Adobe to Marry Magento, A match made in heaven ? Our take on Adobe”s acquisition of Magento Commerce

magento website

Mark Lavelle, CEO, Magento Commerce announced that Adobe has announced their interest to buy Magento in a blog post.

He wrote “I am excited to share some BIG news. Today, Adobe announced their intent to acquire Magento! This marks the next step in our journey to drive innovation across every facet of commerce.”

TechCrunch, the popular tech blog thinks this should  help Adobe compete with Salesforce, which offers its own marketing, sales and service offerings in the cloud and which bought Demandware for more than $2 billion in 2016 to provide a similar set of functionality.

We as leading Magento Developers from Sri Lanka are all excited about this merger of two giants that we work everyday with. We use Adobe software to design and develop Magento websites. Thats why we feel this union is one made is heaven ! 🙂

More reads about Adobe’s Magento acquisition. 

https://magento.com/blog/magento-news/adobe-to-acquire-magento

Adobe to acquire Magento for $1.68B

http://www.businessinsider.com/wall-street-reaction-adobe-magento-deal-2018-5

https://magento.com/blog/magento-news/adobe-to-acquire-magento

 

Commercial Bank Upgrades their Internet Payment Gateway to offer new functionality

Enhancements announced by the Commercial Bank of Ceylon to its Internet Payment Gateway provide new functionality for Small and Medium Enterprises (SMEs) to offer seamless and secure e-Commerce and m-Commerce solutions to their customers.

The only Sri Lankan bank operating an Internet Payment Gateway hosted by MiGS (MasterCard Internet Gateway System), the Commercial Bank said the ComBank Payment Gateway (CPG) now offers many features that facilitate SME type transactions, without the complexity and costs of existing e-commerce structures.

Sophisticated anti-fraud features make it possible for customers to view products, place their orders, generate invoices and pay online in a secure environment that meets the highest global standards, with both ‘MasterCard Secure Code’ and ‘Verified by Visa’ authentication, the Bank said.

Transactions are Payment Card Industry – Data Security Standard (PCI-DSS) compliant, thereby providing maximum protection of card holder information, the Bank said. Processing of refunds is also possible while maintaining the integrity of the system and protecting sensitive information.

“Our enhanced payment gateway offers users many exciting opportunities for growth by augmenting access to their products and services and making payment for them extraordinarily convenient and safe,” said Sanath Bandaranayake, Commercial Bank’s Deputy General Manager Operations.

“The COMBANK Payment Gateway supports multiple channels and currencies and offers dynamic conversion of currency, allowing a customer to pay in a currency of choice,” the Bank’s Chief Information Officer Rohan Muttiah said. “In addition to providing convenience this also reduces transaction costs associated with currency conversion and processing charges and makes the payment gateway a desirable channel for discerning organizations and their customers,” he added.

MiGS hosts the payment gateways of 60 banks in Australia, New Zealand, the Pacific Islands, South East Asia, South Asia, the Middle East and Europe, and also offers a fully remote disaster recovery site, with fast fail-over available on the system. Further information on this can be obtained from comcard@combank.net.

Ranked second among all corporate entities in Sri Lanka in the latest Business Today rankings, the Commercial Bank of Ceylon PLC owns a network of 184 branches and supermarket banking counters and operates an automated teller network of 380 ATMs in Sri Lanka, the largest on-line cash dispensing system in the country. The Bank has been adjudged Sri Lanka’s ‘Bank of the Year’ seven times by ‘The Banker,’ ‘Best Bank in Sri Lanka’ for 12 consecutive years by ‘Global Finance’ Magazine, and ‘The Best Bank in Sri Lanka’ by FinananceAsia twice. It has also been rated ‘Best Local Trade Bank’ in Sri Lanka by the UK based ‘Trade Finance’ magazine and is the only Sri Lankan bank with the demanding ISO27001 information security certification.

http://www.combank.net/newweb/en/news/9-press-releases/posts/77-commercial-bank-internet-payment-gateway-offers-new-functionality

Lorem Ipsum in Sinhala

ලෝරීම් ඉප්සම් යනු සරලව මුද්‍රණ හා අකුරු ඇමිනුම් කර්මාන්තයේ උදාහරණ අකුරු පෙළ වෙයි. 1500 ගණන්වල සිට මේ දක්වා ලෝරම් ඉප්සම් කර්මාන්තයේ සම්මත අකුරු පෙළ ලෙස භාවිතා වන්නට පටන් ගත්තේ නාඳුනන මුද්රණ ශිල්පියෙකු යම් අකපුරු මිශ්‍රණයක් රැගෙන ඒවායෙන් අකුරු ආදර්ශ පොතක් සෑදීමට ගත් පසුවය . එය ශතවර්ශ පහක් පමණ නොවී පැමිණ ඉලෙක්ට්‍රොනික යුගයටද පිවිසුණි . 1960 දී ලෝරම් ඉප්සම් කොටස් අඩංගු ලෙට්‍රාසෙට් තහඩු නිදහස් කිරීමත් සමඟ ජනප්‍රිය වන්නට පටන් ගෙන මෑතකදී පේජ් මේකර් වැනි මෘදුකාංග සමඟ ද පැමිණීම නිසා ලෝක ප්‍රසිද්ධියට පත්විය.

SECURITY BEST PRACTICES FOR WORDPRESS WEBSITES

WordPress securty best practices  – 2019

Keep WordPress up-to-date (duh)

When you login to the wordpress dashboard and see that “Update available” banner, click it and update your site. If you’re not sure about something breaking, make a backup before installing it. The important thing is that you do it, and with regularity. Information about any security holes that were fixed from the previous version are now available to the public, which means an out of date site is all the more vulnerable.

Recommedation : enable core wordpress auto update

Keep plugins and themes up-to-date

Just as you update the WordPress Core regularly, you should also update plugins and themes. Each plugin and theme installed on your site is like a backdoor into your site’s admin. Unless properly secured (vetted thoroughly, updated regularly, etc), plugins and themes are like an open door to your personal info.

Recommedation :  Set Plugins and Themes to Update Automatically when ever possible. License and register all premium plugins.

 

Delete all  plugins or themes you’re not using. 

Along the same line of thinking as what’s listed above, getting rid of any plugins or themes you don’t need will reduce the likelihood of being hacked. If you’re not using them, you’re not going to want to update them, so it’s a much better idea to delete them.

Recommedation:  Deactivating plugins isn’t enough; you must actually click “Delete.”

 

Secure file permissions.

Avoid configuring directories with 777 permissions. If any plugin demands this setting, please don’t use them. There is always alternative plugins.

Recommedation  : You should set directories to  755 or 750, instead, according to WordPress.org. While you’re at it, set files to 640 or 644 and wp-config.php to 600.

 

Recommedation  : Never use “admin” as a username. 

If you’ve already installed WordPress using “admin” as your username or something else very simple, you can change it by inputing an SQL query in PHPMyAdmin .  Its recommended to make the username hard to guess just like the password.

Also its recommended to hide author usernames from appearing under posts and pages. It gives away usernames in the database to hackers making it easy to plan a brute-force attack on the password.

 

Change your password often  and make them really strong

Random strings of letters and numbers are best. If you don’t feel like coming up with something manually, you can use a password generator to accomplish the task like

Norton Password Generator or Strong Password Generator.  Also wordpress user manager generates real strong passwords.

 

Recommedation   : Add two-step authentication to backend.

A really good way to prevent brute force attacks is to set up two-step authentication. This means a password is required plus an authorization code that is sent to your phone in order to login to your site. Often, the second login code is sent via SMS. Several plugins can be used to add this feature including ClefGoogle Authenticator, and Duo Two-Factor Authentication.

 

Recommedation  : Limit login attempts. 

The brute force attack is tactic #1 for hackers. If you let them, they’ll try to login to your site over and over again until they crack your password. That’s why it’s called “brute force” because the onslaught is relentless. However, there are plugins that allow you to limit the number of times a person from a specific IP can attempt to login within an allotted period of time. The user is restricted from attempting to login again for a given period of time. Login LockDown is great for offering this feature but other plugins that offer a whole set of security features often include login limiting like iThemes Security and Sucuri Security.

 

 Limit user access . 

A good rule of thumb is to only grant access to those who absolutely need it and even then, only give them the bare minimum of permissions to complete their assigned tasks.  WordPress allows creation of non-admin backend users, assign editor roles to everyone who are not technically capable to tweak the website global settings is recommended.

Recommendation :  Create less Administrator accounts and downgrade other accounts to bare minimum permissions to carry out their work.

 

Backup your site. 

Scheduled backups are an essential part of any site’s security strategy because it ensures that if your site is compromised, you’ll be able to restore it to a version prior to the damage with ease. Choose an automated solution with built-in restore options.

Recommedation:  offsite backup like DropBox or GDrive is a must.

 

Check for theme authenticity and conduct security scans. 

Just as you install an antivirus software on your desktop or laptop  to check for malware, so too should you install a scanner on WordPress. A security scanner will check for malicious code in your plugins, core files, and plugins to ensure nothing has been tampered with. Several scanners exist that you may wish to consider including Sucuri SitecheckCodeGuardTheme Authenticity Checker, and AntiVirus.

Themes bought from theme stores like Themeforest releases security patches time-to-time fixing major security issues in their themes. Be sure to subscribe to their mailing lists and know as the updates are released and update asap.

 

Limit Admin Access to limited known IPs / computers   (extreme measure)

This can really make life hard for admins to since only computers with a static IP can be used to access the wordpress backend  like from a office computer. Most of the mobile, 4G,3G routers does not have static IPs, so access will be difficult when this step is implemented.

But in a difficult to manage hacking attack, this can help until the website is secured and stabilized.

 

Be sure to logout from the admin when you use a public computer and don’t save passwords

Should you happen to use a public computer, like one in a library to access wordpress backend, please remember to logoff before leaving the computer to prevent others accessing the admin panel.

Just closing the browser does not end your session on the wordpress backend.

Also check if the passwords are getting saved to the browser automatically.

 

Recommedation  : Disable user registration

If you don’t need people to register on your website, disable WordPress user registration feature.

This stops lot of spam problems and people using email to snoop on your websites internal working like  examining email header to understand the server technology.

 

Remove the Plugin and Theme Editor

This online tool available to all wordpress websites allow administrators to program online using php.  This can make a hackers life easier as he does not have to bring his own tools to program and change the website if he succeeds in getting in to the website.

 

Disable PHP errors

Hackers use various error messages generated by the website to find weaknesses on the server and plan an attack. Always disable php errors and debug info.

 

Recommedation  : Install an auditing plugin to monitor backend activities.

good plugin for this purpose is  WP Security Audit Log. This free plugin maintains a log of everything that happens on your site’s backend, so you can easily view both what users and hackers are doing. This plugin keeps track of everything from when a new user is created to file management to published post changes.

 

Recommedation  : Hide the login URL  wp-admin and wp-login

Many plugins are available that make this simple change for you including Lockdown WP Admin as well as several of the major WordPress security plugins. This is an important step to stop automated hacking scripts from attacking well known wp-admin and wp-login urls.

 

Recommedation   : Use a reputed hosting service with easy to access technical support.

How well your website is secured,  there will be a day that I can get hacked, sabotaged or mal-functioning because of a user mistake. Then might we need technical support from the hosting server to  give us a backup from last working state or just to assist us on recovery process.

Better to use a hosting service with a account manager, then that person will know your website from the beginning , which make it easy to get help.

 

Finally : Take care of the passwords.

Don’t save passwords on computers in plain text. Most modern computer viruses scan user files to locate usernames, passwords and creditcard numbers.  If they find any, they will get sent to  automated programs that will carry out attacks on websites and servers.

Using a password manager software like Last pass is recommended.

 

In case of a hacking !

Let a skilled web developer/ ethical hacker do his job in recovering and then strengthening the website security.

Call us if such person is not available in handy or  you need it done at an affordable cost!

Voodoo and other forms of sorcery are also encouraged to bolster protection of the website. 😉

June 23rd – 25th Google Search Algorithm Update Seems Real

Lot of Search Engine Experts are claiming that Google has updated its Panda and Penguin algorithms between 23rd and 25th of June.

Search Experts came to this conclusion after observing the SERP ( Search Engine Ranking Position) variation of my websites.

Google Desktop SERP Fluctuation Last 30 days

Althout its too early to find what exactly has changed in the algorithm, many suggest its about content quality and internal linking.

Googles Muller has given a hint on the update in below tweet.

 

 

Please check this post for more updates later on.

Google Plans to Replace Google Site Search with Custom Search Engine ( CSE )

Google plans to discontinue Google Site Search, a product it has sold to web publishers that wanted to apply the industry’s leading search technology to their own sites.

CSE Sign up for the basics is free, but should you need to remove Google branding and adverts , then it starts from USD 100 a year!

Check out what are the differences and how it affects your website , if it is using Google site search already.

Google Site SearchFree CSE
Search options
Search the entire web
Image-only search
Look and feel
Option to remove ads
Access to XML API for results
JSON APIUnlimitedDaily limit
Make money with AdSense
Option to remove Google branding
Administration
Transfer ownership
Share query quotas with a business group
Technical Support
Access to the support forum
Email support

Learn more about Custom Search Engine by Google.

This could affect your SEO if you have implemented GSS in your website, please consult a SEO Sri Lanka Service Provider or a Web Design Company in Sri Lanka to consult about how to fix this.

Joomla 3.7 is released with a ton of new features including custom fields!

Joomla.org has released the latest version of Joomla! with a load of new features. Joomla Developers around the world will be excited to try out the uses of these new features and improved workflows

Custom fields allows a joomla developer to show additional information with articles such as data from a database. Multiple types of fields are now supported in Joomla 3.7 including text fields, lists , selects etc.]

Multilingual Sites

Making multilingual sites is easier and better managed thanks to the multilingual associations feature.

Improved Workflow

Build your menu item and your content type in one step!

More Convenience

  • See your global settings in your item, no more guess work or having to double check.
  • A flatter, more modern backend template.
  • An upgraded date and time picker, now multilingual.
  • A single login for your site’s backend and frontend. No need anymore to login separately!

Read the full news article at https://www.joomla.org/3/

magento web development sri lanka
  1. In Magento Admin Panel and navigate to System > Configuration
    magento_rss_enable_menu
  2. Rss Config section set Enable RSS to ‘Enable’.
  3. In the Catalog section set required feeds to ‘Enable’. An experienced Magento Developer may know what needs to be activated.
    • New Products. This RSS feed tracks new products added to the store catalog.
    • Special Products. This RSS feed will syndicate products with special pricing.
    • Coupons/Discounts. Any special coupons or discounts in your store will be added to this RSS feed.
    • Tags Products. The tags products RSS feed manages and syndicates newly added product tags.
    • Top Level Category. This RSS feed tracks new top level categories or root level categories in your catalog.
  4.  Press Save Config
  5. To see the RSS feeds activated add ‘/rss’ after your site URL, f.e. ‘http://yourdomainname.com/rss’:

Why has WordPress taken a lions share of CMS market over others like Joomla and Drupal ?

WordPress is used to create 58% of most visited 1 million websites of the world! While Joomla and Drupal are great CMSes, its important to understand how wordpress got 58% of the most visited websites and improving.

While it is apparent that the leading CMSes WordPress, Joomla and Drupal are matured, fully featured CMS systems with huge amount of community and industrial backing , wordpress  stands out . Lets see what are the advantages of WordPress which people love it so much.

  1. Target

    WordPress targets content websites , specially bloggers, while other CMSes try to be the cure for all the diseases!
    having clearly defined use helps wordpress to be easily found and to be improvised to other uses.

  2. User Friendliness 

    Its by far the easiest CMS to be get started with. Hosted or self-hosted, WordPress allows to create a basic website within minutes.

    And when its setup, its completely ready to start publishing content, unlike other CMSes which you might want to install several plugins and configure them to work correctly. The best example is your WYSIWYG editor, wordpress comes with a very decent editor by default while Joomla’s TinyMCE which is far from perfect and Drupal does not come with a editor at all!

    Installing plugins and extending the features is also easy with WordPress. Built-in plugin browser can install most of the required extensions inclusing famous WooCoommerce which is the leading ecommerce plugin for WordPress.

    These are not the only factors affecting the sweeping success the wordpress cms is enjoying these days. but the clearly defined user base and ease of use is clearly helping it to win the CMS race.