• Posted by Melanie
• 06 May 2010
• Zen Cart

Well I have waited a good long time to write this. I really wanted to get a detailed "take" on the new version before I ran my mouth =-). Never the less, now I am ready to give you a 360 tour on the new Zen Cart 1.3.9!

Expectations for Zen Cart 2.0 are quite high and impatient. Originally, and still in documentation, 1.3.9 is a security or rollup release. While this is true, it's not the whole story....

As we sift through the changes and play around with the new software, security is definitely a high priority. Some added features include htaccess files to limit access, filetype and other previous vulnerabilities we have been fixing by hand. Some things remain the same, you must still rename your admin folder by hand. This is a very frustrating process for less experienced shop owners, and I hope that 2.0 will allow this function to be accomplished in setup.

The offline credit card processing module has been removed for PCI/DSS compliance standards. You can steal code from 1.3.8 to reinstall this, but consider the risk and look at a proper gateway for processing. The cost of a breech can be in the thousands of dollars, vs a few bucks a month for a proper gateway account such as Authorize.net.

Quite a few changes in payment modules, as they were upgraded for new security protocols, API and integration changes and overall updates that have been previously gimping along or required manual updating. The only downside here is when you upgrade you will need to uninstall these modules in your Zen Cart admin and then reinstall once the upgrade is complete.

All order total and shipping modules were updated with bug fixes and such from 1.3.8.  Nothing new here, just added the bug fixes we have been completing by hand. Again, when upgrading, uninstall these modules and then reinstall them after the upgrade.

Templating is not a big upgrade issue, as the only file touched is tpl_reviews_random.php, which is a bug fix. So your templates for the most part will upgrade without issue.

Modules are a huge issue. Many Most are untested and not compatible with Zen Cart 1.3.9. Forum users have been maintaining a makeshift list of working modules here, but your own testing is an absolute necessity. The truth of the matter is that you will likely want to wait a few months to upgrade if you have customized and modded your cart.

There has already been a patched release of 1.3.9 which is only less than a month old. While this was only a file update, there is no guarantee that other updates will not occur and be more complicated. This small file update took me 45 minutes to accomplish with only one module to re-merge files for.... I also had issues with the new .htaccess files in the admin section and replaced them with the working ones from 1.3.9a. About 18 new bugs were fixed in the 1.3.9 second release (B).

Zen Cart 1.3.9

So what's new?

Actually quite a bit is new, and that is why the release is not really just a security update. Some additional functionality and compatibility was added....

• Zen Cart 1.3.9 is PHP 5.3 ready, without patching
• PCI issues have been dramatically reduced
• SSL handling and renegotiation, session handling and detection are fixed for most server configurations
• Canonical url tags were added
• Developers toolkit has most robust filtering and search ability
• New PayPal support added for UK - 3D-Secure and micropayments
• Fixes for the handling of failed PayPal IPNs to be processed with cURL
• Integrated split tax lines without previous customization needed
• Easy Pages can now have their own individual stylesheets
• ISO countries update
• Updated spiders.txt including Yandex
• configure files now attempt to automatically set their own permissions to 444
• Normal operations are significantly less query intensive and run faster
• On page PHP errors removed for PCI and logging enabled automatically
• PCI compliance for auto complete on credit card forms is resolved
• The "Tell a Friend" feature, which should still be set to require a login, now throttles the spam that can be sent through the form
• Brute force protection added to the admin login
• Improved attribute selector
• Audience selector crashes have been fixed
• Who's online is updated and works significantly smoother and lighter
• Example robots.txt was added
• Customer and product search was improved in your admin
• Catalog search is significantly better
• Downloadable product bugs are fixed for "most" server configurations

So I still suggest that if your Zen Cart is very customized or heavily modded that you wait a bit to upgrade... Fact is you might just consider a rebuild to get a clean start with the new software.

• Posted by Melanie
• 16 December 2009
• Public Site Reports

Our November 2009 free site report winner is Purely Poultry. We welcome you to read their report below and visit their site as well. Please show some respect and do not create a bunch of test accounts and havoc on their website while poking around. We do welcome you to provide constructive criticism and suggestions for them to improve their store and business online.

Purely Poultry presents quite a unique online product, as a matter of fact this is one product line we have never worked with before. This fairly unique product line affords them an edge for rank, as the pool of fishes are few to compete with. Fixing some of the issues we found with the cart could clearly have very positive and fast results.

Below is a mildly edited copy of the Zen Cart site report we already provided to Purely Poultry. They have graciously agreed to allow us to publish this and share their issues. We thanks them for providing this medium to help other shop owners who may have similar issues and problems.

Load Speed Main Page: 237.53 seconds at 28.8kbs. We would like to see this well under 50, but the ideal standard is 30 seconds @ 28.8kbs.

On the main page only 5 HTML errors were noted, this is not bad at all... But repairing these will increase the ability for their site to be effectively crawled by the search engines and additionally increase the usability of the website.

Title: Main page title is 14 characters long and the suggested search engine friendly limit is 65. Your title is 100% relevant to your main page content, but lacks good information relevant to the page. This tag should contain a short (65 characters or less including spaces) description of what this site is about.

Current Title: Purely Poultry

Description: Main page description contains 113 characters and is 100% relevant to the main page content.

This description should contain text under 250 characters in natural language to prompt searchers to click through to your website. The Meta description is NOT used for the purpose of ranking your site's pages, but rather as a means to elicit a click through from searchers. Note that your description is somewhat spammy as it is essentially a keyword list. Additionally, this tag should be a minimum of 100 characters for Google not to give a short description error in webmasters tools.

Current Description: Purely Poultry : - Pheasants Chickens Bantams Guinea Keets Books Turkey Poults Ducklings Goslings Quail Peafowl

Canonical Domain url Check:
Your site is returning a proper canonical 301 redirect from www to non-www or vice verse. Google currently has cached versions of both.

This means that sitewide canonical duplication exists as both the non-www and the www versions of the urls work. Duplication of this nature can cause many rank issues and even split PageRank between the 2 different canonical versions.

Google indicates that pages have been omitted from regular search results for being to similar or duplicate in nature.

Total indexed in Google.com: 624

Pages omitted from Google's Main Index: 129

Pages within the Google's regular search index: 495

*Your site has 718 pages indexed in Yahoo search.

*Your site has 15 indexed pages in MSN/Bing.

*You have 1 page indexed in Ask.com's search index

Sitemap and Robots.txt:

A valid search engine sitemap.xml for your site was not found. This document, which is a specific sitemap for search engines, is designed to help search engine spiders locate and crawl your content better and therefore should NOT be styled for human visitors.

A valid, but miss-configured robots.txt for your site was found. A robots.txt is a search engine universal markup to prevent well behaved bots from crawling pages which have content of no value to the searchable index, are duplicate or blocked from indexing.

This has been partially corrected.

Backlinks: Your entire domain currently has 647 total back link(s) from domains other than your own.

This isn't bad at all, keep up the good work!

PageRank: Your main page has a toolbar Page Rank 4 and there is no issue with your PageRank dispersion with regard to canonical duplication.

Sites on IP: Your site's IP is 000.000.000 and there are a total of 8 domains hosted on that IP, none of which appear to be flagged as "bad neighbors" or hosting questionable content.

Spam and Hidden Text: Upon scanning your site hidden text was found, that appears to be related to your CSS menu across the top of your page.

Invisible text found. Method(s): CSS 'display' property set to 'none'.
Invisibility purpose: Impossible to say.
Text: New Products

Miscellaneous:

• Your site appears to have what we call the "nofollow bug". While this is a Zen Cart
  bug, a fix has been available for quite some time. Essentially every page on your
  site currently has a <meta name="robots" content="noindex, nofollow" /> tag
  with in the head element that tells the search engines not to follow or index links
  found within that page.
• You should nofollow ancillary page links, or advertising links within your site
  (once the bug fix has been applied) to stop the flow of PageRank and prevent the
  crawlers from crawling these pages unnecessarily wasting precious crawl time.
• We would advise you to place a phone number in a prominent location through out
  your site. eg: in the header. To give troubled customers a sense of security, and a
  means of contacting some one should an issue arise. Without it shoppers tend to
  abandon the cart sales when they encounter any issues what so ever. They will not
  go looking for a contact number! Remember, not every search visitors lands on your
  main page, most land on interior pages.
• The use of mailto links or valid email addresses even in a textual format, like on
  your "Privacy Notice" page will promote spam, as these are crawled and read by
  spiders for the purpose of creating email list for sale to spammers.
• Your "Conditions of Use" is completely blank.
• On your privacy page under "How do we protect your information?" the last line
  of the second paragraph reads "and are required to�keep the information
  confidential."
• You have unsecured elements on your secured SSL pages causing a broken lock.
  This is the number 1 cause of checkout abandonment.
• Your main page and category pages have very little textual content in order to rank
  with. You will find it very difficult to rank well in the major search engines with out
  it. Additionally pages like http://www.purelypoultry.com/bantams-c-155.html with
  very little text and an overwhelming amount of links lacking textual support may be
  viewed negatively by Google.
• It is a very large liability to have "Subscribe to Our Newsletter" checked by default
  on account creation, as shoppers will inadvertently get your newsletter and report
  you as spam. This is a FTC spam violation and has financial and business related
  liability in the US and many other countries.
• Your shopping cart pages still shows part of the default Zen Cart default text
  (defined in includes/languages/english/shopping_cart.php).
• Your "Checkout Success" page contains the following text "This file is located in
  /languages/english/html_includes/classic/
  NOTE: Always backup the files in /languages/english/html_includes/
  your_template"
• You would greatly benefit by reducing the steps involved in the checkout process.
• Removal of the side bars during the checkout process will reduce customer
  distraction as well as checkout abandonment. Once the customer has committed to
  the checkout process you should avoid giving them opportunities to click away.
• Your checkout pages are no secured. This is a PCI compliance violation and your
  company can be fined by the credit card companies.

I want to personally thank Purely Poultry for allowing us to audit and blog their site report results. I invite you all to comment any additional factors and suggestions to help them improve their Zen cart and business.