E-Commerce for All

Zen Cart Report

We commonly do Zen Cart site reports for shop owners to get a feel for what needs to be done and can be improved in their websites. These reports are not generated, but rather a hand audit of foundation SEO metrics and on site usability and optimization issues.

We would like to offer up a free Zen Cart report to a brave shop owner willing to share his/her site’s issues, url, images and other non-personal data with our readers. This means that your report findings, suggestions and related materials will be posted here for others to read, learn and even contribute to your audit.

Please note that although a winner will be chosen at random from all current month’s submissions and that I will have the final approval. This means simply that given our broad readership, shops containing for example, hate material, adult content, illegal or otherwise non PG 13 cannot be accepted.

You must OWN the Zen cart website you submit, and this will be verified… Be prepared to do so. Your site must be in English, this offer has no cash value and no additional services of any kind are implied, nor provided. Existing clients are not eligible.

You will receive our standard Zen Cart report at no charge and results will additionally, as outlined above,  be posted here for community review and participation. We will continue to offer this monthly for all to benefit, so send your Zen Cart in and let’s get started. Please use the form below to submit your Zen Cart website 1 time per month only. Shop owners submitting duplicate urls will be disqualified.

Melanie Public Site Reports

This is a very serious issue that shop owners have little or no knowledge or concern for. Imagine that many/all of your shoppers are not receiving that new customer coupon, receipts and shipment communications…. Scary huh?

Deliver-Ability

Scary or not, it is very true and many of you are affected already and don’t even realize it. You see, your Zen Cart sends mail from the software. In many cases software generated email is less deliverable to begin with… add some bad hosting and Zen Cart configurations… and boom, very low deliver-ability.

There are several tools to check your email protocol and server/DNS setup, and we will get to those in a minute. But, for now, lets run a simple test that will identify one of the hardest mail networks to deliver software generated email to…

Go to Yahoo and create a brand new email account using a non-domain based email as the backup email address. Next go to your Zen Cart and create and account and order something using the new Yahoo email address. Now check your new mailbox to see if the account creation and confirmation emails were delivered. Most of you will find Yahoo sent these directly to spam.

Why would they do that?

Some time ago, Yahoo, who is owned my SBC (ATT) decided that they would do a “better job” of filtering email spam. In doing so they went over the edge and in a few days time blocked about have of the email addresses on the planet. In order to be unblocked from Yahoo, SBC, ATT and a few other small ones, you have to provide answers and requests on a laborious form. The level of questions on this form made it so hosting company would likely have to complete it for you.

Having screwed up so severely, they were then unable to keep up with the “unblocking” requests and mandated that every IP could only submit so many requests in a certain time frame. Crazy huh?

Our hosting company did an awesome job of creating proxy IPs to get the submissions done for ourselves and hundreds of hosted clients…. But did you get unblocked and un-spammed?

Email tools provide some insight as to the DNS and server configuration for your domain based email accounts. These tools provide information regarding blocked/banned/blacklisted hosts and IP addresses…. as well as some metrics necessary in this day and age to ensure your emails are delivered.

Reverse DNS lookup

This method of blocking spam is very server intensive. The receiving email server performs a reverse DNS lookup on the IP address of the incoming mail connection and checks if there is a valid domain name associated to it. While this is not used for most ISPs as a wholly determining factor, AOL and their subsidiaries will refuse your emails without it. Check your rDNS here.

SPF Record

SPF Record or Sender Policy Framework is a method for preventing sender address forgery. Have you gotten those emails appearing to be from someone else, besides who they are really from? Spoofed. Your server’s SPF record can help to prevent this…

An example…

1. Suppose a spammer forges domain.com and tries to email spam you, the sender connects from somewhere other than domain.com.
2. When the email is sent, you see MAIL FROM: <user_address@domain.com>, but you do not have to take his word for it. You can ask domain.com if the IP address is really from their network.
3. In this example, domain.com publishes a valid SPF record. That DNS record tells the mail receiving server how to find out if the sending machine/IP is allowed to send email from domain.com.
4. If domain.com responds that they recognize the sending machine/IP, it passes, and you can assume the email sender is who they say they are. If the email message fails the SPF tests, it is a forgery, and likely a spammer.

More information on SPF, and how it works, visit the Sender Policy Framework site.

To check and see if your domain has a proper SPF record, use this SPF record tool. If your domain based email addresses do not, contact your hosting company and ask them to set it up. More and more email receiving servers are checking for a valid SPF response, this is crucial to your email deliver-ability.

Interestingly enough, some web hosts claim they do not have this ability, which is likely BS… But face it this is your business and if you web host cannot or will not set up a proper SPF record for their servers… then you are likely hosted with a bunch of spammers who can hurt your site’s ability to rank and set off trust issues with McAfee and Norton in search results!. Time to move to a proper web host.

DomainKeys, DomainKeys Identified Mail (DKIM)

These are also used to fight against forged emails. The protocol uses encryption technology to verify that an email is really from the domain from which it appears to be. If a message has been verified through DomainKeys/DKIM (developed by Yahoo), many email programs and web mail will display an icon or message verifying the sender for your email recipients. DomainKey will likely need to be set up by your web host, but many hosting control panels, including cPanel have this ability at your fingertips… Click, click done. Then check it (be sure to follow the instructions).

Sometimes, you can be blacklisted (labeled as a spammer), when you did nothing wrong! What if for example your web host re-uses an IP that was previously blocked for spam and never resolved…. Well, now you are blacklisted too! Use this tool to check your MX record and blacklist status. If you find you are blocked on any, your hosting company ***should handle this for you, but if they won’t you can try to contact the resource directly.

There are some things you can easily do to help ensure the deliver-ability of your Zen Cart’s emails.

• Check and ensure a proper SPF record, DomainKeys and rDNS are setup on your server
• In your Zen Cart admin under Configuration >> Email options check and set the following
  1. Email Address (sent FROM) is set to a valid email address, preferably @yourdomain.com
  2. Emails must send from known domain? is set to “Yes”
  3. Email Admin Format? Set to TEXT, as it has the highest deliver-ability rate
  4. Allow Guest To Tell A Friend set to false, so that spammers cannot route email through your website
  5. Display “Newsletter Unsubscribe” Link? Set to True
• Use a proper service to send email marketing and newsletters
• Leave your CAN Spam policy and remove/unsubscribe instructions in your cart’s emails
• Handle remove or unsubscribe requests immediately
• DO NOT check the newsletter to true on your create account form. Many will not notice and then later spam or report your emails. (Configuration >> Customer Details >> Show Newsletter Checkbox) set to zero or 1
• Set default email format to text (Configuration >> Customer Details >> Customer Default Email Preference) set to zero, text

Face it, the deliver-ability of your Zen Cart’s emails is crucial to your business and is not something to be taken lightly.

Melanie Zen Cart

The new release of Zen Cart (1.3.9b) has many customers asking about upgrading their carts. While I have decidedly positioned myself on the side of “safe” and we are not currently doing upgrades to 1.3.9b, we are looking to announce our new store development package for Zen Cart 1.3.9b in the next few days (stay posted with FaceBook).

What’s the difference?

Upgrade, Redesign or Both?

Well, likely most many of the bugs are out of the way for the new release, but some very serious module and customization issues exist for upgrades. While, these modules and customizations are in no way the responsibility of the Zen Cart development team, they are something we all have in our stores.

So, while we look forward to having a development package for new stores in 1.3.9b in the next few days, we are still cautioning against upgrades.

If you really think you need to upgrade, you might consider a “Rip n’ Rebuild” situation instead. In this type of scenario, unused and non-compliant modules are removed, broken functions are eliminated and you get a brand new store with all of your products, customers, coupons, orders etc… But no upgrade exceptions and incompatibility issues.

A “Rip n’ Rebuild” also gives you the opportunity to look at a new design and layout. Change the things which have been bugging you and optimize your site properly from the start.

The basic idea of rebuilding as opposed to upgrading is to forgive our previous mistakes and have a fresh, clean shopping cart. When deciding to do a rebuild, you will want to consider many things… Including all those modules installed in your current cart, which “you had to have”, but never use. Having unnecessary modules only adds load, future upgrade issues and generally headaches.

You might even consider dumping those SEO URL rewrites (we did!) that cause your cart’s performance and load to be less than optimum. We will even redirect these pages for you, so that they will re-index and you can recover with a fresh start and a fast cart!

All in all, make no mistake, this is still no inexpensive project, but if you are ready to upgrade it is a genuine consideration for your business. No one likes errors, slow pages and limited ability… You might just have a better idea of your business’ needs and cart’s operations than when you built your current cart =-)

Check out our own rebuilt store in 1.3.9

Melanie Zen Cart

Well I have waited a good long time to write this. I really wanted to get a detailed “take” on the new version before I ran my mouth =-). Never the less, now I am ready to give you a 360 tour on the new Zen Cart 1.3.9!

Expectations for Zen Cart 2.0 are quite high and impatient. Originally, and still in documentation, 1.3.9 is a security or rollup release. While this is true, it’s not the whole story….

As we sift through the changes and play around with the new software, security is definitely a high priority. Some added features include htaccess files to limit access, filetype and other previous vulnerabilities we have been fixing by hand. Some things remain the same, you must still rename your admin folder by hand. This is a very frustrating process for less experienced shop owners, and I hope that 2.0 will allow this function to be accomplished in setup.

The offline credit card processing module has been removed for PCI/DSS compliance standards. You can steal code from 1.3.8 to reinstall this, but consider the risk and look at a proper gateway for processing. The cost of a breech can be in the thousands of dollars, vs a few bucks a month for a proper gateway account such as Authorize.net.

Quite a few changes in payment modules, as they were upgraded for new security protocols, API and integration changes and overall updates that have been previously gimping along or required manual updating. The only downside here is when you upgrade you will need to uninstall these modules in your Zen Cart admin and then reinstall once the upgrade is complete.

All order total and shipping modules were updated with bug fixes and such from 1.3.8.  Nothing new here, just added the bug fixes we have been completing by hand. Again, when upgrading, uninstall these modules and then reinstall them after the upgrade.

Templating is not a big upgrade issue, as the only file touched is tpl_reviews_random.php, which is a bug fix. So your templates for the most part will upgrade without issue.

Modules are a huge issue. Many Most are untested and not compatible with Zen Cart 1.3.9. Forum users have been maintaining a makeshift list of working modules here, but your own testing is an absolute necessity. The truth of the matter is that you will likely want to wait a few months to upgrade if you have customized and modded your cart.

There has already been a patched release of 1.3.9 which is only less than a month old. While this was only a file update, there is no guarantee that other updates will not occur and be more complicated. This small file update took me 45 minutes to accomplish with only one module to re-merge files for…. I also had issues with the new .htaccess files in the admin section and replaced them with the working ones from 1.3.9a. About 18 new bugs were fixed in the 1.3.9 second release (B).

Zen Cart 1.3.9

So what’s new?

Actually quite a bit is new, and that is why the release is not really just a security update. Some additional functionality and compatibility was added….

• Zen Cart 1.3.9 is PHP 5.3 ready, without patching
• PCI issues have been dramatically reduced
• SSL handling and renegotiation, session handling and detection are fixed for most server configurations
• Canonical url tags were added
• Developers toolkit has most robust filtering and search ability
• New PayPal support added for UK – 3D-Secure and micropayments
• Fixes for the handling of failed PayPal IPNs to be processed with cURL
• Integrated split tax lines without previous customization needed
• Easy Pages can now have their own individual stylesheets
• ISO countries update
• Updated spiders.txt including Yandex
• configure files now attempt to automatically set their own permissions to 444
• Normal operations are significantly less query intensive and run faster
• On page PHP errors removed for PCI and logging enabled automatically
• PCI compliance for auto complete on credit card forms is resolved
• The “Tell a Friend” feature, which should still be set to require a login, now throttles the spam that can be sent through the form
• Brute force protection added to the admin login
• Improved attribute selector
• Audience selector crashes have been fixed
• Who’s online is updated and works significantly smoother and lighter
• Example robots.txt was added
• Customer and product search was improved in your admin
• Catalog search is significantly better
• Downloadable product bugs are fixed for “most” server configurations

So I still suggest that if your Zen Cart is very customized or heavily modded that you wait a bit to upgrade… Fact is you might just consider a rebuild to get a clean start with the new software.

Melanie Zen Cart