Skipping above steps while starting with Magento may result in losing customers and increasing only developers’ payments.

Envision Ecommerce can help you. We offer full fledge Magento store in 5 days of supports. We have certified Magento developers, so no issue with what you are envisioning; we have certainly built many times similar to it before.

Request A Quote Now

Magento Sites Targeted By Gurusincsite Infection

Guruincsite is a website that is listed as suspicious site that may harm your Magento site on visiting it. According to Google, Guruincsite has hosted malicious software that infected about 7824 domain(s) and these infected websites are currently blacklisted. The hackers are using “Guruincsite[.]com” to massively target Magento sites by injecting malicious scripts which create iframes from this site.

There are two adaptations of it. The first script is not confusing:

simple-guruincsite-site

But, the second script is unclear:

obfuscated-guruincsite-scriptImage Credits: https://blog.sucuri.net/

The script, which is unclear or confusing, injects the iframe – “hxxp://guruincsite[.]com/2.php”.

The malicious script is generally injected into the design/footer/absolute_footer entry of the core_config_data table. However, it is wise to scan the complete database for the code similar to “function LCWEHH(XHFER1){XHFER1=XHFER1” or the “Guruincsite” domain name.

Some vulnerability in Magento sites or one of the third-party Magento extensions – are the main causes that permitted “Guruincsite” to target such thousands of websites within just a short period of time. Furthermore, this vulnerability provides hackers with an ability to easily access your database and make a malicious admin user. Currently there is no statement from Magento on this but we will be updating as we proceed on this so keep an eye on the blog. We will be posting more blogs for resolutions as we see a reply coming from Magento on this topic.

Blog Credit: https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html

Envision Ecommerce’s New Launch – Easy Customer & Order Import in WooCommerce

Today, we are proud to announce about our new WooCommere plugin’s launch, a powerful and user friendly WooCommerce plugin named as Easy Customer & Order Import. We have just launched this plugin. As its name suggests, it allows a store admin to easily import customers, orders and also coupons from an eCommerce platform (other than WooCommerce) to WooCommerce via CSV. The plugin proves itself as a powerful importer in case of importing thousands of records. And this importing is possible within just a few clicks.

If your existing eCommerce store is suffering database failure, or you are migrating from your old eCommerce platform to WooCommerce, or you need to create backups for any future use, or you may just want to update your current WooCommerce store version, the Easy Customer & Order Import plugin is an ideal tool for you. It works best to import important data in all such situations without any loss. The store admin can use this plugin to maintain customer accounts as well as their order history. With its simple & forgiving importing format, it is now easy for you to migrate from one platform to WooCommerce.

With the Easy customers and order import WooCommerce plugin, a store admin can not only import bulk records with a minimum of hassle, but can also avoid any manual data entry of records. Overall, this WooCommerce plugin brings great value to every WooCommerce store and its owner, it touches.

If you are importing thousands of customers, orders & coupons, you can use this plugin at your WooCommerce store. Envision Ecommerce also supports customer and order exporting plugin for those who want to export such records instead of importing. To know more about our plugin (or other WooCommerce plugins) and its features, connect with us and know how it goes.

Installing Magento 2.0 on Xampp

Since the release of Magento 2 is on the cards, we at Envision Ecommerce have already started gearing for it. We will be sharing a series of blogs with the basic and complex issues that our developers face so that anyone who is a Magento Enthusiast can be benefited from it. Starting with the same idea, here is our first blog.

If you are a developer and using local servers such as XAMPP, it could be quite annoying for you to install Magento 2 as this version need a lot of server configuration and a composer set up.

The “Composer” plays a significant role in the installation process. It makes it possible for the users to manage the Magento system, extensions and their dependencies. The project’s libraries can be declared with the help of “Composer” and also makes further project installation & updating easy.

And today we are going to share how you can install the latest version of Magento 2.0.

Before you begin with the installation, you need to check and have the followings in your system:

  • Version Compatibility: PHP 5.6 or 5.5  (PHP 5.4 is not supported)
  • Apache 2.2 or 2.4 and MySQL 5.6.x

Note: – While downloading Magento 2.0, always keep in mind that you have to select the master version not developer version from github.

magento-magento2-at-master-·-GitHub

Here are the simple and easy installation steps to proceed further:

  1. Download the Magento2 zip folder from Githhub. Keep in mind to select its master version. Here is a link to download – https://github.com/magento/magento2/tree/master
  2. Place this Magento2 folder in the root folder.
  3. Now, install composer, if it is not installed yet. You can download composer from here –https://getcomposer.org/download/ 

Now, if you don’t know how to check the composer is already installed on your system or not, here are the simple steps to check:

  1. In your system command prompt, enter any of the following commands to check if the Composer is installed or not:
  • composer –help
  • composer list –help
  1. If the command prompt displays message “Composer is already installed”, then there is no need to install.
  2. After your Composer installed, in your command prompt type this “composer install “. After this command, your screen will display commands like this:
- Installing zendframework/zend-modulemanager (2.4.0)
Downloading: 100%

- Installing zendframework/zend-form (2.4.0)
Downloading: 100%

- Installing zendframework/zend-mvc (2.4.0)
Downloading: 100%

- Installing zendframework/zend-math (2.4.0) so on...
  • If your command prompt display below mentioned error:
Could not fetch - https://api.github.com/repos/sebastianbergmann/php-file-iterato
/zipball/acd690379117b042d1c8af1fafd61bde001bf6bb, please create a GitHub OAuth
token to go over the API rate limit.

Go to your git-hub account or create new or/and generate a token id.

For example: -54261f8fb8d87ce93fe668a02aed7as0fbwefs2d

5. And also check whether json file exists in – “c:\Users\your coputername\Appdata\Roaming\composer\auth.json”

If not, then create an auth.json file and put your token id that is generated by you from Github in this format {“tokens”:”54261f8fb8d87ce93fe668a02aed7as0fbwefs2d”}.

And finally, the installation screen starts 🙂

Click on “Agree and Setup Magento”.

Magento-SetupStep 1. Click on Start Readiness Check

Magento-Installation-Step1

PHP Version Check

Your PHP version is correct (5.6.12).

PHP Settings Check

Your PHP settings are correct.

PHP Extensions Check

You meet 12 out of 12 PHP extensions requirements.

Step 2: Add Database Details

Magento-Setup-Tool2

Step 3: Web Configuration

Magento-Setup-Tool3

Step 4: Customize Your Store

Magento-Setup-Tool4

Step 5: Create Admin Account

Magento-Setup-Tool5

Step 6: Install

Magento-Setup-Tool6

Magento-Setup-Tool7Starting with Magento 2 is a vast topic to explore more and more. Hope this blog serves best for you regarding Magento 2 installation on Xampp. Keep in touch to get updated about the latest (from basic to complex) Magento things.

Magento Cron Job Setup to Keep Magento Up-to-Date

Cron job or scheduled task set up is essential to keep Magento updated. It is also useful in running periodic maintenance tasks and sending emails from the Magento, especially Magento 1.9. Here are some other reasons that make it necessary to set up a cron job. These include:

  • Cleaning, adding and updating Catalog Price Rules
  • Generating Sitemaps Automatically
  • Sending Customer Alert Notifications
  • Mailing & Sending Newsletters
  • Downloading & Updating Currency Exchange Rates
  • Cleaning of Log Tables
  • Automated Log & Much More…

To configure Cron for your Magento store, here are simple steps to start:

Step 1. Go to cpanel and Login.

Step 2. Find out Cron section and click on it.

Step 3. It will display a list of current cron jobs and a new form “Add New Cron Job” to add a new one. Fill this form and enter the command like below with the path of the cron file in the file manager:

add-new-cron-job-cpanel

Also, you can set the cron as you want like scheduling it for minutes, hours, days, months and weekday

Step 4. However, if you don’t know the path of your cron file, you can configure it with the following command and scheduling it as you need:

add-new-cron-job-cpanel-magento

If you have applied all such steps and still facing any difficulty in setting up this cron job, you can contact us anytime. We are ready to help you in keeping your Magento up-to-date.