Ecommerce Development

Ecommerce Software Reviews And Assistance.

Securing Your Site and User Trust With SSL

Secure Sockets Layer (SSL) has two important functions associated with site security and integrity:

• When your SSL certificate is digitally signed by a trusted third party certificate authority, it helps to verify that your site is identifying itself correctly

• SSL encrypts all communications between the user and your site, making it difficult for somebody to extract anything useful even if they are able to intercept the communication

Every site that is owned by a business, non-profit organization, or government agency should have an SSL certificate. The only exception is where your site does not collect or disseminate any sensitive information.

When you have an SSL certificate, users can connect to your site via the HTTPS protocol. The “S” in HTTPS stands for “secure”. Although we use the term “SSL”, which is the one most people are familiar with, the standard has actually been superseded by something called TLS (Transport Layer Security). But you don’t need to worry about this because TLS is going to be enabled by default on any modern web server.

Even though the technology is enabled by default, sites that have an SSL certificate still need to set the HTTPS version of their site as the default protocol for inbound connections. A 2014 survey by Moz showed that less than 18% of respondents were already using HTTPS, and as recently as 2015, it was found that less than 2% of the top 1,000,000 sites had HTTPS set as the default protocol.

As a user, you can ensure that HTTPS is used whenever possible regardless of a site’s default settings by installing the HTTPS Everywhere plug-in.

SEO advantages
Using SSL may give your site a boost in Google rankings. In August 2014, Google announced that it would take SSL into account as a ranking factor.

It also must be considered that HTTPS does slightly lower the speed of a site, so if your site is already slow (which it shouldn’t be – fix it!), you could see your rank actually slip as a result of adding HTTPS. It will really come down to the differential between the benefit from HTTPS and the benefit from having a fast site.

Google wants sites to use HTTPS because it makes it easier to verify the integrity of a site, but that doesn’t automatically mean you need to do it. Most sites will benefit from having HTTPS, but because SSL certificates aren’t free, you might choose not to have one if the cost can’t be justified.

Risk vs. reward: the privacy and security advantages of SSL
You have to think about the financial cost of purchasing and renewing your SSL certificate. If there’s nothing on your site that needs to be confidential, you may not need to go to the trouble.

But if your site collects personal information from the user, has password authenticated log-ins, or engages in any sort of e-Commerce, you absolutely must have SSL if you want to avoid problems and retain the full confidence and trust of your users.

How to get an SSL certificate
Buying an SSL certificate is not like a regular purchase, because there are a few tests and checks that have to be done before a certificate can be issued. This is for the protection of everyone, including you. Usually the easiest way is to get your Hosting company or SEO manager to obtain the certificate for you, because this will simplify the process greatly.

If you’d prefer to do it entirely on your own, your first step is to generate a Certificate Signing Request (CSR) on your server. This is a block of encrypted text that looks similar to a PGP signature. What you need to type to generate the request depends on what server software your web host is running.

Most websites are hosted on Apache servers, and Apache uses a service called OpenSSL to generate a CSR. Here’s an example of how to generate a CSR for a company called Widgets-R-Us Inc, with domain widgets.com, based in Los Angeles:

openssl req -new -newkey rsa:2048 -nodes -out widgets_com.csr -keyout widgets_com.key -subj “C/=US/ST=California/L=Los Angeles/O=Widgets R Us Inc./CN=widgets.com”

The section that’s relevant about the company is the -subj section. This contains a string value with specific values, as follows:

• C is a 2 digit country code, for example: US, UK, IE, FR, DE, BE, and so on.
• ST is the state or province
• L is the city
• O is the organization name
• CN is the “common name”, which is a fully qualified domain name (FQDN).

There’s an optional value called OU that can appear between O and CN, but it is rarely used, and can cause problems. Currently (at the time of writing) the SSL certificate of Australia’s Department of Foreign Affairs and Trade is affected, for example. OU stands for “organizational unit” and means a department within the organisation.

After generating the CSR, it would look something like:

—–BEGIN CERTIFICATE REQUEST—– MIIHVjCCBj6gAwIBAgIQVXENtd02KRwAAAAAUNuvdTANBgkqhkiG9w0BAQsFADCB ujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT H1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy MDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG A1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0x NzAzMDIyMjA5MzNaFw0xODAzMDIyMjM5MzFaMIGNMQswCQYDVQQGEwJBVTElMCMG
—–END CERTIFICATE REQUEST—–

In this case it is contained in the generated file “widgets_com.csr”. You need to open that file in a text editor, then cut and paste all the text (including the begin and end instructions) into the online form of the SSL certificate authority you are ordering from. Do not confuse the csr file with the key file.

Once the certificate authority has validated your domain and company, it will email you a copy of your SSL certificate, which you then need to install on your server.

Due to the complexity involved, most people prefer to have professional assistance rather than opting to do it themselves.

WordPress eCommerce Plug-Ins Just For You!

WordPress is the technology driving a significant portion of small business websites, largely due to heavy promotion of the fact that it’s easy to manage and that just about anyone should be able to create a simple functioning website with it.

Hold that thought for a moment, because we’re about to slide into very different territory to anything resembling a simple website. From here we enter the murky waters of eCommerce, a dark and mysterious art that has led many to their doom. Or great prosperity. It’s all a matter of perspective.

The fundamental thing to be aware of is that eCommerce is like jumping in the deep end of the pool. If you’re not totally confident you can swim, you really ought to have somebody with experience watching over you to make sure you don’t go under.

The good news for small business operators is that plug-ins for WordPress do help to make the process of getting into eCommerce a little simpler. It’s still best to get help setting everything up unless you’re prepared to put in a lot of effort to learn techniques that you may only ever employ one time.

But once these items are properly set up, you should be able to manage your website with the same ease that you have always done under WordPress, just with the added benefit that your website can make money for you directly instead of indirectly.

Some of the best eCommerce plug-ins available currently includes:

• Ecwid – This could be one of the simplest to get up and running with, provided your sales environment isn’t overly complex itself. For a simple online store selling a small range of merchandise (either physical or digital), Ecwid fills that need perfectly, and without a steep learning curve to master it.

One thing to be aware of is that the developers of this plug-in have decided to monetise it by limiting how many products you can list on a free version, plus also restricting some features. Then the more you are willing to pay per month, the more features they’ll unlock for you and the more products you can list.

• WooCommerce – This is currently the most popular eCommerce plug-in for WordPress, but before you rush to join the hordes downloading it, hit the brakes and think for a moment. This was never a line in a Spiderman movie, but it should have been: With great popularity comes greater vulnerability.

You do need to be aware that if you use the most popular solutions for your site, there will be more people trying to hack you and greater chance that they will succeed.

Another possible drawback to WooCommerce is that you can’t just plug it into any old template and expect a good result. You really need to either have a template that was designed specifically with WooCommerce already in mind, or else be a template wrangling guru.

On the positive side, you can take some confidence from the fact that a large community of users also means easier access to support if you need it. The interface is also extendable, although that involves extra cost and effort. This is a good choice for eCommerce experts who are confident building their own systems or who regularly set up eCommerce solutions for their clients.

For the complete beginner, WooCommerce may have a little too much on offer, making it difficult to know where to start with it, although the documentation is very good.

• WPEPPA – Or as it is more properly known, WordPress Easy Pay Pay Acceptance is a plug-in that could be described as the polar opposite of WooCommerce.

Where the latter is sprawling, complex, and extendable, this plug-in does just one thing, and that is it makes you able to accept payments via PayPal, Visa, MasterCard, and depending on certain geographical factors, possibly other cards as well.

This plug-in is most suitable for those situations where your needs are simple and you don’t really want to get too fancy. You just want a simple tool that gets the job done, and this is it, provided you don’t mind PayPal’s high fees and tendency to block accounts when they think they smell a rat.

• Easy Digital Downloads – If you mostly sell digital items or things that have no physical existence (like, for example, psychic readings or prayers), the Easy Digital Downloads is a good choice. Just as with WooCommerce, it is extendable, but it’s different too because it’s actually easy to integrate into any WP theme, not just those which have been specially built for it.

While it is a little complex (the “easy” in the name means easy for your customers, not for the person setting up the shop), there is a lot of quality documentation available and for the most part it is quite intuitive. It’s suitable for beginners or experienced users, provided that the product range is essentially non-physical.

If you really know what you’re doing, it’s possible to wrangle it into selling physical goods as well, but why go to all that trouble when WooCommerce already lets you sell both types of products without having to get your hands dirty?

• Cart66 – When you want the most flexible range of payment options and the surety of having full PCI compliance without having to actually put in any of the groundwork, Cart66 is the right choice for you. This isn’t as extendable as many of the others on the list, but there are so many features built right in to the system that you probably wouldn’t find many scenarios where you’d need to extend it even further.

Cart66 deserves to be more popular than it is, but that lack of popularity is also one of its strengths, because as mentioned earlier, more popularity normally equals more vulnerability. There used to be a free version available, but today visiting the website only offers the possibility of a free trial, and thereafter pricing starts from $9.99 per month.

This plug-in is very flexible and can be used just about anywhere. It also is a lot less pedantic than many other eCommerce plug-ins, giving you more freedom to define what you sell and how you sell it.

There are plenty of others to discover
It’s never easy to compile a list of the best products, as people have greatly differing needs and there is a huge range of options out there. With the above list, you have a starting point, but you can certainly explore other options if you find that these don’t quite meet your specific needs.

eCommerce Hosting Options


Image Credit: CWCS (CC BY 2.0)
The first thing to be aware of when shopping around for eCommerce hosting services is that actually any hosting service can support eCommerce. What this means is that if you’re being given the option to pay a little more for specific eCommerce hosting instead of regular hosting, you need to look very carefully at what additional value or benefits are being provided to justify the extra cost.

Once you’re satisfied that it’s a genuinely good deal, you then need to consider whether it’s the best one to meet your needs. Sometimes the most popular services are not always the best, so it’s important to evaluate each and every one on their merits and not simply make the choice based on the fact that it’s a popular service.

With that in mind, we review three of the most widely used eCommerce hosting services in this article, and the results are shown below.

1. Shopify
This is the most popular eCommerce hosting services around, and is aimed at complete beginners to eCommerce.

Shopify has a lot of good points, such as:

• Simple to set up an online store
• Provides an integrated payment gateway and you can pay to add others
• Hosting is genuinely fast and reliable
• The basic service is PCI compliant
• Analytics are built into the system
• Customer support is typically good (can vary, depending on who you talk with)
• Large amount of documentation and resources available
• Everything you need in one place
• Does not charge for bandwidth
• Shared SSL certificate provided by default
• Abandoned cart recovery available – annoy your ‘almost’ customers to your heart’s content

The negatives may include:

• Need a verified credit card to sign up for a free trial
• High cost compared to regular hosting
• Charges transaction fees in addition to the subscription fee (may be waived)
• Uses “themes”, which limits you a bit if you prefer to design the site yourself
• Uses a custom markup language which should not be necessary
• Each product can only have 3 options to select from
• Difficult to migrate from Shopify to another service, due to the way it’s all set up
• Chargeback policy should be more transparent – too many are confused by it
• No adjudication or dispute handling system between merchants and buyers
• Difficult to integrate with other eCommerce options (eBay, Amazon, etc)
• Allegations of fund locking and store cancellations based on suspicion
• Consumers may not realise they have to actively cancel the free trial to avoid being charged
• Forces EU VAT compliance on digital goods (may not be negative, if you live in the EU or intend to travel there).

To get your transaction fees waived, you must use “Shopify Payments”, which is only available to customers with a verified US, Canadian, Australian or UK address. Tough luck if you were born in Mobile but you now live in Mombasa.

2. Volusion
When a service provides a lot of documentation, it’s usually a good sign. Except, when like Volusion, they provide way too much documentation. Aside from the fact that it would be very difficult to read all of it, the sheer volume is indicative to the new user that they will be in for a difficult time as they try to become familiar with the system.

Positives of Volusion include:

• Does not charge transaction fees
• Subscription fee is slightly lower than Shopify
• Very fast loading times
• Unique SSL certificate mandatory
• Simple and intuitive interface (does not equate to easy set-up, however)
• Excellent integrated inventory management
• ‘Volusion Payments’ seem not to be restricted by nationality
• Simpler chargeback management than Shopify (but maybe not always)

Negative points include:

• Charges for bandwidth
• No simple way to view bandwidth consumption
• Fewer apps compared to Shopify
• Fewer themes compared to Shopify
• Only some themes use responsive design
• Uses themes, which is limiting if you like to create your own design
• Created with ASP.Net, meaning they run it on Windows servers
• Added annual cost of SSL certificate
• Sometimes charge unexpected fees without notice or warning
• Google accused Volusion of link manipulation
• Requires some technical proficiency to get best results
• Very difficult to migrate to another service
• Stupid name

For the small business customer, there are too many negatives to justify the investment. Capped bandwith with no simple way to view bandwidth consumption is the biggest problem, but there’s also a number of other things, such as the extra coding and configuration you’ll be required to do before you can get up and running.

For big business, the absence of transaction fees, the ability to do everything on your own domain seamlessly, and the high speed network may be enough to offset these frustrations. If you can get past the stupid name, you’re doing a lot better than many others.

It may sound like this review is being rough on Volusion, but not nearly as rough as these guys are being, so you can make up your own mind about whether Volusion is a good investment of time and money for you.

3. BigCommerce
This system is just a baby in comparison to Volusion and Shopify, but they are big in every other way. Providing very similar services, but in what feels like a more personal way.

Pros of setting up your shop with Big Commerce:

• No transaction fees, period
• Integrated card processing gateway
• No bandwidth limits or capping
• Huge range of features from the outset, you don’t need to keep adding extras
• The friendliest, happiest user education system of all, through “BigCommerce University”
• The education provided is detailed, informative, and very on-point
• Fast (but not Shopify or Volusion fast)
• Everything works really well, you don’t need to be a technical expert to get a simple store working
• Abandoned cart notifications, so you can be a pest to customers who don’t complete their purchase
• Customer service is very professional and efficient – they care about retaining existing customers
• Plenty of support options
• Not locked in to templates. You can use the templates provided, modify them with plain HTML/CSS or build your own templates. This is not found at Shopify (where you have to learn a whole new markup language) or Volusion (where “customisation” is a foreign word not in their vocabulary).

Cons of setting up shop with BigCommerce:

• Inventory management is inferior to Volusion, roughly on par with Shopify
• Fewer add-ons available than with Shopify or Volusion
• Lowest cost is higher than lowest cost on Shopify or Volusion, but also is high value
• Difficult to migrate out from the platform to something else
• Takes a long time to learn every possible thing which is why there’s so much support
• Some customers have complained about volatile policy

The real plus with BigCommerce for developers and people with any sort of technical skills is that BigCommerce is the most open system with regard to allowing you to customise things to your heart’s content. By not locking you into templates or themes and allowing you to code directly in ordinary PHP, HTML, CSS, and JavaScript, it is the most flexible of the three systems reviewed here.

For the non-technical, there’s no problem at all, as everything will work very simply without you needing to learn any hocus pocus, but on the other hand if you do want to make adjustments, anybody you hire to do the job will be able to do it because it’s straightforward coding.

BigCommerce is also somewhat of a standout because they have the least number of people calling them crooks compared to the other two top services. Of course this doesn’t mean the other two services are crooks, it just means there are a lot of people saying that they are. You may find some reassurance in knowing that the eCommerce host you select hasn’t drawn a considerable amount of public hostility

The verdict
All things considered, it really depends what you’re looking for. As a beginner, and needing only a simple online store, Shopify may fill your needs easily.

Volusion does have some strengths, especially for big businesses who can absorb high operating costs, but that issue of charging high overage rates on bandwidth coupled with the fact that there’s no simple way to monitor the bandwidth consumption, makes it difficult to recommend Volusion for the small business operator.

Point-for-point, BigCommerce provides the best value for money to the merchant, and provides outstanding customer support and documentation. Ironically, BigCommerce seems to be the best choice for small businesses that are serious about committing to eCommerce and are willing to go beyond the basics.

Could G Suite Enhance Your E-Com Business?

In 2016 Google rebranded their business apps to ‘G Suite’. This video may help you decide if this Google product is worth exploring further!

For more information see G Suite

Plesk + Softaculous Auto Installer