E-Commerce for All

Get More Sales ... Don't Suck!

Melanie — Wed, 13 Mar 2013 18:30:33 +0000

Ecommerce is a tough business. It moves fast, changes frequently and relies on outside factors, which are often beyond our control. Such as Google screw ups.

I have often told clients, and I believe fully that the best time and money are spent on getting the most from the shoppers you already have. Think about it, maybe you are getting 50 unique visits a day, sure that's not a lot, but how many sales? 1 a day maybe?

What difference would it make to your business is you could increase that to 3 or more sales a day?

Do you check and watch your checkout abandonment rate? Do you even know how?

Diagnosing the barriers that shoppers have with your website is hands down the quickest, cheapest and easiest way to increase your sales. Then you can use the additional revenue to work on increasing your daily traffic.

Number 1: Google Analytics Checkout Abandonment

We have yet to find a client who uses this awesome tool to even half of it's potential. As a shop owner you should have dedicated and be spending at LEAST 30 minutes a week poking around in Google Analytics. If you're not, you have failed yourself.

Want to learn how to calculate your checkout abandonment?

Login in to Google Analytics and select the account you want to diagnose
From the left menu select Content >> Overview >>All Pages
In this list on the top right use the search to locate your first page of checkout by searching for it's url, such as login.php. There may be several in the list, total the Unique Pageviews Column and write it down.
Next use the filter/search box to search for your second page such as checkout_shipping and write down the unique pageviews.
Do this for all of your checkout pages including the last checkout_success.
Do the math....

So I used a customer's account to give you an example. They are running a short, no-login and super easy checkout experience that we built for them. See the results below.

Checkout Page 1: 1776
Checkout Page 2: 1509
Abandonment: 15.03%
Checkout Page 3: 1360
Total Abandonment: 23.42%
Checkout Conversion Rate: 75.58%
Loss of Abandonment Revenue: Page 1 (1776) - Page 3 (1360) = 416 X Average Sale $111.58 = $46,417.28 Lost Revenue!

How does your store compare? What do you do if it sucks?

Reduce the number of pages in checkout
Remove barriers and distractions from checkout
Increase trust:
- Security Seals
- Phone Number has High Visibility
- Live Chat
- Good Direction Words in Text and Buttons. Go to, Buy Now etc (tell them what you want!)
- Fast Website Performance.... Nobody Waits Anymore!
- SSL Certificate, If You Don't Have $10 a Year for an SSL You are in the Wrong Business!
Payment Options. People are (in our own internal study) are about 34% Less Likely to Checkout if you ONLY offer Offsite Payment Options such as Paypal. In talking with folks it seems that they are concerned that if you only offer Paypal then you are not a "real" business.
Clear, First Person Helpful Product Descriptions. I Tell Clients to Describe their Products Just as they Would if I was on the Phone with them.
Nice, Big and Awesome Product Images.
Good, Competitive Pricing.
Easy to Follow Design, Menus and Navigation.

Number 2 Google Analytics Poor Performers

No matter how hard you have worked, you have losers in your website. These losers, as I prefer to call them, are pages that get some traffic but simply fail to convert anything.... In a nutshell for some reason they suck! However, it's really easy to locate these pages and get to work on identifying the problem. Want to learn? See below.

Login in to Google Analytics and select the account you want to use.
From the left side menu select Content >> Overview >> Site Content >> Landing Pages
On the top left, right above the graph hit the "Ecommerce" tab
Bottom right hand corner use the dropdown to make the number of results bigger
You are looking for pages with high visits, but very small number of transactions.
Find one you want to diagnose

The Diagnosis and Treatment of a Loser

I picked one has 377 visits and only 1 transaction.... This .27% conversion rate is well below the site's 3.1% average conversion rate. Now we want to open that page up on our website and try to determine why it sucks so bad.

Top Ten Reasons Page's Suck

Too confusing, busy or completely "pathless". When people open this page they are intimidated, lost or just plain too lazy to try to navigate the mess. This is very common for your product index pages. Try to provide some easy to read and scan-able text above the products.... some direction.
Product pages with little or no descriptions.
Crappy images on product pages or product index pages with rows of products that in a quick scan all appear to be the same.
Too slow.... Face it, they will just hit the back button and try again.
Recognition. You provided no way for the searcher to immediately realize that their search provided them the correct product/page. Since we need every damn thing right this second, we leave for an easier experience for our lazy fingers.
No authority. Your page looks like you know nothing, do nothing and are simply a bulk seller with no real connection to the products or experience. This troubles me because I might have a question or need some support... But since you obviously know nothing, you won't be able to help.
Trust. I see no reason I should trust you with my personal details and credit card information. Where is the phone number? How can I get in touch with these people? Are they real, or are they some washed up eBayer? How do I know?
Price! The price is too high or even too low. Ideally you want to be pricing your products somewhere in the middle. Prices too high are an obvious problem, but did you know that prices too low are also a problem. Think about it, if you have the lowest prices you might be a knockoff, you might suck at customer service, not a real business etc.
Your website looks/feels old and not up to date. I don't think you need to have every bell and whistle available, but if your website still looks like 90's HTML, then your sales will suffer.
Too forward. Have you ever walked in to a furniture store and that guy meets you at the door with a flyer? Then proceeds to follow you around the store even after you told him you were just looking? Well, believe me your website can also come off like that. While we need to create a path and direction to better convert shoppers... we do not have to look like a furniture salesman in a plaid jacket!

Zen Cart & Multiple Languages

Melanie — Tue, 19 Feb 2013 12:41:31 +0000

Zen Cart really is quite robust ecommerce software. Setting up your Zen Cart to offer multiple languages is pretty common, if you are just getting started go here. This post is designed to help multiple language Zen Carts correctly direct the search engines to the correct language specific page when appropriate.

Zen Cart 1.3.9 and newer has the awesome rel="canonical" links in the , so we can use this function to better offer up our multilingual pages!

Your language links are conveniently appended with their language ID. URLs such as (/index.php?main_page=index&language=es) contain the language parameter to correctly produce the desired language for your site's visitors.

That's the easy part ... your shoppers can easily use the language switcher to change languages and shop..... But what about Google?

Using the rel="alternate" hreflang="x" tag will help Google serve the correct language or regional URL when appropriate. Google says:

Some example scenarios where rel="alternate" hreflang="x" is recommended:

You translate only the template of your page, such as the navigation and footer, and keep the main content in a single language. This is common on pages that feature user-generated content, like a forum post.

Your pages have broadly similar content within a single language, but the content has small regional variations. For example, you might have English-language content targeted at readers in the US, GB, and Ireland.

Your site content is fully translated. For example, you have both German and English versions of each page.

The cool part is that now with the robust canonical URLs built in to Zen Cart we can easily accomplish this.

In includes/templates/your_template/common/html_header.php

Find:

Then Add the Following for Edited for Your Language Options:

Before the

So the whole statement with 1 language added would look like this:

Adding additional languages is as simple as repeating the rel="alternate" line edited for your language like this:

There you go... very easy and no core file edits as you should be editing the html_header.php in your template override directory =)

Zen Cart rel="canonical" for Your SSL Store

Melanie — Tue, 12 Feb 2013 15:15:19 +0000

If you accept credit cards on your Zen Cart website you are required to be PCI compliant. That is just a fact. Given the shortsightedness of the PCI scanning companies and the speed at which the technology must develop, there will always be scan fails.

I wrote about a PCI fail recently where the Zen Cart contact form was failing PCI scans for not being protected under SSL. Now, the action is under SSL and it's certainly NOT sensitive information, but there is no convincing the scanning companies.

The simplest solution is to set your whole website to use only SSL. It's a nice caveat that this also helps build shopper trust and make more money! Even Facebook is SSL by default now, so people are becoming more aware of SSL pages. While certainly the general public doesn't understand the whole thing... they think and have been lead to believe that site's need SSL to be safe.

Once you have set your entire site to SSL by changing both of your configure files to https links you will find the next snag, no more rel="canonical" tags. Zen Cart's canonical pages tags are awesome! They help you with SEO, reducing duplicate content and many other great perks. If only your SSL shop had them??

Switching to full SSL will turn off your rel="canonical" tags in all of your pages. While this may be a bit short sighted on the part of the Zen Cart Development Team... it's easily fixed! Once you make the switches to all SSL pages you will eliminate SSL/Non-SSL content duplication completely and fixing your canonical tag is necessary for a smooth transition in the search engines indexes.

How to Turn ON Canonical Tags for SSL Pages

Open includes/init_includes/init_canonical.php

Find:

/**
* SSL Pages get no special treatment, since they're not normally indexed
*/
case ($request_type == 'SSL'):
$canonicalLink = '';
break;

Change it to:

/**
* SSL Pages get no special treatment, since they're not normally indexed
*/
// case ($request_type == 'SSL'):
// $canonicalLink = '';
//break;

Bravo, now your full SSL Zen Cart Shop has the brilliant rel="canonical" tag!

** Important note: DO NOT do this unless you are running a FULL SSL catalog. Doing so will result in canonical tags on both SSL and NON-SSL pages, thus duplicate content.

2013 & Zen Cart

Melanie — Mon, 04 Feb 2013 21:17:10 +0000

With all the Panda, Penguin and buzz surrounding them it's very easy to get caught "putting out fires" all the time. It's very tiring and not so successful overall... so let's get going!

Below is a punch list of the things "I" think ecommerce shop owners should be concentrating on in 2013.... In order of priority. Call it a plan of attack, new year's resolution... Call it whatever you like, but get out in front of that monster and stop "putting out fires".

1. Content is still king if it's not crap. What are Google and the other search engines looking for in content?

Make sure each page has a couple of good paragraphs.
Avoid lists and comma separated values.
Keep to that page's topic when writing content.
Use common words that people might use to find your content in your content.
Write for the masses, not everyone is a college grad.
Structure your content properly with heading tags and organized paragraphs... Make it easy to scan.
SPELL CHECK
Your content should be written for your shoppers! If it's pushed down to the bottom of the page Google weighs it less and your shoppers likely never see it! #WasteOfTime

2. Usability is a never ending process. Making shopping easier gets more sales out of the visits you have already.

At least once a week shop on your website and go all the way through checkout.
Do you have pages that are really good but hidden from navigation?
Do you have the trust signals you need such as highly visible phone number, SSL, security seals, guarantees and such? These really do increase sales and Google is looking for them!
Do your pages load quickly? Start here
Are your product descriptions and images adequate for me to throw money at you?
Are you using colors in buttons and navigation to create a proper call to action and funnel people along?
It is REALLY clear what payment methods you accept? Here is a cool payment image generator.
Can I get a shipping quote before providing you my personal information?
Have privacy, conditions, shipping and returns in place and easy to understand?

3. Social Media is not going to go away just because you think it doesn't apply to you... Instead you will go away =0

Minimum you should have a Facebook page. People have begun using Facebook to search for products, services and businesses instead of a search engine!
Very likely you should also have Twitter and Google+ (make sure to link your Google+ page and your website properly).
Having a Facebook page is not enough.... engage these people and find sales in return.
Your product pages should have at least Twitter, Facebook, Google+ and Pinterest buttons for sharing. The benefit from even 1 pin is really huge!
Get on board with Rich Snippets to help the search engines and social media platforms understand your products and give you the credit you deserve.
People love product videos.... if they're short, helpful and perhaps funny.
The Internet is very much a popularity contest.

4. Link Building is "the job that never ends, it just goes on and on my friends". Links are still important it they're not faked, from junk sites or spammy.

Build links by creating business profiles on business directories. Google Local, Yahoo local, Manta, Yelp etc.
Find niche blogs, forums, Facebook groups and such related to your products and get involved. Note this is not a spamming venture... be helpful and be loved.
NEVER, EVER pay for links or trade links..... Google will get you.
Create a community page of your own on Facebook or similar.
Join the Chamber of Commerce in your area and get in to their website directory.
Post coupons on websites like BlueMountain and ReatilMeNot
Make donations to local organizations and ask only for a thank you link from their website.
Make use of Bing Local, Yahoo Local, Google Places & Google maps if you have a brick & mortar location.
Have you tried free press releases?

5. Google Analytics is a wealth of knowledge! If you're not using it, shame on you.... If you are, make a commitment to spend 15 minutes a week in there "poking around". You will find that you will accidentally stumble upon things you didn't know to help you understand and grow your business.

6. Mobile technology is developing faster than we had ever expected. Devices have come down in cost and urban WiFi hub spots have put millions of users online who would not be otherwise.

Tablet traffic accounted for 8-19% of total shopping traffic from Thanksgiving Day through Cyber Monday.
Total sales from tablet type devices ranged from 7-17%, with iPads representing a disproportionate 94 percent majority of the tablets.
Tablet shoppers on average converted as much as 38% higher and average order values were up to 15% larger.
Look in to creating a mobile version of your website. Delia has a great mod for this purpose.
Perhaps a Facebook catalog page?

These items here are pretty Google Proof. I mean they have been the right thing for a long time and are going to continue to be right. Stop thinking so much about "how to rank" and start thinking about how to "wow" your shoppers instead. You will earn the trust and love of your shoppers and Google at the same time. Toooofer!

Scroogled!

Melanie — Thu, 13 Dec 2012 12:27:21 +0000

Google's Bait & Switch

Many of you shop online.... Most of you have used the super helpful Google shopping results in your regular searches when buying things online. They are helpful, you get a picture and to compare prices BEFORE even visiting the website.

Until recently these results have been free for merchants who follow the rules to send their products in for product search. So you can get good results from websites who are providing Google honest data about their products such as UPC numbers, prices, shipping, taxes etc.

Google recently announced that by the end of summer these results, will no longer be the quality merchants you have come to see here, but rather only merchants to PAY GOOGLE to be there.

So Google used the backs of merchants to build YOUR TRUST in their shopping results only to "beef" up their value to turn around and SELL THEM to merchants. They built a product with your trust only to turn and sell it off to the highest bidder.....

"Since it is very difficult even for experts to evaluate search engines, search engine bias is particularly insidious."
—Google Founders Sergey Brin and Larry Page

I have been telling everyone that Google screwed us since they took the once free and mostly fair Google Shopping and went paid with it.... Now enter Bing who intends to expose this "evil" act and turn the shoppers who Google has screwed. While I am not a Microsoft fan, I have to say "Go Bing"! They even launched a website for this campaign...

In the beginning, Google preached, "Don't be evil"—but that changed on May 31, 2012. That's when Google Shopping announced a new initiative. Simply put, all of their shopping results are now paid ads.

In their under-the-radar announcement, Google admits they've now built "a purely commercial model" that delivers listings ranked by "bid price." Google Shopping is nothing more than a list of targeted ads that unsuspecting customers assume are search results. They call these "Product Listing Ads" a "truly great search."

To make the campaign more complete, Bing has created a video... It's pretty good too!

I have to give Microsoft some credit here, this is an excellent campaign to taint the godlike Google reputation and help to raise Bing's following with honest truths. While this may be mud slinging reminiscent of a political campaign, the mud is real!

Then (2004)
Founders IPO Letter: "we do not accept payment for [search results] or for inclusion or more frequent updating."

Google's 2004 SEC Filing: "Our search results will be objective and we will not accept payment for inclusion or ranking in them."

Now (2012)
Google's 2012 SEC Disclosure: "After all, ads are just more answers to users' queries."

Google Commerce announces shopping results will be paid for and exclude merchants who don't participate.

Google Commerce announces it is going international in February 2013. Countries in line to be Scroogled include UK, Germany, France, Japan, Italy, Spain, Netherlands, Brazil, Australia and Switzerland.

I think an awareness is important here. I also think Google has too much power to put small business' out of business. I genuinely believe that Google has built a monopoly in which people, the very Americans they claim to serve, are in grave financial danger and are being spoon fed dishonesty. To further strengthen my position did you know that Google avoided paying $2 billion in taxes last year by moving money to Bermuda?

Bermuda is just such a shelter, and according to Bloomberg, Google moved $9.8 billion there in 2011 to avoid paying $2 billion worth of taxes. They continue by saying $9.8 billion was roughly “80 percent of Google’s total pretax profit in 2011.”

At a Senate antitrust committee hearing in September, Google Chairman Eric Schmidt acknowledged that Google's market share is "within that area" of being monopolistic, though he said he'd prefer to "let the judges ... actually do such a finding."

In our 10 years in this business many clients can tell you I often disliked many of the things Google has changed/done... But these same clients will tell you that ...

"they too have the right to run their business as they see fit."

However, while I agree their monopoly is less than illegal, I stand by my original platform that Google intentionally did a "bait and switch" which has brought harm, in loss of income for millions of small businesses and tricked consumers in to thinking the shopping results are honest... when they are going off to the highest bidder. Both merchants and shoppers alike we "baited" in to Google Shopping for more than a year, then when the "buzz" and participation was at its peak, Google switched the platform to paid for the merchants and now delivers shopping results to the shoppers which are NO LONGER based on relevance, quality, nor anything else consider organic. Worst of all Google's required notation that these are sponsored ads is lame at best and they even allow people to sort by relevance..... there is no relevance, only cash!

Just one more video for Bing's "Anti-Google" - Scroogled Campaign, I just couldn't resist!

PCI PIA

Melanie — Thu, 15 Nov 2012 16:10:52 +0000

PCI Compliance is a struggle for all merchants. The time, cost and knowledge needed is perhaps excessive when you factor in that no one is policing the rules. Having said that we have recently come across a really stupid pain in the ass new fail for scans from a few of the PCI scanning companies. The fail is simple.... Your Zen Cart contact form is now supposed to be protected under SSL.

So I argued this with the scanning company CSR on the phone, but the fact is, fail is fail and they are not budging.... even though they are using a GIGANTIC amount of imagination to interpret the PCI Standards. So yes it's completely asinine, it is NOT sensitive information and people using the form are not even necessarily customers who have or will checkout. In fact I suspect many are idiot spammers selling you PPC with their highly professional GMAIL business email =) .... But, even the stupid must be protected from nothing I suppose.

So, making your Zen Cart secure your contact page under SSL is a PIA.

The absolutely easiest thing to do is to secure the whole catalog front end under SSL. This is done by editing includes/configure.php and completing the following.

On lines 15 you will make the following edits.

define('HTTP_SERVER', 'https://domain.com);

On line 19 just verify that the value is true and not false.

define('ENABLE_SSL', 'true');

Now this method while easy to accomplish has some pitfalls. Your urls will ALL change, some server's SSL config can be significantly slower and you'll have to properly secure all of your resources or face the "Broken Lock of Death". If you want to avoid these pitfalls, the task is a genuine, annoying PIA to complete.

Turning Your Contact Page to SSL the Hard Way

First open up your admin and go to Tools >> Developers Tool Kit
Now scroll down to the last field and enter zen_href_link(FILENAME_CONTACT_US and set it for PHP files only and Catalog only.
This search is going to bring up all the link references for the contact us page, so we can hunt them all down and edit them like crazy people. I could just tell you where they are, but then you would miss template and override files.

For each of these instances you will change the code from

No that the references are now trained to be SSL we have to change the actual form action to be SSL as well. In theory this is ALL that should be required, but the idiots at the scanning companies cannot teach their pet tool to recognize that the function itself is secured, so the page doesn't need to be.

In /public_html/includes/templates/your_template/templates/tpl_contact_us_default.php on line 17 locate the following.

replace it with

That's all, now you can rescan and have a beer, you earned it!

GoDaddy Epic Fail

Melanie — Wed, 26 Sep 2012 20:49:34 +0000

This is a true story, and while I am posting because it is rather funny, it's indeed sad the trials and problems this merchant has suffered at the hands of GoDaddy hosting.

This client, running Zen Cart 1.3.8 was sent an email from GoDaddy regarding her database queries. They wanted her to reduce them as it was in their estimation causing an unfair load on the server and affecting the other gazillion other websites hosted on the server. The client, phoned us and explained her troubles and we set a plan to upgrade in a short time and reduce the queries for now.

Now we knew going in that the website given it's old age Zen Cart 1.3.8 was likely hacked with the common hacks we see in this version such as php files in the images directory. What we didn't expect was a full class hack which was capturing and routing credit card information to an email address from the checkout confirmation page file. We have seen this hack before, just a couple of times, so we knew to look.

Long story short we cleaned up all the hacks, lowered permissions, protected directories and patched the cart to "hold her over" until she can upgrade. Cleaning up hacks is a common task around here for the 1.3.X series and we even have a "Post cleanup" email we send them. This time we had some issues which needed to be directly handled by the host, GoDaddy.... so we forwarded them to her as well to send to GoDaddy. The rest is just way to ignorant to believe....

Please tell GoDaddy the following:

Fully Disable Front Page Extensions

Do a full backup of the "clean" state for potential restore

Please deep scan and check for root kits

Hack which breached credit cards occurred on 6/8/2012 @ 8:35pm and is attached. Access for the hack appears to have been authenticated.

Please remove the VTI folder from the stats directory

I cleaned, replaced and lowered permissions on nearly all core files. I replaced the missing software .htaccess files which were removed using command syntax from the images directory hacks and other injected php files within the file structure in many places.
I applied all version patches and secured all ancillary folders to both prevent browsing and the execution of scripts. Quarantined files are in the public_html in a folder called /lockdown/

GoDaddy responses

1. Fully Disable Front Page Extensions

Front page is not enabled as Godaddy runs on Linux Hosting.

---- Apparently the hosting control panel icon saying they are enabled and all the FrontPage extension files are imaginary. FrontPage extensions are both vulnerable and a PCI fail.

2. Do a full backup of the "clean" state for potential restore

not sure what this means? did you want me to do a backup on the database?

---- The word full must have been too vague??

Please deep scan and check for root kits

We have no idea on this I spoke with checked with upper level admins who have no idea what rootkits are?

---- Don't even know what to say here... It's just that completely inept! (http://en.wikipedia.org/wiki/Rootkit)

Please remove the VTI folder from the stats directory

Remove this in the FTP File manager but why would delete this folder as it is provided by Godaddy to enable me to do traffic stats?

---- _vti_cnf is NOT a folder to do anything with stats. It is in fact a FrontPage extensions folder. We cannot remove it because it is within their /stats/ system folder in the public root and the permissions are protecting it from removal.

Moral for the story..... GoDaddy is not proper hosting for ecommerce websites, your security, liability and business should not in the hands of monkeys!

Customizing Google Snippets with Microdata

Melanie — Tue, 25 Sep 2012 14:20:10 +0000

Zen Cart is certainly powerful software, but it's prowess is the dynamic platform of functions in PHP which are usable in many different calls from different areas of the template. Social media has been a challenge for Zen Cart, specifically pointing out the product image properly for social sharing. Because Zen Cart has many different page templates and only one real template... the challenge for making Google + for example select the product image has been a rough road.

However, Microdata, from Schema.org, Good Relations and Rich Snippets opens the door for us. Now Facebook has their own system, but should support Microdata as well. Schema.org is a universal project which provides a collection of markup tags to markup pages in ways recognized by major search engines. Search engines including Bing, Google, Yahoo! and Yandex rely on this system to improve the display of search results, making it easier for people to search and find web pages.

In this post I will show you how to implement the Product Schema Microdata for your product pages. Now this tutorial is for 1.5.0, but if you're sharp you can easily implement it in other Zen Cart versions.

So the applicable tags we have available currently for Products are as follows:

name - name of the product.

description - A short description of the item.

image - URL of an image of the item.

price - The price of the product. A floating point number. You may use either a decimal point ('.') or a comma (',') as a separator.

currency - The currency used to describe the product price, in three-letter ISO format.

quantity - Number in stock

availability - out_of_stock, in_stock, instore_only or preorder

brand/manufacturer - The brand of the product.

condition - new, used or refurbished.

identifier - asin, isbn, mpn, sku or upc.

breadcrumb - Bread crumbs, path to category

category - The product category—for example, "Books-Fiction", "Tools", or "Cars". You can include multiple categories. Any value is accepted, but Google recognizes the categories described in this article.
seller - The seller of the product. Can contain a Person or Organization.
offer language markup
payment methods
delivery lead time
offer delivery area

*** Update 1/29/2013 to remove (itemscope itemtype="http://schema.org/Product") from html_header.php and move more towards Microdata markup more suitable for products and added breadcrumbs and category tags.

*** Update 3/21/2013 Added offer language and submission tool for Google

*** Update 4/17/2013 Added Payments Accepted, Delivery Lead Time and Delivery Area

Implementation

------------------------------------------------------------------------------------------------------------

Using the identifier for your product's image.

This method, while imperfect will include all additional images and attribute images. The imperfect part is that it will include cross sell images (if installed) and also purchased etc. The second optional method will include ONLY the main product image, but no additional product images AND has some struggle with Image Handler (if installed). They both work fine with Zen Lightbox (if installed). The second option produces results less than desirable, and for now we encourage you to use the first.

First Option In includes/functions/html_output.php line 199

change the 2cnd image tag

$image = '

Second Option In includes/templates/your_template/tpl_modules_main_product_image.php

find 2 instances of

and change to

If you are using Zen Lightbox you can do the following with a little better results for option 2.

find

$rel . '" title="' . addslashes($products_name) . '">

and change to

$rel . '" title="' . addslashes($products_name) . '" itemprop="image">

------------------------------------------------------------------------------------------------------------

Using the identifier for your product's name.

In includes/templates/your_template/templates/tpl_product_info_display.php

Locate your product name

Now wrap it in the property name tag

-----------------------------

Using the identifier for your product's price & currency type. Note: We have added only 1 currency value, not multiple.

Locate your price

// base price
if ($show_onetime_charges_description == 'true') {
$one_time = '' . TEXT_ONETIME_CHARGE_SYMBOL . TEXT_ONETIME_CHARGE_DESCRIPTION . '
';
} else {
$one_time = '';
}
echo $one_time . ((zen_has_product_attributes_values((int)$_GET['products_id']) and $flag_show_product_info_starting_at == 1) ? TEXT_BASE_PRICE : '') . zen_get_products_display_price((int)$_GET['products_id']);
?>

Now we will wrap it in the price property

// base price
if ($show_onetime_charges_description == 'true') {
$one_time = '' . TEXT_ONETIME_CHARGE_SYMBOL . TEXT_ONETIME_CHARGE_DESCRIPTION . '
';
} else {
$one_time = '';
}
echo $one_time . ((zen_has_product_attributes_values((int)$_GET['products_id']) and $flag_show_product_info_starting_at == 1) ? TEXT_BASE_PRICE : '') . '' . zen_get_products_display_price((int)$_GET['products_id']) . '';
?>

-----------------------------

Using the identifier for your product's description.

Locate your product description

and wrap it in the description property tag

-----------------------------

Using the identifier for your product's brand/manufacturer.

Locate the manufacturer's function

' . TEXT_PRODUCT_MANUFACTURER . $manufacturers_name . '' : '') . "\n"; ?>

now you will wrap it in either the brand or manufacturer property tag, whichever is most appropriate for your cart

' . TEXT_PRODUCT_MANUFACTURER . '' . $manufacturers_name . '' : '') . "\n"; ?>

-----------------------------

Using the identifier model. Locate your model number line.

' . TEXT_PRODUCT_MODEL . $products_model . '' : '') . "\n"; ?>

Now we will wrap it in the mpn (manufacturers part number) identifier property

' . TEXT_PRODUCT_MODEL . '' . $products_model . '' : '') . "\n"; ?>

-----------------------------

Using the quantity identifier. Locate your quantity line.

' . $products_quantity . TEXT_PRODUCT_QUANTITY . '' : '') . "\n"; ?>

Now we will wrap it in the quantity property

' . '' . $products_quantity . '' . TEXT_PRODUCT_QUANTITY . '' : '') . "\n"; ?>

-----------------------------

Using the Availability property

Just a quick way to dynamically deliver the value of in stock our not from quantity.

In the list you just edited for model and such locate the closing tag and on the line right above it add the following. Acceptable values are (in_stock, out_of_stock, instore_only or preorder)

0) { ?>

In Stock

Out of Stock

-----------------------------

Using the Condition property

We will fake this for a vanilla Zen Cart as well by adding another line just above the closing as in the previous instruction. Values which can be used are (new, used and refurbished)

New

Lastly to make this markup most flexible for search engines and other platforms to understand locate the opening div for your product content in tpl_product_info_display.php

-----------------------------

Using Rich Snippets to identify the category

the section marked details, find

}
?>

Just before this line add

Category: fields['categories_name'] . '">' . $categories->fields['categories_name'] ; ?>

-----------------------------

Using Rich Snippets to identify the payment methods you accept. The syntax provided is for Visa, MasterCard, Discover and PayPal. Other methods can be found here (http://www.heppnetz.de/ontologies/goodrelations/v1#PaymentMethod)

the section marked details, find

}
?>

Just before this line add

Payments Accepted: PayPal, Visa, MasterCard, Discover

-----------------------------

Using Rich Snippets to identify the general delivery lead time for your products

the section marked details, find

}
?>

Just before this line add

Delivery Lead Time: 21 days

-----------------------------

Using Rich Snippets to identify the shipping region(s) for your products. Note that the proper 2 letter country code must be used for the content="", but the text following can be express however you like.

the section marked details, find

}
?>

Just before this line add

Shipping to: United States & Canada

-----------------------------

Setting up the container for the product schema

Find

and add this to it

itemscope itemtype="http://data-vocabulary.org/Product"

So it looks like this

------------------------------------------------------------------------------------------------------------

Adding the breadcrumb identifier for Rich Snippets

In includes/classes/breadcrumb.php on line 57

Find

$trail_string .= ' ' . $this->_trail[$i]['title'] . '';

and change it to

$trail_string .= ' ' . '' . $this->_trail[$i]['title'] . '';

------------------------------------------------------------------------------------------------------------

Then in includes/templates/your_template/common/tpl_main_page.php

Find

trail(BREAD_CRUMBS_SEPARATOR); ?>

and change it to

trail(BREAD_CRUMBS_SEPARATOR); ?>

------------------------------------------------------------------------------------------------------------

Now go over here and let Google see if they can read your changes properly using the Structured Data Testing Tool. Check our testing site here in the tool. Once you have tested your snippets Google now provides a means to let them know you are using rich snippets by submitting this form. The nice part is that they will respond and note any issues they find to better help you come to completeness.

There are more formats for the product schema that we will be looking to incorporate such as review, aggregateRating and offers. Stay tuned, we will update when this project has changes. These items weren't initially included as they require a module to display in the product page or the data output is wrong for the Schema, so there will be some core changes and such to incorporate these additional properties for Zen Cart.

Sweet Success with Low Hanging Fruit

Melanie — Fri, 07 Sep 2012 20:16:06 +0000

In this climate of change, traffic drops and uncertainty, I can offer eCommerce merchants a fast, easy and effective way to increase search traffic and sales. Maybe you don't believe you can effect your search volume and conversions without the assistance of a marketing or SEO firm? You would be wrong.... Much more than that, this method is historically effective and free.

There is one caveat, you need a good analytics program in place with at least 3 months of data to get started. In our example we will use Google analytics because it's free. Ready to get started?

The term "low hanging fruit" is actually a double edged opportunity. You have low hanging fruits that convert well and have poor search traffic, and you have fruits which have good traffic and convert poorly. We are going to help you identify and improve both in this post.

Products Which Convert Well, But Have Poor Search Traffic

This is hands down my favorite opportunity! We can take a product we know people want to buy and make it more visible in search. Getting more people to a product which converts well will add to your sales. Sales, that is why we have eCommerce shops, right?

1. Open the account you want to work with in Google Analytics.

2. Select the time frame you want to work with (top right). Keep in mind that going too long or too short can run through seasonal trends and such, changing your results. I usually use 3 months.

3. From the left hand menu click on "Traffic Sources", then "Search" and finally "Organic"

4. Next we want to see conversion data for these keywords. Click the "Ecommerce" link.

5. To the right you will now see a keyword list of your organic visits. In the bottom right change the rows to 500 so we have more data.

6. Now the old Google Analytics could do a killer weighted sort here, but the new one falls short. So, click on the heading "Ecommerce Conversion Rate" and sort it so the highest conversions are at the top.

7. As we look down through this list we are looking for pages which converted very well, but have low visits. The reason is simple, these obviously convert well, lets send more visits to them!

Here is a great example:

cemetery flag holder has only 20 visits but converts at 16.67%

We are looking for phrases that are pretty targeted. cemetery flag holder is good, but outdoor flag is too big for this task.

8. Click on your keyword to open the detail page.

9. Now click on the right where it says "Secondary Dimension" , then "Traffic Sources" and finally "Landing Page.

10. There may be more than one landing page. This is a mixed bag or good and bad. Good to have the visits, bad that Google, instead of you decides which page is best.

11. In a new tab open up your landing page(s) and lets have a good long look at them.

Things We Are Looking For

--- The keyword which converts well is mentioned in this page, but overly mentioned

--- The text is very descriptive, helpful and authoritative

--- There is enough text in total for the product that the search engines never have to guess what this page is about

Things to AVOID

--- Avoid lists and rather use natural text when possible

--- Use proper word, Google knows the difference between holder and holders for example. You only look stupid to those who would give you money by using improper words for rank. If my description says "Our cemetery flag holder" are made in the USA... I'm an idiot! It should be "Our cemetery flag holders are made in the USA".

--- Do not overuse your keyword(s). The search engines will think your content sucks, you are a spammer and never send their clients to this page!

--- Spell check! Enough said

--- Do not inundate your product's description with a bunch of bold text, meaningless heading tags and links!

12. Once you have fixed up the page so that it's more search AND shopper friendly, then share it on your company's Facebook, Pinterest or Twitter page. One, time.......

Good Traffic, But Converts Poorly

1. Do steps 1-5 above.

2. Click on the heading "Ecommerce Conversion Rate" and sort it so the lowest conversions are at the top.

3. As we look down through this list we are looking for pages which converted very poorly, but have good visit numbers. The reason for this is also simple, these pages are getting traffic, but not making me any money! You might have to look deeper than 500 and you will have a ton of "one hit wonders", which are not the "pot of gold" we are looking for.

Here is a great example:

outdoor christian flags has 27 visits and converts at 0%

We are looking for phrases that are pretty targeted. outdoor christian flags is good, but outdoor flags is too big.

4. Click on your keyword to open the detail page.

5. Now click on the right where it says "Secondary Dimension" , then "Traffic Sources" and finally "Landing Page.

6. There may be more than one landing page.

11. In a new tab open up your landing page(s) and lets have a good long look at them.

Why Don't These Products Sell???

--- Is your price too high? Maybe you cannot compete on price.... Then make damn sure you are selling the best customer service, trust and authority! People do NOT as a habit buy the least expensive, but rather somewhere in the middle.

--- The description is clear, description, understandable?

--- The image(s) clearly show what the shopper is getting?

--- Compatibility, batteries, parts, assembly, warranties... these things are included in the description as needed?

--- Now add it to your cart. Not only do we want to make certain the page is working, but maybe the widget in $900 to ship!

--- Make certain you have clear and easy to follow shipping and returns policies in place.

--- Make sure your telephone number is prominently displayed on ALL pages.

--- Spell check anyone?

These 2 methods of capturing the sweetest low hanging fruit cost you nothing, but a bit of the dedication you need to be a successful business owner anyhow. Now, get to work!

Social Superiority for Ecommerce Merchants

Melanie — Tue, 19 Jun 2012 17:50:57 +0000

According to and independent survey "small and mid size online retailers are highly confident in the future of ecommerce".

More than 750 ecommerce merchants and found that 84 percent of respondents are optimistic about their growth potential while 16 percent of respondents listed brick and mortar stores as a method they currently use to sell their goods. Only 11 percent of respondents are considering brick and mortar locations for future sales compared to 33 percent who are considering opening their own web store, 29 percent who would use email marketing and 26 percent who are considering selling goods on Amazon.com.

Having said that, social shopping platform Pinterest is already and will continue to play a huge role in ecommerce marketing. Pinterest seems to have the tools to make sharing easy, returning for purchase a breeze and is so simple to use that it has clearly set itself ahead of the crowd in the social media world.

Pinterest users are 79 percent more likely to purchase items they see pinned on the site compared to the purchasing behavior of Facebook users viewing items they’ve seen on the news feed or a friend’s wall, according to a new survey released from behavioral commerce company SteelHouse.

In a Steelhouse survey more than half of those surveyed said they regularly share their online purchases. This social behavior has opened many doors for smaller ecommerce merchants, as well as many challenges. In the age of mobile aps, smart phone scanners and information overload. Only 33% of Facebook users said they have purchased a product or service from a Facebook ad, on the news feed or from a friend’s post. This compared to a HUGE 59 percent of Pinterest users who have made purchases based on an items they found on Pinterest. Are you Social Ready?

Getting Social with Zen Cart

There are some very big challenges for Zen Cart owners, but I have some very simple advise and options to help you grab a bigger piece of this social shopping pie. Many of the items in this list will cost you money.... I apologize for that, and please understand I do my best to find free and affordable solutions for all challenges we address here. However, I will also say that most of these are sooo very easy to get you started!

98% of shoppers say that online customer reviews have a major influence on their decision to purchase a product or service. Your Zen Cart review system is adequate, but you have to coax the shoppers to submit them. Follow up with a post delivery email, send them a link and offer them a coupon to submit an honest review. The alternative is a paid program like Shopper Approved, which really has some awesome tools for your shop. Shopper Approved has segmentation, popups, folowups, support, really nice seals and is picked up pretty well by the search engines as well. For just $49.95 a month you can have one of the best review systems on the web that is a snap to install in your Zen Cart shop. No matter which way you plan to go, the trick is to ask for reviews and testimonials.... We are way to busy as a society to just offer them up. If they are fast, easy and you ask, many shoppers are more than happy to oblige.

Expert mobile research pegged the number of smartphone users in the U.S. at 82.2 million people. People make purchases, shop, share and are completely Internet wired while on the go. The opportunity here is the ability to carryout impulse purchases immediately, no forgetting to do it later. For our Zen Cart owners, the solution best suited to grab these sales is a mobile friendly version of your website. While there are many choices available now for Zen Cart, we have seen and tested Zen Cart Superstar Delia's awesome solution. This mobile Zen Cart module will give you a fully functional and phone/device friendly version of your Zen Cart for a small price (starting at $125.00).

Grant your shoppers the ability to quickly and EASILY share your products on the most popular social media sites. The top 3 performers in the social shopping jungle are going to be Pinterest, Facebook and Kaboodle. This is a number we get from the 26 clients we have on our SEO program at the moment. We aren't just looking for traffic.... as a matter of fact we don't even care to much about the traffic part, we are looking for conversions. We are looking for social shares that produce sales.... period. Having said that we developed a module for Zen Cart called Social Bar. Social Bar has the ability to turn off and on (from your Zen Cart admin) Facebook Share, Twitter Tweet, Delicious Add, Digg, StumbleUpon Stumble, Technorati Fave, Reddit, Kaboodle Add, Google +1, Bebo, BlinkList and Pinterest PinIt. Social Bar for Zen Cart can be downloaded and (installed by you easily) for just $18.00, or installed by us for $36.00. Have a look at the module in action here.

Lastly, and certainly not because it is less important, get a Facebook Fan Page and a Google +1 Page! These pages are going to help you rank better, create buzz and authority for your website and most importantly put you in touch with your shoppers. Remember, neither of these is worth a damn if you never use it! Post regularly, create special Fan Offers.... Market your pages in newsletters, emails and on your website. It's not an easy task to keep these pages up, but at least it's fun and interactive.

Thanks for reading and we wish you prosperity and success in your ecommerce business. Remember, at PRO-Webs we are here to help. If you have a question, please ask.... we endeavor to answer them all (and NOT with a sales pitch either). We believe in the value and necessity of the small merchant's success in the US and plan to continue to support these merchants in any way we can!

Securing Your Website for PCI

Melanie — Fri, 18 May 2012 13:00:25 +0000

Securing your website, no matter what kind of website, can be a big job. Most of things you need to do are common sense and awareness. We don't expect you to know how to sanitize database queries, but rather that you know and realize that there are resources and standards to to use and follow. This most, designed to be very simple will help you get on board with PCI DSS compliance. Remember, June 30th 2012 is D-Day, all merchants accepting credit cards will be required to to PCI compliant.

I suggest that you first start with our first post in this series, PCI, Passwords & Aggravation.

Welcome back. Now lets get on with securing your website.

If you accept credit cards on your website (people enter a credit card number on your website) you are required to be PCI/DSS compliant as of June, 30th 2012. There are no excuses, exclusions, nor, get out of jail free cards. Man up and get to work.

The very first thing you need to do is limit and control access to your website and web hosting. Whenever possible limit access to a task level access. So don't give the order processor access to your whole admin & don't give the guy uploading images in FTP access to the root. Each person must have their own individual and unique access, so all 10 employees cannot use the same login credentials.
Use strong 8 characters or more passwords with upper & lower case, number and symbols when possible. Do not use names or real words in them. Do not use the same password for more than one application. Do not store them unsecured or send them electronically.
Change ALL passwords associated with your website every 60-90 days. Log the changes with a date, per person.... But NOT the passwords. This means PayPal, gateways, admin, hosting, email etc.
Contact your merchant bank and find out what they wish you to do to provide your compliance credentials. They may have a specific PCI scanner they want you to use (which is really BS, you should be allowed to use whomever you want as long as they are an Approved PCI Compliance Scanning Vendor). Fill out your SAQ (help with SAQ), get your scans done at least quarterly and submit them to your merchant bank. We use Trust Guard because we like the seals, they use a approved scanning vendor and the price is very reasonable (not the cheapest, but excellent service and less than average price).
Keep server software, website software and computer software of any kind up to date. For example, if you use Zen Cart, when you click on version in the top right of your admin it should say 1.5.0... if not you are required to upgrade now.
ALL login forms and checkout must be secured with SSL. So, that sidebox login you may have on your main page has to go!
Make sure you stay up to date with software upgrades and patches. Most software platforms have a RSS or newsletter you can sign up for or follow to be informed of software updates and patches. Here is Zen Cart's update forum is here, either check it frequently or subscribe to the thread. WordPress can be checked from your dashboard or check here, and here.
Check Secunia for advisories about the software you run.... Below is a shortlist.

CKEditor / FCKeditor ~ Security Advisories
Coppermine Photo Gallery ~ Security Advisories
CubeCart ~ Security Advisories
Drupal ~ Security Advisories
Joomla (all versions) ~Security Advisories & Joomla Vulnerable Extensions List (VEL)
Mambo ~ Security Advisories
osCommerce ~ Security Advisories
phpBB ~ Security Advisories
TinyMCE ~ Security Advisories
WordPress ~ Security Advisories
Zen Cart ~ Security Advisories

Have your web host or other trusted company deep scan your website for malware and infected files quarterly. Securi has an excellent malware scanning service that we recommend. They will even remove it for you if found.
Implement and enforce a company Information Security Policy. Believe it or not, you actually have to tell employees not to share customer's information.... common sense is NOT so common any more. Here is an example of one of our data policies (https://pro-webs.biz/data/).
Restrict physical access to company systems and records with cardholder data to only those employees with a business "need-to-know."
DO NOT store cardholder data... Just don't, it's not smart for them or for you.
Develop and maintain a vulnerability management program. This sounds worse than it is. Basically, set forth a policy of the things you are doing, need to do and want to to to reduce vulnerabilities within your company.
If you accept credit cards on the phone and enter them in a gateway or terminal you must also have your office IP(s) scanned.
NEVER allow access to your website using WiFi or an employee working from home.
Your web hosting CANNOT have ANY plain text logins. This means all hosting control panel functions, e,ail access (even through software such as Outlook) and FTP must be secured with a SSL3 or TLS connection.
Use your head.... if it seems unsafe or dumb, IT IS!

While PCI compliance is not a law (yet), there are state laws that are already in effect to force portions of the PCI Data Security Standard (PCI/DSS) into law. In addition, there has been a big push by legislatures and industry trade association to enact a federal law around data security and breach notification.

Many businesses only implement the rigid letter of the PCI DSS standards, "kinda like "state minimum car insurance". They have technology and processes in place that satisfy the exact letter of PCI standards, but do nothing else to provide real security for their business. It is crucial you YOU and all of your company's assets embrace the spirit of the standards. Call it a hyper vigilance, or awakening, but the days of "I did what I had to so we're cool are over". Just like any other set of standards or rules PCI can only account for most, or many potentially vulnerable situations, they do not work for you.... know your routines etc. You and the people you work with must develop a sense of urgency and awareness to catch potential vulnerabilities with your own organization.

Q: What are the penalties for noncompliance?
A: The payment brands may, at their discretion, fine an acquiring bank $5,000 to $100,000 per month for PCI compliance violations. The banks will most likely pass this fine on downstream till it eventually hits the merchant. Furthermore, the bank will also most likely either terminate your relationship or increase transaction fees. Penalties are not openly discussed nor widely publicized, but they can catastrophic to a small business.

It is important to be familiar with your merchant account agreement, which should outline your exposure.

PCI, Passwords & Aggravation

Melanie — Thu, 17 May 2012 14:27:24 +0000

With June 30th creeping up on us we are rushing to upgrade websites, upgrade servers, secure mail, block port access, require password strength and rotation and of course block hackers from websites. PCI/DSS compliance is a daunting thing, it looms over our heads as a potential to be heavily fined for not obeying its standards. Some shop owners, like ourselves, have been obeying these standards for many years already. Others are just getting started or are still in denial.

Interestingly, not all of our clients are thrilled that we are and will continue to be delivering the safest, PCI compliant hosting that we can. We update clients as we continue down the road to maintain our server's PCI/DSS compliance. In response to these updates about new password strength requirements, requiring clients keep their software up to date, etc we have received a mixed bag of mostly aggravated feedback. We have been yelled at, complained about publicly and some clients have even moved their websites to avoid PCI.

I do wonder what these folks will think when June 30th passes and their merchant bank fines them, suspends their account or many other of the power plays the merchant banks will posses to force PCI/DSS compliance among their account holders. I also wholeheartedly hope that this will create an opportunity for the PCI ready and already compliant merchants in the marketplace. Historically speaking, it will create financial opportunities for the PCI compliant vendors who will be still able to process credit card transactions..... while the "non believers" use PayPal while they scramble to attain compliance so they can again accept credit cards.

So starting today with this post, we are going to cover the PCI/DSS basics in detail for shop owners to make better choices and start/continue down the road to compliance. Today's topic is your own computer's security.

Why does it matter that I have secured my PC, it's not hosting my website you know?

Ahhh, this one is such a fun question! I could point to over 50 cases in the last 2 years where a client's failure to maintain their own personal security has allowed their websites to be hacked, but I would prefer to cover some basic security techniques to prevent it instead. By the way, if you use a MAC and think you are exempt, you are dead wrong, no matter what the "Apple Guy" tells you. In checking the numbers, about 20% of the hacks originating from the website owner we using a MAC. Given that only a small percentage of people use MACs, this is really quite high! I think that Apple has gone out of their way to create a false sense of security among its users... But, in the end, it is you.... who owns the computer who is at fault, not Apple.

There are several areas you need to observe to manage your own personal security. I will break these down in a simple format and hope to help you be more secure and protect your shoppers better.

PASSWORDS

I am still in complete AWE when clients, whom we don't even know, shoot us access information in an email! Worse yet, we get the email from a Hotmail or other free account and the username is admin and the password is password01..... Really scary! This post How I’d Hack Your Weak Passwords is a MUST read.... it will scare the crap out of you... as it should.

Really Simple Password Rules to Live By:

Never use real words, use made up ones if you must use a word. Using names and known words makes hacking your password a piece of cake!
Always use numbers, letters (mixed case) and punctuation when possible.
Always make your passwords a bare minimum of 8 characters... 12 is much better.
Change all passwords every 60-90 days.
Never create mass account login with the same passwords for users.... All users need their own unique login.
Passwords must not be transmitted over the Internet by e-mail or any other form of communication, without being encrypted.
Passwords should never be written down or shared with anyone.
Use different passwords for each website or application.... at the very least DO NOT use your hosting access passwords ANYWHERE else, ever.
You must log the dates of password changes and who has access to anything coming in contact with your website.

I had to post this chart to demonstrate how quickly simple password are cracked, it is rather eye opening.

Password Length	All Characters	Only Lowercase
3 characters 4 characters 5 characters 6 characters 7 characters 8 characters 9 characters 10 characters 11 characters 12 characters 13 characters 14 characters	0.86 seconds 1.36 minutes 2.15 hours 8.51 days 2.21 years 2.10 centuries 20 millennia 1,899 millennia 180,365 millennia 17,184,705 millennia 1,627,797,068 millennia 154,640,721,434 millennia	0.02 seconds .046 seconds 11.9 seconds 5.15 minutes 2.23 hours 2.42 days 2.07 months 4.48 years 1.16 centuries 3.03 millennia 78.7 millennia 2,046 millennia

SECURING YOUR COMPUTER

This one can be quite challenging, there are so many things to do. The list I am about to provide you is really a short list of the things you really must do.

Keep ALL software on your computer up to date, especially Adobe products. The Secunia Online Software Inspector (OSI) will check them for you, for free.
Use a great virus scanner, I highly recommend McAfee. Trend Micro has a decent product, but there have been countless times when we are cleaning up a hacked website and scanned the local files with Trend Micro on the intake computer and then McAfee found viruses in them after.
Virus scanning isn't enough, you need a firewall... again, McAfee's firewall and real time scanning is really superb.
Some infections are not viruses and will not be caught by a virus scanner. Malware, BHOs and other dangerous scripts can infect your computer just from browsing the Internet. We suggest Malwarebytes to scan for these dangerous items. It's also free.
Change your network passwords including router, modem, login etc every 60 to 90 days and make them also strong passwords.
Turn OFF WiFi on your work computers... at the very least secure your wireless network. PC World has a simple post to step you through securing your WiFi here.
Remove unnecessary software from your computer, especially ones that reach out to the Internet.
Clear your browsing history, cache, cookies etc everyday. We use CCleaner to do so, it's also free. If someone accessed to your machine, some of your juiciest information is stored in your Web browsers cache. There is enough in almost every browser on earth to engineer a social breach. In other words a hacker could gain access to your personal data and then use it to pose as you.

Another thing to keep in mind is that some of the passwords you think matter least actually matter most. For example, some people think that the password to their e-mail box isn’t important because “I don’t get anything sensitive there.” Well, that e-mail box is probably connected to your online banking account. If I can compromise it then I can log into the Bank’s Web site and tell it I’ve forgotten my password to have it e-mailed to me. Now, what were you saying about it not being important?

It is your duty to secure your devices, restrict access and manage your own personal security to protect your customers.

Dead Cheap Usability Testing for Your Website

Melanie — Fri, 27 Apr 2012 15:38:42 +0000

Usability testing is the most effective means to increase sales, shopper interaction and popularity for your ecommerce shop. Hands down, there is no more effective means to get MORE from the traffic you have.

So if usability testing is SO effective, why don't more people do it?

Many shop owners don't know about it, most assume it is incredibly expensive and frankly most are just to narrow minded to delve in to what "may be wrong" with their websites.

These reasons are none valid. Usability testing is no different than product testing, surveys, soliciting feedback and other techniques used by successful businesses worldwide. So what if you can do basic usability testing for free?

You CAN do usability testing! There are a ton of different means to do simple, effective and free usability testing for your website. I am going to touch on just a few specifically suited for ecommerce. These simple, easy to execute and effective usability testing plans will help you identify problems shoppers encounter on your website. If you just said to yourself "there are no problems on my website", then I challenge you to do these 2 usability plans... You are most certainly wrong. Every website has problems, no doubt.

Solicit Feedback

This one is the absolute simplest technique to eliminate the problems shoppers encounter on your website. Soliciting feedback from shoppers is both easy, cheap or even free and very eye opening. Some people will not participate, some will and some will not be very nice. Toughen up, listen to each comment, test and take action.

The trick to soliciting feedback is to listen and not be a PIA to your shoppers.

Feedback Software: Soliciting feedback from shoppers via software has become very popular. Basically, you get software (most paid services) to ask your customers to "rate their experience" on your website. Software like Shopper Approved (my personal favorite) works with your Zen Cart (or other software) to pop up and ask shoppers to rate their experience. The best part of Shopper Approved is that they followup with the shopper post-transaction email to get a more comprehensive rating which includes delivery time etc. The downfall is that this software ONLY solicits feedback from shoppers who completed a transaction. This leaves an absolute plethora of those who didn't! They couldn't find what they wanted, had checkout issues etc.
Abandoned Carts: One of the standard package modules we install on new Zen carts is "Recover Cart Sales". This free Zen Cart module will let you send an email to shoppers who abandoned checkout. The standard "vanilla" email is pretty good, but we highly recommend adding a coupon to the email. This helps you convert the sale (which is the point) and track results better as well. Problem here is that shoppers who couldn't find what they sought or had issues before checkout are not captured.
Followup Calls: This is one of my personal favorites. Every week pick a few shoppers from your orders, call them and chat about their experience. Ask them for feedback, let them know you appreciate their help and give them a coupon or gift certificate for their time. Once again, this only captures successful checkouts.
Social Media: is a HUGE opportunity for free and effective usability testing. I especially like to solicit the help of Facebook fans when developing a new shopping cart to replace an old one. The act of creating "buzz" about your new design coupled with the feedback you can receive is positively priceless!

Surveys

Creating a survey for people to evaluate your website is really much easier than you think. When you create a short survey you have a very controlled, yet flexible measurement tool that can be deployed in so many ways. You can send a survey to your newsletter subscribers, friends, Facebook fans and your offer a link to your website visitors. There are some very logical and basic tricks to creating an effective usability survey that you should observe.

It should be SHORT.
You should design a task such as "buy this widget" on my website.
Questions should be simple stupid.
Offer and opportunity for the survey taker to summarize their experience in their own words.
Specifically solicit information about areas you feel are "potentially a problem".
Thank them! Offering a coupon or such is cool, but make very certain you thank the participant.
Measure your results and ACT!

Examples

Did you easily locate the product?
Did you feel like the information was adequate?
Was checkout easy?
Did you have trust or security concerns?
What can we do to improve the experience?

Accomplishing this is far simpler than you may think. Certainly their are paid software platforms out there that offer the creation of these types of surveys, but my personal favorite is WordPress with Formidable. You should consider upgrading to the Pro edition ($37), as it has a bunch of features which will make this more effective. Aggregating your results is nice with graphs, tables etc.

I will tell you that NONE of this will be effective, much less matter if you are too narrow minded to consider that people have problems using your website. This, like anything else you do for your website is only effective if you can measure the results. That means you need to exercise some restraint in implementing "fixes". If you fix 10 things at once, how will you measure the effectiveness?

Lastly, before I leave you onto your new mission, let me just say that there is NO beating a good old fashioned looking over someones shoulder while they use your website. It's actually quite easy to get volunteers for this as well! I ask my kids, friends etc. again, while the "sample" is obviously smaller here, you have the ability to watch, ask questions and get real time feedback on possible solutions.

Thank you for taking action!

Melanie — Wed, 25 Jan 2012 17:53:21 +0000

Thank you for taking action!

Hi Melanie

Last week you stood with millions of Americans to protect online freedom and innovation. Congress heard you, and delayed consideration of the PIPA and SOPA bills, which -- if enacted -- would censor the Web and impose harmful regulations on American businesses.

We hope that today you will join us in thanking your representatives for protecting the Internet.

And we want to thank you, again, for your actions last week. We are humbled that so many of you rallied around what we believe is the most transformative invention in history.

Until next time,
The Google team

I thought this was quite nice to share and celebrate a small victory in the fight for our web rights.

Stop SOPA

Melanie — Sun, 15 Jan 2012 17:53:03 +0000

You may or may not be following the SOPA / E-PARASITE controversy. If not, as website owners, you should be. The SOPA/E-PARASITE/PROTECT IP bills, summarized below, are a huge injustice to our rights, and the American way.

NY Times Editorial by REBECCA MacKINNON

The bills would empower the attorney general to create a blacklist of sites to be blocked by Internet service providers, search engines, payment providers and advertising networks, all without a court hearing or a trial. The House version goes further, allowing private companies to sue service providers for even briefly and unknowingly hosting content that infringes on copyright — a sharp change from current law, which protects the service providers from civil liability if they remove the problematic content immediately upon notification. The intention is not the same as China’s Great Firewall, a nationwide system of Web censorship, but the practical effect could be similar.

Matt Cutts, head of Google’s Webspam team has done an excellent job of getting the word out and getting website owners and the web community involved. Below is a video to help you better understand whats going on, and whats at stake.

Count PRO-Webs as a company doing our part to put down this injustice, we have signed the petition at We the People which has 52,096 signatures, educated customers and acquaintances alike. As a result of our signing of the petition to STOP SOPA, we received an email from the Whitehouse. I am sharing it with you in its entirety below.

Combating Online Piracy while Protecting an Open and Innovative Internet

By Victoria Espinel, Aneesh Chopra, and Howard Schmidt

Thanks for taking the time to sign this petition. Both your words and actions illustrate the importance of maintaining an open and democratic Internet.

Right now, Congress is debating a few pieces of legislation concerning the
very real issue of online piracy, including the Stop Online Piracy Act (SOPA),
the Protect Intellectual Property Act (PIPA) and the Online Protection and
Digital ENforcement Act (OPEN). We want to take this opportunity to tell you
what the Administration will support—and what we will not support. Any effective
legislation should reflect a wide range of stakeholders, including everyone from
content creators to the engineers that build and maintain the infrastructure of
the Internet.

While we believe that online piracy by foreign websites is a serious problem
that requires a serious legislative response, we will not support legislation
that reduces freedom of expression, increases cybersecurity risk, or undermines
the dynamic, innovative global Internet.

Any effort to combat online piracy must guard against the risk of
online censorship of lawful activity and must not inhibit innovation by our
dynamic businesses large and small. Across the globe, the openness of
the Internet is increasingly central to innovation in business, government, and
society and it must be protected. To minimize this risk, new legislation must be
narrowly targeted only at sites beyond the reach of current U.S. law, cover
activity clearly prohibited under existing U.S. laws, and be effectively
tailored, with strong due process and focused on criminal activity. Any
provision covering Internet intermediaries such as online advertising networks,
payment processors, or search engines must be transparent and designed to
prevent overly broad private rights of action that could encourage unjustified
litigation that could discourage startup businesses and innovative firms from
growing.

We must avoid creating new cybersecurity risks or disrupting the
underlying architecture of the Internet. Proposed laws must not tamper
with the technical architecture of the Internet through manipulation of the
Domain Name System (DNS), a foundation of Internet security. Our analysis of the
DNS filtering provisions in some proposed legislation suggests that they pose a
real risk to cybersecurity and yet leave contraband goods and services
accessible online. We must avoid legislation that drives users to dangerous,
unreliable DNS servers and puts next-generation security policies, such as the
deployment of DNSSEC, at risk.

Let us be clear—online piracy is a real problem that harms the American
economy, threatens jobs for significant numbers of middle class workers and
hurts some of our nation's most creative and innovative companies and
entrepreneurs. It harms everyone from struggling artists to production crews,
and from startup social media companies to large movie studios. While we are
strongly committed to the vigorous enforcement of intellectual property rights,
existing tools are not strong enough to root out the worst online pirates beyond
our borders. That is why the Administration calls on all sides to work
together to pass sound legislation this year that provides prosecutors and
rights holders new legal tools to combat online piracy originating beyond U.S.
borders while staying true to the principles outlined above in this
response. We should never let criminals hide behind a hollow embrace of
legitimate American values.

This is not just a matter for legislation. We expect and encourage
all private parties, including both content creators and Internet platform
providers working together, to adopt voluntary measures and best practices to
reduce online piracy.

So, rather than just look at how legislation can be stopped, ask yourself:
Where do we go from here? Don’t limit your opinion to what’s the wrong thing to
do, ask yourself what’s right. Already, many of members of Congress are asking
for public input around the issue. We are paying close attention to those
opportunities, as well as to public input to the Administration. The organizer
of this petition and a random sample of the signers will be invited to a
conference call to discuss this issue further with Administration officials and
soon after that, we will host an online event to get more input and answer your
questions. Details on that will follow in the coming days.

Washington needs to hear your best ideas about how to clamp down on rogue
websites and other criminals who make money off the creative efforts of American
artists and rights holders. We should all be committed to working with all
interested constituencies to develop new legal tools to protect global
intellectual property rights without jeopardizing the openness of the Internet.
Our hope is that you will bring enthusiasm and know-how to this important
challenge.

Moving forward, we will continue to work with Congress on a bipartisan basis
on legislation that provides new tools needed in the global fight against piracy
and counterfeiting, while vigorously defending an open Internet based on the
values of free expression, privacy, security and innovation. Again, thank you
for taking the time to participate in this important process. We hope you’ll
continue to be part of it.

Victoria Espinel is Intellectual Property Enforcement Coordinator at
Office of Management and Budget

Aneesh Chopra is the U.S. Chief Technology Officer and Assistant to the
President and Associate Director for Technology at the Office of Science and
Technology Policy

Howard Schmidt is Special Assistant to the President and Cybersecurity
Coordinator for National Security Staff

Check out this response on We the People.

Stay Connected

Stay connected to the White House by signing up for periodic email updates from President Obama and other senior administration officials.

Google Product Search "Eats" Small Merchants

Melanie — Wed, 30 Nov 2011 16:47:30 +0000

I am not sure what the whole purpose of the recent changes and requirements in Google Shopping do or will mean.... But none of them have been a "good" thing for smaller merchants.

The data standardization within Google Product Search has put like products from very large retailers capable of deep discounts in the same page product lineup with smaller merchants who cannot compete on price. The smaller merchants who would generally seek to make their listing somewhat unique to grab longtail product searches can no longer do that. Smaller merchants in the product lineup with Pet Smart for example, have few options to elicit a click from a searcher.

For example, if I search on Google.com for "pet gear" I am given the following product choices:

Obviously, being a "regular shopper" I select the product with the stars! I am taken to a page where Google offers me the following retailers:

Amazon.com
Walmart
Buy.com
Sam's Club
Sears
Overstock.com
The Sportsman Guide
Meijer
Wayfair
eBay

I find it rather funny that the Sam's Club price is $12.16 more than Walmart. However, this set of results most disturbs me because nearly ALL of these pampered results are using a very "vanilla", UN-engaging, unimaginative, duplicate product description! That's a real pisser huh?

Nope, the real pisser is that hiding in the lower left under these results is....... the rest of us!

Soooooo, I click the next arrow 2 times before I find a single small retailer! I know you're probably mad, but it gets worse. I click and click all the way to page 5 of the results before finding a unique product description! That's bullshit!

Corporate America strikes again, the "little guy" is forced to reduce cost in order to compete.... Profit becomes nil and the retailer fails. All this while companies like Walmart continue to bankrupt manufacturers with their volume pricing demands so low that the manufacturer makes no margin. So, since Walmart eats companies, does this mean that someday there will be no choice, but rather companies like Walmart will become all their is.... "The Walmart Effect".

Is Walmart Good for America? provides a provocative examination of the impact
Wal-Mart has had on the U.S. economy. The documentary highlights the changing
relationship between manufacturers and the so-called "big-box" retailers, exemplified by
Wal-Mart, that has contributed to the bankruptcy of some American businesses and a
growing unemployment rate. While Wal-Mart supporters tout the advantages of one-stop,
low-cost shopping, others are alarmed at both the outsourcing that has made these low
prices possible and how large retailers affect smaller, local businesses. FRONTLINE
examines the winners and the losers as it documents how:
• Global retailers are superceding manufacturers in making decisions about
product quality, type and price.
• A basic flaw in the United States-China trade relationship is that we can afford
to buy Chinese products, but they cannot afford to buy ours.
• Wal-Mart has approximately 6,000 global suppliers; 80 percent of these are
from China.
• China is becoming the biggest producer of high-tech products in the world.
• TCL, a Chinese company, is now the largest producer of televisions in the world
and almost all of their U.S. exports go to Wal-Mart.
• The United States is exporting raw materials to Third World countries and
importing their manufactured products, which is a reversal of former economic
relations.
• In 2003, the United States had a $120 billion trade deficit with China and it is
expected to be even higher in 2004.

So what is Google's part in all of this?

I am seriously disturbed that, whether intentionally or not, Google is laying the framework for a capitalist shopping experience on their platform. This is America, our uniqueness, intuitiveness, drive, ambition and imagination make great companies.... Such as Google even. How can a company as big, powerful, American and creative "eat" these small retailers?

Google Merchant Center Data Limits

Melanie — Wed, 30 Nov 2011 16:40:05 +0000

When logging in to Google Merchant Center you will see the following "Alert".

Due to recent change to item and feed limits, you may experience errors when submitting your items or registering a new feed.

Tuesday, November 22, 2011 | 3:43 PM

Labels: alert

Due to recent change to item and feed limits, you may experience errors when submitting your items or registering a new feed.

To check whether your new feed is affected by our new item limit, navigate to the Data Feeds tab and click on “x of x items inserted (view errors and warnings)” to the right of the newly registered data feed. You may also receive an error when registering a new feed if you reach your feed limit. You can request an item and feed limit increase by contacting us through our Help Center.

Important: Existing feeds that have been registered before 11/22 will not be affected, but only feeds that were registered in the Merchant Center after 11/22. When you update your existing feeds, make sure to not delete the existing feed but simply initiate an upload under the already registered feed to prevent your existing feed from becoming subject to the temporary limit. You can do so by choosing an upload method right next to the data feed name under Data Feeds>Upload and follow the instructions as usual.

Google recommends that data feeds be under 20MB for upload within Google Merchant Center, while scheduled fetch and FTP uploaded feeds can be up to 1GB. Compressed feeds must be under 500MB or you will need to split them in to 500MB or less files.

While most will not be affected by this, I think new feeds will come under deeper scrutiny with regard to size, data quality, freshness and so on.

Disapearing Sitemaps

Melanie — Tue, 22 Nov 2011 13:18:38 +0000

Not as often as I should, but while checking up in Google Webmaster Tools this morning I noticed an issue..... Many of my sitemap submissions are gone! Sites, such as PRO-Webs which has been live for years and years suddenly have no sitemap in Google Webmaster Tools. Now, I do check Google Webmaster Tools rather infrequently, but last month the sitemaps were all there, alive and well.

Where Have all the Sitemaps Gone?

Odd indeed! However, the reason for the post is more for you to go check and make sure everything is in order in your webmaster's tools. Holiday shopping is already on the rise, we cannot afford to let a simple thing like this escape our grasps. So login to your Google Webmaster accounts and check under

Site Configuration >> Sitemaps

If you have missing sitemaps as well, we would love for you to comment so we can determine if Google is just picking on us... sob =)

***Update several customers websites (all old ones, verified and submitted long ago) are missing their sitemaps as well!

Holiday Shopping Ideas + Checklist for Ecommerce

Melanie — Tue, 15 Nov 2011 19:51:05 +0000

It's that time of year once again when our minds move to maximizing sales and serving the mass of holiday shoppers our website will be serving. I write one of these posts every year to help you prepare, market and maximize your holiday sales season.

Preparing for Holiday Shopping

Here is a pretty helpful list of things to check, secure and generally optimize to make sure your company, website and customer service are all shored up and ready to bust out the best sales numbers of the year.

Remember, that although "Black Friday" is generally known as a physical shopping day you will still see increased sales. Many retailers are controlling the masses of people flooding their brick and mortar storefronts with special holiday bonuses, sales and deals for shopping online.

From "Black Friday" you move in to "Cyber Monday", which is your day as ecommerce owners. "Cyber Monday" is the day that shoppers shop from work to get holiday bargains and things they need for the gift giving season. Note that the biggest time of the day you will see traffic is lunchtime EST. While many shop on the clock, many more will eat at their desk shopping away their lunch hour.

Being prepared for these sales is certainly no joke and requires that you put forth extra effort and planning to be successful. Here is a list to get your brain juices flowing.

Check your website for broken links (http://validator.w3.org/checklink)
Place several orders on your website. Check the flow, ease and function in FireFox, IE and Chrome browsers.
Check that there are no "broken lock" errors for your SSL pages in your checkout. (http://pro-webs.net/blog/2009/08/26/ecommerce-checkout-suicide/)
Contact information on your website is prominent, easy to find and use.
Shipping fees, holiday shipping schedule and return policy are clearly stated in the simplest manner possible, with high visibility.
Special sales, coupons and shipping campaigns clearly posted.
All specials for each sale are in place and any product data feeds (such as Google Shopping) are up to date.
Check your bandwidth (transfer) use for the month and make certain your hosting account has enough to cover a 100% increase.
Check that you have ample products in stock and ready to ship.
If you are using an API such as USPS, FedEx or UPS to deliver shipping quotes make certain that you have a standard table, flat or zone rate turned off but configured for use if the API for your carrier fails. This has happened in the past and can be down for days.
Check with your processing gateway to make certain that daily and transaction limits are going to be adequate for the increased sales. We certainly don't want to lose sales because we have done to much sales in a day!
Make sure you have ample staff to handle calls and emails.
Ready to ship? Don't wait, start shipping orders as quickly as you can. Many times very quick shipping notifications will lower canceled orders and actually help promote your store with your shopper's co-workers and friends.

Holiday Marketing Ideas

Holiday marketing techniques are a dime a dozen, and you cannot do them all. However, have a look at the ideas below to see if any will help you in your niche to maximize sales this holiday shopping season.

Email Marketing

If you plan to do an email blast for Cyber Monday... You better get it out by Saturday night. Many people will shop from work on Cyber Monday. Get them your deals early so they can take it to work.

Use a awesome subject line to engage the shopper. Most people will read the subject at least before deleting your email, so your subject alone carries most of the burden in email marketing.

Keep the email, clean, informative and short.... Holiday shoppers are an impatient bunch.

Segment your email list to help you send offers best related to your shoppers. If you are using email software to segment your list, now is the time to flex your marketing mojo by hitting each of your segments with a planned and targeted email offer. Cyber Monday is not the only opportunity this holiday season.... so make certain you also have the ability to properly measure your results for improvement.

Consider offering special coupons or information to your subscribers only.... They are generally intrigued and will check it out!

Linkbait - PR

Any kind of great link / promo bait is going to be very effective... For example, create a press release that Santa himself or one of his elves is at your shop answering your phones. This will get people's attention and if you have the right product, folks will be happy to spend money in your store... Not to mention all the great social share links you can grab as well.

Funneling

Create a category and link products in to a "gift giving", "gifts for her" or "holiday gifts" category for quick access and promotion of products that are expected to make great gifts for holiday shoppers.

Promos

Offer free anything... Free gifts, free shipping, free gift wrapping, BOGO etc. Free is always good marketing.

Run silly and fun Holiday Pay Per Click Ads... Target some very tight terms and throw up Ads like, Santa dropped the load at our shop! This will grab attention and get some folks in your door... send them to a page with great deals and Holiday offerings.

Submit a Holiday themed coupons to a bunch of FREE coupon repositories.

Offer gift certificates in BOGO or get $20 for $15 types formats.... Shrink on these is awesome. Make sure you advertise that your Zen Cart can deliver these to anyone, anywhere in an email!

Run a holiday contest or give away in your shop... Customer # 333 will receive a $25 gift certificate for their next purchase... Then track the winners and results in a very prominent location for all to see. this would make an awesome Facebook promo!

Add special product bundles to your store, Holiday shoppers are in a rush and will be more inclined to checkout with a item bundle containing everything they need... Like the mp3 player, case and headphones all in one shot.

Swap out some template images for Holiday themed, feel good images to get your shoppers in the "mood". Maybe even make it snow on your website with a pinch of Java Script!

Advertise your ability to ship directly to the gift recipient and offer holiday wrapping and gift messages.

Addon Orders - Offer a coupon, which very simply enables the shopper to return in a set time frame (such as 24 hours) to shop for more items and pay no additional shipping for the additional items; the orders are combined.

Include a coupon in your order confirmation emails to entice shoppers to return again. How many times have you shopped for your early and then had to return to the same store later and shop again. Bounce back coupons are 100% safe as they do not affect the checkout ability of the current order, but rather attempt to get the shopper to return for additional sales.

Shoppers are in an absolute crazy frenzy this time of year. They are shopping around, price and selection and service checking... Comparing shipping and delivery options. Often in this process the can get "lost". If you are using the abandoned cart module for Zen Cart, you have the opportunity to "recover" these lost sales by emailing them their cart contents and a nice letter to persuade them to return and checkout.

If you are using Facebook, Twitter or any other social media platform, then use it to maximize sales this holiday season. Offer "Facebook Only" specials, promos, gifts and coupons, write about great gift ideas and ask for others from your fans... Most importantly make sure your fans know you HAVE the holiday spirit. Believe it or not, people want to know that you are a company comprised of "real" people and are not all business this holiday season.

Use gift selectors like "gifts for guys", "gifts under $50.00" and other vertical browsing options to help shoppers better find and BUY what they need. This type of ease in shopping can easily convert a "one item cart" sale in to a really nice order. Shoppers appreciate this and will share their ease in shopping with friends as well.

Shipping

Shipping promotions is big business in the holiday season. Free shipping is always a huge holiday shopping promotion. I, however, prefer to use the "spend x$ to get free shipping" type promotion. This guarantees a minimum (necessary) profit margin, increased your average order total average and adds additional sales you may not have gotten otherwise. You will find holiday shoppers more likely to stay on site longer, navigate deeper and find more things to purchase in order to attain free shipping.

A guaranteed delivery promo is most effective the closer we get to Christmas. It can be bit tough to administer, but can also maintain the holiday sales increase for another week to 10 days past the "grey shipping period". Big money here, but plan and explain carefully, as it only takes one bad shopping review to ruin the remainder of the year's sales.

Once more for emphasis... Don't wait, start shipping orders as quickly as you can. Many times very quick shipping notifications will lower canceled orders and actually help promote your store with your shopper's co-workers and friends.

Securing Your Zen Cart

Melanie — Wed, 09 Nov 2011 16:18:38 +0000

Securing Zen Cart

Securing your Zen Cart is not a very challenging task, but not doing so can be a very expensive venture. In this age where hackers are the best programmers on the planet and credit card company fine up to $10K, there is no excuse not to hold your site's security at a high priority. Ignorance is not an excuse either... Visa, MasterCard Amex etc will still fine you even if "you didn't know". It's your website and thus your responsibility to know. My intention today is to give you a list of easy to intermediate things to do to secure your Zen Cart.

Keep in mind that different hosting configurations have different strengths and weaknesses. It is always a good idea to ask your hosting support for help and advice. If you have any comments, questions and even suggestions to add we would love to hear from you.

Installation

After installing your Zen Cart there are several things which need done to improve it's performance and security.

Remove the following installation and tool folders. Here is a list of free FTP programs.

/your_catalog/docs
/your_catalog/extras
/your_catalog/zc_install
/your_catalog/install.txt (this file can be removed, too)

You will need to rename your admin directory if you haven't already. Here is a tutorial from Zen Cart.
Now you will need to lower the permissions on your configure files. These should be as low as you can go. Start at CHMOD 400 and go up from there and no higher than 644. You will likely need to login to your hosting control panel file manager to do so.

/your_catalog/your_admin/includes/configure.php
/your_catalog/includes/configure.php

If you do not sell downloadable products in your cart then in your admin navigate to Configuration >> Attribute Settings and set Enable Downloads to false. Then remove the following folders from your installation.

/your_catalog/download
/your_catalog/media
/your_catalog/pub

In /your_catalog/ for Apache users (this is most all of you) edit the .htaccess. If you haven't one create and upload a text file named .htaccess. When using both FTP or file manager you will need to have "show hidden files" enabled for this. Add the following lines and save. I have specifically kept this rather basic, if your site crashed when you save it... remove the .htaccess and send it to your webhost to format better for your server config.

Options +FollowSymLinks All -Indexes
RewriteEngine On
RewriteBase /
ServerSignature Off

order allow,deny
deny from all

Operation & Performance

Go to Admin > Configuration > Email Options > Allow Guest To Tell A Friend and set the option to false. This will prevent non-logged-in customers from using your server to send unwanted email messages.
Go to Admin > Configuration > Email Options > Emails must send from known domain? = True
Go to Admin > Configuration > Email Options > Audience-Select Count Display = False (for performance)
Go to Admin > Configuration > GZip Compression = True (performance)
Go to Admin > Configuration > Sessions > Verify that the Session Directory is correct
Go to Admin > Configuration > Sessions > Force Cookie Use = True (this is optional and does not perform correctly on all servers)
Go to Admin > Configuration > Sessions > Recreate Session = True If your webhost tells you otherwise, then find proper hosting. This WILL allow session hijacking if set to false.
Go to Admin > Configuration > My Store > Server Uptime = False, security PCI fail
In your images folder and cache folder an .htacess should already exist, but if not get one from a fresh Zen Cart installation copy.
Folders should be CHMOD 755 and files (except your configure files) should be 644.
Remove the print URL feature from your browser (Zen Cart tutorial)
Limit admin access to only the required people. Create each their OWN admin account in Tools > Admin settings. Then install the admin logging report module so you can see what people are accessing and catch access issues when needed.
Do not leave your admin open and walk away. Avoid having your admin open with other webpages in the same browser.
DO NOT access your admin on an open or unsecured public network and NEVER access your admin with a mobile device.
Enable log archiving in cPanel or other hosting control panel.
Make certain (check with your webhost) that FrontPage Extensions are not installed.
Make certain your webhost is running a proper server firewall application.
If you have SSH access and you use it, its password should be exceptionally strong, 16 random characters or more. If you have SSH access and you don't use it, disable SSH so nobody can use it. There is sometimes an SSH control switch in cPanel. For reseller accounts and dedicated servers, there is a switch in WHM.
Turn off the following in your PHP config (will likely need your webhost to do this). register_globals, expose_php and safe_mode.

Maintenance & Procedure

Change all passwords every 90 days. Use strong passwords with numbers, letters, mixed case and symbols. Here is a great generator for passwords. Your are required by PCI/DSS standards to do this, have the procedure documented in your companies procedures and log the changes as they happen.
Do not store credit card information anywhere.
Get a PCI scanner to scan your website and office network every 3 months minimum. We use Trust Guard, but any approved scanner is fine.
Make frequent backups of your shop and database. Your hosting company can setup a daily backup for you. We run daily backups and keep the most recent daily, weekly and monthly backups on hand for restore.
DO NOT store your passwords in any digital format. email, Word Docs, etc... Pen and paper only if you must write them down.
Scan your computer regularly and keep your virus definitions up to date at all times.
Keep ALL software on your computers up to date (especially Adobe products). This includes browser plugins.
Check /your_catalog/cache/ frequently for debug files which would indicate an error or issue.
Create specific admin, FTP and other access for each vendor allowing them only the required access and remove access when completed.
Keep all web software (Zen Cart, WordPress etc) patched and up to date.
Always use SFTP or FTPS to access your files.
Do not rename files to .bak, .old, nor any other invalid file extension. Use .txt for example.
Protect new directories. Every single directory should be protected from directory browsing. This is most easily accomplished by using a blank index.html in each.
Keep a complete list of your site files in a "known good" backup on a disk other than your webhost, such as your own computer.

Remember ignorance will not save you from fines, loss of merchant processing and being sued. You must take action and secure your website, it is simply not optional.