• Posted by Melanie
• 27 April 2012
• E-Commerce Design

Usability testing is the most effective means to increase sales, shopper interaction and popularity for your ecommerce shop. Hands down, there is no more effective means to get MORE from the traffic you have.

So if usability testing is SO effective, why don't more people do it?

Many shop owners don't know about it, most assume it is incredibly expensive and frankly most are just to narrow minded to delve in to what "may be wrong" with their websites.

These reasons are none valid. Usability testing is no different than product testing, surveys, soliciting feedback and other techniques used by successful businesses worldwide. So what if you can do basic usability testing for free?

You CAN do usability testing! There are a ton of different means to do simple, effective and free usability testing for your website. I am going to touch on just a few specifically suited for ecommerce. These simple, easy to execute and effective usability testing plans will help you identify problems shoppers encounter on your website. If you just said to yourself "there are no problems on my website", then I challenge you to do these 2 usability plans... You are most certainly wrong. Every website has problems, no doubt.

Solicit Feedback

This one is the absolute simplest technique to eliminate the problems shoppers encounter on your website. Soliciting feedback from shoppers is both easy, cheap or even free and very eye opening. Some people will not participate, some will and some will not be very nice. Toughen up, listen to each comment, test and take action.

The trick to soliciting feedback is to listen and not be a PIA to your shoppers.

• Feedback Software: Soliciting feedback from shoppers via software has become very popular. Basically, you get software (most paid services) to ask your customers to "rate their experience" on your website. Software like Shopper Approved (my personal favorite) works with your Zen Cart (or other software) to pop up and ask shoppers to rate their experience. The best part of Shopper Approved is that they followup with the shopper post-transaction email to get a more comprehensive rating which includes delivery time etc. The downfall is that this software ONLY solicits feedback from shoppers who completed a transaction. This leaves an absolute plethora of those who didn't! They couldn't find what they wanted, had checkout issues etc.
• Abandoned Carts: One of the standard package modules we install on new Zen carts is "Recover Cart Sales". This free Zen Cart module will let you send an email to shoppers who abandoned checkout. The standard "vanilla" email is pretty good, but we highly recommend adding a coupon to the email. This helps you convert the sale (which is the point) and track results better as well. Problem here is that shoppers who couldn't find what they sought or had  issues before checkout are not captured.
• Followup Calls: This is one of my personal favorites. Every week pick a few shoppers from your orders, call them and chat about their experience. Ask them for feedback, let them know you appreciate their help and give them a coupon or gift certificate for their time. Once again, this only captures successful checkouts.
• Social Media: is a HUGE opportunity for free and effective usability testing. I especially like to solicit the help of Facebook fans when developing a new shopping cart to replace an old one. The act of creating "buzz" about your new design coupled with the feedback you can receive is positively priceless!

Surveys

Creating a survey for people to evaluate your website is really much easier than you think. When you create a short survey you have a very controlled, yet flexible measurement tool that can be deployed in so many ways. You can send a survey to your newsletter subscribers, friends, Facebook fans and your offer a link to your website visitors. There are some very logical and basic tricks to creating an effective usability survey that you should observe.

• It should be SHORT.
• You should design a task such as "buy this widget" on my website.
• Questions should be simple stupid.
• Offer and opportunity for the survey taker to summarize their experience in their own words.
• Specifically solicit information about areas you feel are "potentially a problem".
• Thank them! Offering a coupon or such is cool, but make very certain you thank the participant.
• Measure your results and ACT!

Examples

• Did you easily locate the product?
• Did you feel like the information was adequate?
• Was checkout easy?
• Did you have trust or security concerns?
• What can we do to improve the experience?

Accomplishing this is far simpler than you may think. Certainly their are paid software platforms out there that offer the creation of these types of surveys, but my personal favorite is WordPress with Formidable. You should consider upgrading to the Pro edition ($37), as it has a bunch of features which will make this more effective. Aggregating your results is nice with graphs, tables etc.

I will tell you that NONE of this will be effective, much less matter if you are too narrow minded to consider that people have problems using your website. This, like anything else you do for your website is only effective if you can measure the results. That means you need to exercise some restraint in implementing "fixes". If you fix 10 things at once, how will you measure the effectiveness?

Lastly, before I leave you onto your new mission, let me just say that there is NO beating a good old fashioned looking over someones shoulder while they use your website. It's actually quite easy to get volunteers for this as well! I ask my kids, friends etc. again, while the "sample" is obviously smaller here, you have the ability to watch, ask questions and get real time feedback on possible solutions.

• Posted by Melanie
• 09 November 2011
• E-Commerce Design

Securing Zen Cart

Securing your Zen Cart is not a very challenging task, but not doing so can be a very expensive venture. In this age where hackers are the best programmers on the planet and credit card company fine up to $10K, there is no excuse not to hold your site's security at a high priority. Ignorance is not an excuse either... Visa, MasterCard Amex etc will still fine you even if "you didn't know". It's your website and thus your responsibility to know. My intention today is to give you a list of easy to intermediate things to do to secure your Zen Cart.

Keep in mind that different hosting configurations have different strengths and weaknesses. It is always a good idea to ask your hosting support for help and advice. If you have any comments, questions and even suggestions to add we would love to hear from you.

Installation

After installing your Zen Cart there are several things which need done to improve it's performance and security.

• Remove the following installation and tool folders. Here is a list of free FTP programs.

/your_catalog/docs
/your_catalog/extras
/your_catalog/zc_install
/your_catalog/install.txt (this file can be removed, too)

• You will need to rename your admin directory if you haven't already. Here is a tutorial from Zen Cart.
• Now you will need to lower the permissions on your configure files. These should be as low as you can go. Start at CHMOD 400 and go up from there and no higher than 644. You will likely need to login to your hosting control panel file manager to do so.

/your_catalog/your_admin/includes/configure.php
/your_catalog/includes/configure.php

• If you do not sell downloadable products in your cart then in your admin navigate to Configuration >> Attribute Settings and set Enable Downloads to false. Then remove the following folders from your installation.

/your_catalog/download
/your_catalog/media
/your_catalog/pub

• In /your_catalog/ for Apache users (this is most all of you) edit the .htaccess. If you haven't one create and upload a text file named .htaccess. When using both FTP or file manager you will need to have "show hidden files" enabled for this. Add the following lines and save. I have specifically kept this rather basic, if your site crashed when you save it... remove the .htaccess and send it to your webhost to format better for your server config.

Options +FollowSymLinks All -Indexes
RewriteEngine On
RewriteBase /
ServerSignature Off
<Files .htaccess>
order allow,deny
deny from all
</Files>

Operation & Performance

• Go to Admin > Configuration > Email Options > Allow Guest To Tell A Friend and set the option to false. This will prevent non-logged-in customers from using your server to send unwanted email messages.
• Go to Admin > Configuration > Email Options > Emails must send from known domain? = True
• Go to Admin > Configuration > Email Options > Audience-Select Count Display = False (for performance)
• Go to Admin > Configuration > GZip Compression = True (performance)
• Go to Admin > Configuration > Sessions > Verify that the Session Directory is correct
• Go to Admin > Configuration > Sessions > Force Cookie Use = True (this is optional and does not perform correctly on all servers)
• Go to Admin > Configuration > Sessions > Recreate Session = True If your webhost tells you otherwise, then find proper hosting. This WILL allow session hijacking if set to false.
• Go to Admin > Configuration > My Store > Server Uptime = False, security PCI fail
• In your images folder and cache folder an .htacess should already exist, but if not get one from a fresh Zen Cart installation copy.
• Folders should be CHMOD 755 and files (except your configure files) should be 644.
• Remove the print URL feature from your browser (Zen Cart tutorial)
• Limit admin access to only the required people. Create each their OWN admin account in Tools > Admin settings. Then install the admin logging report module so you can see what people are accessing and catch access issues when needed.
• Do not leave your admin open and walk away. Avoid having your admin open with other webpages in the same browser.
• DO NOT access your admin on an open or unsecured public network and NEVER access your admin with a mobile device.
• Enable log archiving in cPanel or other hosting control panel.
• Make certain (check with your webhost) that FrontPage Extensions are not installed.
• Make certain your webhost is running a proper server firewall application.
• If you have SSH access and you use it, its password should be exceptionally strong, 16 random characters or more. If you have SSH access and you don't use it, disable SSH so nobody can use it. There is sometimes an SSH control switch in cPanel. For reseller accounts and dedicated servers, there is a switch in WHM.
• Turn off the following in your PHP config (will likely need your webhost to do this). register_globals, expose_php and safe_mode.

Maintenance & Procedure

• Change all passwords every 90 days. Use strong passwords with numbers, letters, mixed case and symbols. Here is a great generator for passwords. Your are required by PCI/DSS standards to do this, have the procedure documented in your companies procedures and log the changes as they happen.
• Do not store credit card information anywhere.
• Get a PCI scanner to scan your website and office network every 3 months minimum. We use Trust Guard, but any approved scanner is fine.
• Make frequent backups of your shop and database. Your hosting company can setup a daily backup for you. We run daily backups and keep the most recent daily, weekly and monthly backups on hand for restore.
• DO NOT store your passwords in any digital format. email, Word Docs, etc... Pen and paper only if you must write them down.
• Scan your computer regularly and keep your virus definitions up to date at all times.
• Keep ALL software on your computers up to date (especially Adobe products). This includes browser plugins.
• Check /your_catalog/cache/ frequently for debug files which would indicate an error or issue.
• Create specific admin, FTP and other access for each vendor allowing them only the required access and remove access when completed.
• Keep all web software (Zen Cart, WordPress etc) patched and up to date.
• Always use SFTP or FTPS to access your files.
• Do not rename files to .bak, .old, nor any other invalid file extension. Use .txt for example.
• Protect new directories. Every single directory should be protected from directory browsing. This is most easily accomplished by using a blank index.html in each.
• Keep a complete list of your site files in a "known good" backup on a disk other than your webhost, such as your own computer.

Remember ignorance will not save you from fines, loss of merchant processing and being sued. You must take action and secure your website, it is simply not optional.