***If you need any assistance with security patch updates, please send an email to: support@eboundhost.com or contact your Account Manager at eBoundHost.

Our network was hit with a series of Volumetric DDoS attacks in the past two days.  The attacks lasted for a few minutes before they were mitigated. The exact times were:

• Sunday, December 27th, 2:54 pm to 2:59 pm
• Monday, December 28th, 2:22 pm to 2:26 pm

Each instance sent a large amount of inbound traffic aimed at a segment of our network. We have isolated the method of these attacks and are continuing to monitor the affected segment.

A new form of crypto-ransomware that targets Magento can encrypt contents and demands a ransom paid in Bitcoin.

This means all files in your web directory as well as databases including your customer information, orders, credit card numbers, etc. become unreadable until you have paid the ransom.

It is imperative that you update your Magento site immediately.  Failure to update the latest security patch could leave you devastated.    This is what the opening message looks like:

The malware specifically looks for Apache and Nginx installations as well as MySQL installs in the directory structure of the targeted systems.  It also seeks log directories and the location of webpage contents before ultimately going after a variety of file types—including Windows executables, program libraries and Active Server Pages (.asp) files, and SQL, Java, JavaScript, and document files.  If the victim makes a payment, the malware itself will then initiate decryption of the files.  The malware decrypts them in the same order that it encrypted them, deleting the encrypted versions of the files along with the ransom note text files.  More information can be found here:  http://magento.com/security-patch

Fact 1: November and December months, on average, produce 30% more e-commerce revenue than non-holiday months.*   Fact 2: In 29 days, Black Friday through Christmas generate 50-100% more daily revenue compared to shopping days throughout the rest of the year.*   Fact 3: E-commerce shopping patterns vary dramatically by industry.  Apparel / Accessories and Computer / Electronics, are highly holiday-sensitive.*

Historical sales records will be broken this year.

Are you ready for the holiday traffic?

Be Prepared For The Busy Season

One of the toughest hurdles for an e-commerce entrepreneur to overcome is proper platform capacity planning.  Imagine, it’s 6:59 AM (PST) on November 28th (The day after Black Friday). Your alarm rings, and you reach for your iPhone to log into Magento back end to check overnight sales figures.  But wait, all you see is this:

You go to the front page of the store and you see the same error!  You’ve built this beautiful website,  invested in additional inventory, poured a gazillion hard earned dollars into PPC ads AND……  your marketing effort drove too much traffic for the server to handle.  Cyber Monday is just 2 days away, what are you going to do?

The Answer: 

If you are looking for a solution that will handle the holiday traffic spikes consider JetRails™ with eBoundHost.  JetRails™ is a proven managed Magento service that optimizes web site performance.  Our solution:

• Increases the amount of visitors your store can handle
• Reduces page load times (keeps shoppers on your site longer)
• Increases page views & time spent on site
• Lowers bounce rate & decreases abandonment

JetRails™ requires no codes changes.  This fully managed platform is deployed and configured with no disruption to your Magento store.

Let’s see if your store is ready for the holiday rush:  TEST MY STORE NOW

JetRails™ Doubles Magento Performance

Side by side comparison of page speed with & without JetRails™.

*Source: RJ Metrics

***Please note that this patch may interfere with certain Magento extensions and should be applied by your developer.***

Announcement from Magento:

We are investigating reports of Magento sites being targeted by Guruincsite malware (Neutrino exploit kit). We have not identified a new attack vector at this time, but have found that nearly all impacted sites tested so far were vulnerable to a previously identified code execution issue for which we released a patch in early 2015; sites not vulnerable to that issue show other unpatched issues. The malware can also take advantage of situations where an administrative account has been compromised through weak passwords, phishing, or any other unpatched vulnerability that allows for administrative access, so it is important to check for fake user accounts and for leftover demo accounts.

With the exception of a few identified Magento Enterprise Edition merchants, we have not found any other Enterprise clients that have been affected. Magento Security & Support Teams are actively working with those merchants to address the issue. We have posted full instructions for our Magento Community sites to identify and fix the issue and will continue to drive awareness across the Magento ecosystem to the importance of taking all precautions and implementing rigorous security measures.

If you need any assistance with security patch updates, please send an email to:
support@eboundhost.com

Misconfigured Magento Sites Using Nginx

Some misconfigured Magento sites using Nginx web server software are vulnerable to attacks. The misconfiguration allows outside access to Magento cache files. The cache files have predictable names and can contain sensitive information, including Magento database passwords. This information can be used to obtain access to an installation and customer information.

To address this issue when using Nginx or any other web server software other than Apache, you should make sure your client’s configuration file protects directories and files properly. Magento Security Best Practices includes information on configuring the server environment. 

Please work with your clients to update their server configuration files as soon as possible to address this vulnerability.

Unsecure Magmi Data Import Tool

It has also come to our attention that some sites use the Magmi data import tool without protection from outside access. This tool can be abused to gain full access to a Magento installation and it is critical that you act now and remove this tool from your clients’ production websites or limit access to it based on IP address or password.

 Source:  magento.com

Magento released the following critical security update (SUPEE-6482):

If you haven’t already patched your site, please do so as soon as possible.  If you have any questions or need any assistance, please send an email to support@eboundhost.com.

Link for SUPEE-6482 Security Patch

Magento released the following critical security update (SUPEE-6285)

If you haven’t already patched your site, please do so as soon as possible.  If you have any questions or need any assistance, please let us know and we will give you a hand.

Information about installing patches for Magento Enterprise Edition and Magento Community Edition is available online.

After coming back from the Magento Imagine Conference in Vegas, it was very clear that the fashion industry is exploding online.  The demand and growth of this segment is large enough for Magento to recognize and even demand its own presence.  This peaked the curiosity of many online retailers so we analyzed and tested 50 Magento fashion stores to see how they performed and uncovered some shocking data.

4 quick facts to know before we get into the data:

1.  Every third shopping search on Google is related to fashion!
2.  The fashion e-commerce segment may touch $35 billion by 2020.
3.  Fashion related queries are growing 66% year over year.
4.  Conversion ratios in women’s fashion are by far the lowest  (1.85%)

Overview:

With this segment growing so fast, its no wonder that conversion rates are low.  More competition, more traffic, and fewer hours in the day have caused some e-commerce stores to leave money on the table.  We will review the data gathered from 50 Magento fashion sites (25 Enterprise & 25 Community) and discover what can be done to generate more revenue and increase conversions using simple mathematics and two simple words that are under-used: SPEED INDEX.

Speed Index is the average time (in milliseconds) at which visible parts of the page are displayed.  This measures how quickly the page contents are visually populated (lower numbers are better).  It is useful for comparing experiences of pages against each other (before/after optimizing, my site vs competitor, etc) and should be used in combination with the other metrics (load time, time to first byte, etc…) to better understand a site’s performance.

Average time to first byte:  1.997 seconds
Average fully loaded time:  8.041 seconds
Average speed index:  4842

Out of 50 Magento fashion sites, the fastest performer was a Magento Community store on JetRails™.  The speed index clocked in at an amazing 1321 (3.6 times faster than the average), time to first byte is 0.259 seconds (7.7 seconds faster than the average) and the fully loaded page time is 2.908 seconds (2.7 times faster than the average).

What is JetRails™?
JetRails™, by eBoundHost, is a fully managed and highly optimized hosting platform built to accelerate website content delivery with sub-second response times, ensure platform uptime beyond industry standards and provide a fully hands-off managed experience.  JetRails™ customers spend more time growing their business and less time managing servers.

Improving Magento Speed Index:
Based on the data, let’s review some important observations.
1.  Magento Community and Enterprise Editions are prone to performance bottlenecks.
2.  For the most part, the lower the TTFB, the lower the speed index is.
3.  Apache, Nginx & Litespeed are prone to sub-par performance if not configured correctly.
4.  JetRails(TM) blows the competition away.
5.  Most web hosts can only do so much for speed, unless they can configure JetRails™.

Test your Magento speed index and performance metrics for benchmarking.

If your Magento store can use performance tuning for higher conversion rates, visit eBoundHost.com/magento for a fully managed and optimized platform or call us at 888-554-9990.

Magento released the following critical security update (SUPEE-5994):

If you haven’t already patched your site, please do so as soon as possible.  If you have any questions or need any assistance, please let us know and we will give you a hand.

Link for SUPEE-5994 Security Patch – Magento Community

Link for SUPEE-5994 Security Patch – Magento Enterprise

Earlier this month, Magento released the following critical security update:

If you haven’t already patched your site, please do so as soon as possible.  If you have any questions or need any assistance, please let us know and we will give you a hand.

https://www.magentocommerce.com/products/downloads/magento/

eBoundHost is all set to attend the Imagine Magento Conference in Las Vegas (April 20th – 22nd).  Now in its 5th year, this event brings together 2,400+ merchants, partners, developers and commerce experts from 40+ countries to network, exchange ideas and build relationships.  Imagine Commerce 2015 offers an opportunity for senior executives, marketers, developers, merchandisers and eCommerce visionaries from leading merchants, web design agencies, system integrators and technology innovators to collaborate and share the latest inspirations, technologies, techniques, and strategies transforming commerce.

If you are going to the conference, let us know.  We’ll meet you there.

This price change will not affect existing customers.  These changes are for all orders placed after 4/1/2015.

On April 1st, 2015 our Magento Cloud, Community, and Enterprise platforms will be upgraded and the following price change will come into effect.  To view the current pricing visit:  http://eboundhost.com/magento/

Community 16: $300/mo.

Community 32: $400/mo.

Setup fee for all Community (16/32/64) packages is set to $350 (one time)

Community Cloud setup fee is set to $250 (one time)

Enterprise Platform setup fee is set to $1,500 (one time)

Upgrades:  Daily, weekly and monthly backups, secure managed firewall update,  advanced monitoring, apache/nginx/varnish stack, FPC for Cloud.

If you have any questions, do not hesitate to contact our Magento Team at 888-554-9990.

You’ve probably read the last case study about Magento Fails, so we had to follow it up with something even more eye-opening that dives even deeper into live e-Commerce performance data.  We tested 52 stores that are in the same industry to see how competitive their speeds are.

OVERVIEW

52 random e-Commerce site were tested ***(not just the home page, but the product pages that are actually accessing the database).***  The actual sites and hosts have been blurred out because this case study is not about acknowledgement or pointing fingers, it’s about measuring metrics that have an impact on the bottom line.  You will notice that Magento sites are either top performers or are sitting at the bottom of the barrel when it comes to speed / profitability.  That is because Magento performance optimization is an art.  If you are new to Magento, please be aware that you will not be able to achieve amazing results by simply adding a few plug-ins into your store while hosting on a shared platform.  Optimizing Magento requires the creativity of a developer’s brain to be lined up in perfect harmony with the brilliant process-driven expertise of a Linux Administrator.  It takes 2 to tango.

BOTTOM OF THE BARREL DATA

TEST SITE # 34 – Magento Community Store, Highlighted In Yellow:

The time to first byte (responsiveness of the server) clocked in at over 7.11 seconds.
Google likes to see sub 0.300 second results in this department for consideration in organic rankings.  The load time of site # 34 clocked in at 12.196 seconds.  How many web-visitors will stick around to buy a product there?  According to Kissmetrics, 40% of people surveyed abandon a website that takes longer that 3 seconds to load.  For test site #34, that means about 21,000 of their unique visitors in the month of January abandoned the site because it was too slow.  I wonder how much money they spent to get all that traffic there?  In case you were wondering, they are running Nginx and are doing some caching.

TEST SITE # 49 – Volusion Store (IIS 8 – expensive licensing), Highlighted In Yellow:

The time to first byte (responsiveness of the server) clocked in at over 0.583 seconds.  Not too bad, but not amazing.  The load time of site # 49 clocked in at over 33.639 seconds.  Would you wait over 30 seconds for a site to load ?(Keep in mind that there are so many other competitive sites that you can visit by clicking the back button and going back to your Google search).  My thoughts are the same, I probably wouldn’t wait unless it was a unique specialty site of some sort.

A typical business hears from 4% of its dissatisfied customers.  96% of unhappy customers don’t bother to voice their complaint and 91% will never come back.  3 seconds of waiting reduces customer satisfaction by 16%, so if a web page takes longer than 18.75 seconds to load, then the shoppers satisfaction is reduced by 100%.  TEST SITE # 49 took over 33 seconds to load, so is it possible that their visitors were 176% dissatisfied? (Thats a joke.)

How much money is being left on the table / snatched away by competition?  I don’t have that data, but I’m sure it’s not a laughing matter….

CREAM OF THE CROP DATA

TEST SITE # 14 – Volusion Store (IIS 6 – very pricey), Highlighted In Green:

Kudos to the people that made it happen, but at what expense?  A time to first byte of 0.552 seconds; not too shabby.  2.383 second page load time?…. very nice.  Don’t let this data completely win you over.  Their pages are only about 600 KB in size with images that are hard to look at and average at best.  Just about any decent platform can deliver a 600 KB page in no time flat.  The speed index (average time at which visible parts of the page are displayed) clocked in at 2661ms (about 2x faster than the competition).  This is particularly useful for comparing experiences of pages against each other (before/after optimizing, my site vs competitor, etc) and should be used in combination with the other metrics (load time, start render, etc) to better understand a site’s performance.  I’ll get into this more in my next case study.

Bottom line:  Yes, fast page load times can be achieved by average sites, but again; it takes 2 to tango so the site design should be appealing enough to convert shoppers while serving pages up as fast visitors expect them to.

TEST SITE # 37 – Magento Enterprise, Highlighted In Green:

The numbers speak for themselves.

0.177 time to first byte
2.334 second load time
Fully loaded in 3.876 seconds
Speed index value: 1415 ms & 779 ms on repeat view
Page size: 1,367 KB

While other Magento stores are either running Apache, or Nginx, or LiteSpeed; this Magento Enterprise store is on another level and in a class of its own.  It is running JetRails(TM) with eBoundHost; which is a unique way of stacking Apache, Nginx and Varnish together.  Looking at this data, it seems impossible to make a Magento store run well without caching (Varnish/Redis) and just on Apache or Nginx (or IIS for that matter).

THE POWER OF ONE SECOND

So whats the big deal here?  Why all this talk about site speed and performance?  It seems to be a very common pain point with developers and store owners because every second counts.  Just 1 second could mean the difference between a shopper choosing one brand over the other.  What is one second worth to you?

CASE STUDIES Expert advice, guidance and solutions from ideas to creation.  Real transformations. Read Case Studies	MANAGED SERVICES Changing platforms is only the beginning.  Value added services keep you competitive. Learn More	PERFORMANCE TEST Out-of-the box isn’t good enough for your investment. Discover your bottleneck. Test My Site

5 facts that you need to know before we get started:

1.  As of January 12, 2015 there are 217,905 Magento stores up and running online.
2.  9,063 of them made it to Alexa’s top one million rank.
3.  The failure rate for businesses in general within the first 10 years of operation is 71%.
4.  With e-commerce, 65% of businesses fail within the first 18 months.
5.  90% of them fail before their 5 year anniversary.

I’m not going to go too deep into the reasons of why they fail, but I will tell you what we’ve seen based on working with a large number of Magento sites.  I can tell you confidently that most of the biggest mistakes boil down to one of 3 issues.

Magento stores fail because:

1.  They don’t get enough traffic.  (SEO / PPC companies not delivering promised results)
2.  They don’t get enough conversions.  (Poor design / unmanned analytics)
3.  They have a poor reputation / competitive position.  (This one should be easy)

You are most likely reading this post because you are intelligent enough to plan ahead and learn from other people’s mistakes so I will not waste your time on going into detail on how to fix these 3 items.  I will, however, share the most successful tools that were used for each issue.

Traffic

Climbing your way to the top of Google isn’t always easy, but content is king.  You may spend a ton of money for PPC (make sure the juice is worth the squeeze).  Get as much quality content out there as you can.  This is no secret, but will you dedicate the time to plan this out in advance?  OK.  Enough of that, you know what to do here.  Check out Moz.com.

Conversions

Are you copywriting your product descriptions well enough?  Are you going after the right buyers?  Is there a problem with your cart / checkout process? Is your check out process properly SSL’ed?  So have a good analytics program installed and study the metrics with an e-commerce expert.  Try using CrazyEgg.com.

Reputation

This is a no brainer.  Take care of your customers and genuinely care about their needs.  Respond to reviews; and if you get a bad one don’t ignore it.  Reviews are constantly being overlooked, so pay attention to them because your customers are.

If you are on this website at this very moment looking to make your Magento store better, then congratulations.  You are probably one of the 10% that are making it work.  You have already figured out a solution to the first 3 issues discussed above.  If you are like the other successful Magento store owners / executives that we talk to, then you are looking for a way to maximize your conversions (turn browsers into paying customers).

Fact:  A One Second Delay In Page Response Can Result In A 7% Reduction In Conversions.

How much money does your Magento store make?  What would happen if your site was just one second faster?  Let’s review a real life Magento store that we’ve worked on and currently hosting.  One of our clients generates about $54,700 in sales per day on average.  They understand how page load time affects conversion rate.  To them, one second equals roughly $1.39 million in sales every year.  Yes.  If their site becomes one second slower, they can potentially lose $1.39 million in sales, if it becomes faster they will generate $1.39 million more in revenue.

The real reason that you are here right now is because you want to maximize your profit margin.  This can be done with eBoundHost using our Magento Community or Enterprise Hosting Platform with JetRails(TM) Pro.  Do you want to see a skeptical person turn into believer?  Visit eboundhost.com/magento and discover what your competitors are learning about.  The only question that remains; are you going to get there before they do?

CASE STUDIES Expert advice, guidance and solutions from ideas to creation.  Real transformations. Read Case Studies	MANAGED SERVICES Changing platforms is only the beginning.  Value added services keep you competitive. Learn More	PERFORMANCE TEST Out-of-the box isn’t good enough for your investment. Discover your bottleneck. Test My Site