E-Commerce for All

Security

First and foremost make sure your Zen Cart is fully patched! No exceptions. Your Zen Cart you just downloaded and installed still needs these.

Now, do these items on Zen Cart’s recommended security list. On this list please ignore the following. If you choose to do these things, your robots.txt cannot be accessed and the php command will not work properly for you in most server environments.

#.htaccess to prevent unauthorized directory browsing or access to .php
files
IndexIgnore */*
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
#add the following to protect against people discovering what version your
spiders.txt file is
<Files *.txt>
Order Deny,Allow
Deny from all
</Files>

Now, lets add some cool stuff to help you stay safe.

Tip #1: Use strong passwords for everything! Change them every 30 days.

Tip #2: When renaming your admin DO NOT use any admin or business related
term. Try banana for example, something like manage, control or anything XXadmin is a dead guess for most hackers to discover your admin directory.

Tip #3: Make sure all admins have their OWN accounts and install this module to track their access more conveniently.

Tip #4: Protect your admin directory with an additional auth when possible. Perhaps you can password protect the directory or allow access by IP address for example.

# password-protect the directory
AuthType basic
AuthName "This directory is protected"
AuthUserFile /home/path/.htpasswd
AuthGroupFile /dev/null
Require valid-user

# deny all except
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 192.168.1.1
allow from .*domain\.com.*
</Limit>

Tip #5: Protect ALL directories from browsing with an index.html file. This file can be blank, it just prevents the directory from displaying in an index to browse. If a folder has an index.anything… It’s protected.

Tip #6: Protect your images directories (all) with the following .htaccess to prevent browsing, executing php files and more. These directories will also need an index file. When done, login to your hosting control panel and change the permissions on both the index.html and .htaccess files to 444 to prevent modification.

#PRO-Webs ver 1.8 1/2010
#Prevent directory viewing and the ability of any scripts to run.
#While a bit overkill this file prevents a wide array of access and executions
#of known exploits in your Zen Cart
#This file and a index.html should have the chmod 444
#This low setting allowance differs from server to server and should be set as
#low as possible and no higher that 644
#Permissions this low will likely need set in filemanager
#Place this in all images directories except BMZ_Cache
Options -ExecCGI -Indexes
IndexIgnore *
RewriteEngine on
RewriteCond %{HTTP_USER_AGENT} libwww [NC,OR]
RewriteCond %{QUERY_STRING} ^(.*)=http [NC]
RewriteRule ^(.*)$ - [F,L]
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>
chmod .htaccess files 444

Tip #7: If you have an SSL force all of your admin pages to load in only secured urls with the following htaccess code.

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} /admin_dir/
RewriteRule ^(.*)$ https://domain.com/admin_dir/$1 [R,L]

Tip #8: Make sure your cache folder has the correct index.php and .htaccess. Download a fresh version of Zen Cart and upload them to be sure. Now CHMOD, change the permissions of these to 444.

I may be adding to this, as we are always testing… so stay tuned.

admin E-Commerce Marketing, Store Development

Ecommerce Marketing

Internet use is still growing year after year, and as more and more people have Internet access, more and more small businesses are recognizing the importance of integrating some form of ecommerce / online catalog as part of their business marketing portfolio. The Internet never goes offline, and websites are accessible every hour of the day – there are no opening and closing times on the Internet serving a worldwide market.

For the average person, the ability to be able to shop from the comfort home is a very welcome idea, and is becoming a very popular method of purchasing goods… Even for mobile users! Those customers who still prefer the tangibility of a brick and mortar store, the Internet still provides a way of researching the products they are interested in, to compare different prices, gain product knowledge and prepare to make an educated decisions without salesman pressure.

Another advantage of the Internet is its worldwide reach. Small business retailers no longer have to have brick & mortar stores in many different geographical locations to become a national brand – by selling on the web, they can get their product seen by a much larger audience.

However, it is not as simple as setting up online and customers automatically come flocking to your shop; a lot of hard work needs to go into developing, promoting and securing your online store, thus tackling many of the same related start up and maintenance issues with a brick and mortar store. The biggest difference is cost, while you may end up paying a couple of thousand dollars to properly develop your shopping cart… you will still be saving on start up fees, rent and other traditional business overhead costs These savings can then be passed on to the shoppers, making your business more competitive in its niche.

Undoubtedly then, a small business with a Internet promotable product would be foolish to overlook the power of the ecommerce. Businesses should plan and look to incorporate some form of ecommerce into their current business marketing portfolio. Be aware, however, as major differences exist between selling online and selling in real life, and you will need to build up a high level of trust with Internet customers… In perhaps ways you are not yet accustomed to.

admin So you want to be a Shop Owner Series, Store Development

Ugh!

I guess one of the most disappointing things we deal with in our business is the “ugly” or “darkside” of how others deliver web services. There is not a single day that goes by where some website owner doesn’t contact us with issues related to the development, design or even ownership of their site. Everything from broken promises and deceit to outright performance issues send these customers hunting for a “new webmaster”.

We have dealt with some very disheartening issues for our clients. They call and need to move their site to proper hosting and can’t because they don’t have access, they find they do not own their domain registration, they have been locked out of and charged for GPL/free built in software functionality or their webmaster flew the coop.

While these issues do pain me, I have decided that all we can do is provide quality, honesty and transparency in our own business. So to that end, I am providing prospective new website owners the following list of tips and precautions before choosing a designer/developer and beginning a website project.

1. NEVER, EVER let a designer register your domain in his/her name. If this is how they insist on doing business, then find a professional.
2. Make sure you have full access to your hosting services, including support. If they want to host you in their account, then insist that you obtain your own hosting. If they refuse to play ball… find another.
3. Know what you want and need. Develop a list of the functions, look and services you need. Provide this list to several prospective developers and make them explain how these options are best accomplished. Those that cannot …. get dumped.
4. Know your software. If you choose a software driven site, such as Zen Cart, read and learn about the software. Buy a manual and really know what you are getting, then find a developer with a great deal of experience with your chosen software. This really matters, you see a general web designer cannot handle developing a Zen Cart project for example. They will only hack, crack and break the software functionality with their inexperience…. Costing you upgrade, development and repair money in the future.
5. Be ready to work…. This is your website right? There really isn’t any money for nothing going on here… That is a bullshit lie propagated by people who would seek to take advantage of you long term. If it sounds to good to be true, it is.
6. Do not rely on a sole person or company for the maintenance of your website…. People go missing all the time. Make sure you have a backup person and you are able to provide them the needed access (hosting logins, FTP and admin information) to help you in a pinch.
7. Remember when you hire a professional, they are the professional. If this person tells you something is a really bad idea, you should likely listen…. are you a web developer?
8. Insist on a development time frame and frequent updates. Development schedules get busted up all the time, but you need a plan and to be kept abreast of the setbacks and new expected schedule forecasts.
9. Check your developer out. Contact owners of some of the websites in their portfolio… Better yet, send links to each of the prospective developers of each others sites and ask for their opinion =-). Google the developer or company name looking for the good, bad and ugly comments you may find. Really check them out, this is alot of money to simply throw away.
10. Ask alot of questions! Every single thing you want, need to know, or do not understand needs to be asked…. This is your website and you need to know.

It’s also a good thing to user a designer/webmaster that has more than email access for support and questions, what if you are not at your computer and your site is down?

Being successful on the web takes a great deal of dedication and learning, all you do is in a constant state of change in this business. You never stop learning, adding new content and building links…. This is the cost of Internet success, make sure you are ready to pay it up.

admin So you want to be a Shop Owner Series, Store Development

Ecommerce Security

Maintaining the security of your shopping cart is an ongoing issue, it was before, it is now and will remain so. If you’re a small business with a website trying to break into this fresh, but competitive market, shopping cart software integrated to your website would certainly be a great investment. However, several issues will need to be addressed in your planning and maintenance budget. The more significant will be the issue of maintaining your shopping cart security. This help to protect the privacy and financial information of you and that of your shopper’s.

Shopping Cart Security

Let’s begin with the basic concept of online shopping carts. Shopping carts are online software applications which facilitate visitors to make purchases by shopping on the Internet, which are generally paid electronically by some means. If you already have, or plan to have an online store, you will need a reliable and secure web host to host your shopping cart application. You also need shopping cart software that is easy enough to use and functional to your current and near future needs. Additionally, unless you house PHP programmers and web designers in house, you will need a company who develops shopping carts. Note that a developer is neither a programmer, nor a designer, but rather the person responsible for the project completion… Like a contractor, some things they will do and other things like custom programming and design they will have contracted parties complete for you.

A shopping cart at its most basic description is the added website functionality of a check out, which generates the total purchase, computes for the shipping costs, records the needed personal information and processes the payment to the chosen Gateway or online collection service you choose. The most commonly recognized security aspect of the shopping cart lies on the Secured Socket Layer certificate or SSL which encrypts the transmission of the personal information entered by customers up until the time the information reaches the payment gateway. The SSL is the responsible for making the pages address prefixed with “https”.  Meanwhile, the payment gateway or credit cart gateway is receives the information, validates and charges the purchase on the credit card with their own software. Upon validation, you cart is notified and the transaction is complete.

It is important that you let your customers know that you have done your part to make the website secure and hack free. Never underestimate your shoppers. If they feel that something is not right with a your shopping cart, they will most likely leave without purchasing.

To most effectively do business online, you will not only let your shoppers know that you are secure, but practice what you preach as well. Keep your shopping cart, server software and other applications like email up to date … always. Have your shop scanned quarterly for PCI/DSS compliance… If you accept credit cards, PCI compliance is not negotiable, but rather required.

Be clear and accurate about your shopping cart policies and guidelines. I know it might be tempting to use various legal and marketing tricks, but, you need to remember that your store’s visitors are not experts and presenting them with a policy or guideline that is high complicated and overly difficult to understand will reflect on your business’ reputation…. Many will leave for an easier purchase at the next click.

We can only stress the importance of security in these kinds of ecommerce applications. I have heard, same as anyone else, stories of identity thefts before and so have your customers. Most consumers will be looking for shopping carts that can protect them from possible theft of credit card and personal information.

One of the most crucial pieces of a secure network is to use the services of well respected and secure service providers and web hosts. That being said, you may choose wrong early on, be ready to move your website if you need to. While many web hosting companies will make moving your shopping cart seem daunting and impossible… Its not and you have to do what is right for your business.  Spend  some time checking on theses service providers and get to know them.

The bottom line is, you must maintain a secure shopping cart for your customers. You have tons of valid and robust options at  your disposal in the current market, so having an insecure or out of date  network or cart is totally inexcusable.

Melanie Checkout Improvement, Small Business, So you want to be a Shop Owner Series, Store Development