Tweet According to Google, around 32% of visitors abandon a page that takes more than three seconds to load. That alone is a huge blow to your potential conversions. We are organizing an exclusive invite-only masterclass on the “Ultimate 3-Step Process on How to Achieve a Page Speed Score of 100/100” in partnership with Growisto, a Digital Growth company that specializes in technology and marketing services. Key learnings: What is Google Page Speed Score and Core Web Vitals? Why do they matter? What are the different stages that matter in this process? A step-by-step plan of action for page ..read more

Tweet From time to time we have guest posts on the blog. Today’s post is from Growisto.com When it comes to page load speed, every second counts. In fact, Google research shows that when loading times increase from one to three seconds, the probability of a bounce (the visitor leaving right away) increases by 32 percent. Hence, it is important to optimize your site speed in order to enhance customer experience and lower your bounce rates. A faster page speed would also impact your search engine rankings. One of the most recommended ways to check and optimize your page speed is through Google P ..read more

Tweet From time to time we have guest posts on the blog. Today’s post is from Konstantin Gerasimov at goivvy.com. Magento 2 sites make their platform version public. You can visit ‘domain.com/magento_version’ and get a message like this: Magento/2.4 (Community) You can go to your site, append /magento_version and wonder why Magento developers team made it public. I consider it a security risk and here is how to fix it. All you need to do is to disable Magento_Version extension: php bin/magento module:disable Magento_Version You might want to recompile afterwards: php bin/magento deploy:mode ..read more

Tweet If you have been seeing very slow pages in your admin panel lately for Magento 2 store owners, or random spinning icons while waiting for pages to load in the admin, it may be related to a change Adobe made to some of their JavaScript files. Specifically, if you have the feature on for “Admin Usage Tracking”, which is defined as: Grants permission for Adobe to collect usage data to improve the experience of using the Admin, and related products and services. Allowing data collection also enables In-Product Guidance which is designed to bring interactive content s ..read more

Tweet Adobe / Magento released an emergency patch on Sunday February 13th for all Magento 2.3.3-p1 and higher stores. The Security Bulletin (APSB22-12) describes a remote code execution (rce) vulnerability for Magento 2 stores (both Commerce and Open Source). An RCE allows a hacker to run code or upload a file on a store without needing any special privileges. It is the worst kind of vulnerability for ecommerce software. Adobe indicated that it was already being exploited “in the wild”. The patch is a small 2 file adjustment that stops the vulnerability through better sanitizing inputs. The fi ..read more

Tweet If you are using Magento 2 Commerce / Adobe Commerce and make use of the Gift Card feature, there is a simple fix that can speed up the use of gift cards in the cart (both checking the balance and applying them). The database for gift cards, specifically the table magento_giftcardaccount, is missing a crucial index that can cause very slow gift card usage if your store has a lot of gift cards. The column “Code”, which is the gift card redemption code, does not have an index on it. There are queries that run when a customer checks the card balance, or attempts to apply the card in the car ..read more

Tweet The latest zero-day Apache log4j vulnerability has surprised the online community with how pervasive this issue is in many systems and software packages. It allows hackers to run commands on any server that is running this vulnerable software. Here at LexiConn, we have patched all vulnerable applications like SOLR and Tomcat, or have verified the versions in use are not vulnerable to this issue. For our Magento clients, Elasticsearch is not susceptible to the remote code execution vulnerability, so there are no issues related to the use of Elasticsearch. We will be updating all Elasticse ..read more

Tweet From time to time we have guest posts on the blog. Today’s post is from Konstantin Gerasimov at goivvy.com. E-commerce sites can suffer from hackers injecting pieces of JavaScript to sniff credit card or other sensitive data. It’s usually a checkout page with payment forms where JS code could be placed. There is a simple yet effective way to catch it. You store the original checkout page HTML and then regularly compare your current checkout page against ‘the gold standard’. In this article I’ll describe one way of automating this security check using a $10 linux box.   1. Test Case ..read more

Tweet During the COVID-19 Pandemic in late March, one of our Magento 2 Commerce clients had some massive traffic and sales. In partnership with Creatuity, the development agency for the client, we worked to scale up their site to handle this surge in visitors… This blog post will look at the steps we took on the hosting end to meet this demand. Identifying Bottlenecks Visitors to the client’s website went through the roof from news exposure and marketing. From one night to the next, concentrated visits increased 5 to 10 times, which was an issue. The hosting cluster set up for their store was ..read more

Tweet Magento has recently released version 2.4.2 of both its open source and commerce editions. This release has may bug fixes, performance improvements, and security patches. The release also backports the security patches to 2.4.1-p1 and 2.3.6-p1. On the security side of things, there are a number of exploitable vulnerabilities that were patched. The more serious issues require some level of admin access, but there are cross-site scripting issues, and a few other security areas where this patch is highly recommended. Some of the highlighted improvements include: Support for Elasticsearch 7 ..read more