As you will know Adobe announced that Magento 1 (M1) will reach end of life June 2020. Store owners will be quite rightly concerned about how this impacts their site and what they should be doing now.
Apple browser Safari to ignore TLS/SSL certificates that are valid for more than 13 months beginning September 1st 2020.
Magento Open Source 2.3.4, 2.2.11 and security only patch 2.3.2-p2 now available
EV or Green Bar' SSLs were 1st introduced in 2007 as a means of showing that the owner of the site had gone through extensive checks by the certificate providers to prove that there were indeed the owner of the domain in question. The idea was to provide further reassurance to the end user that the site was safe to use in particular for secure transactions. The key difference to the end user was that the name of the company who owned the domain was displayed in the browser alongside the url.
Magento 2.3.3 release or for those not ready to update a new Security Patch 2.3.2-p2
Chrome to begin blocking all non-HTTPS content. HTTPS pages will be restricted to only loading secure HTTPS sub-resources in a gradual process.
Support ends for Magento 2.2.x September 2019.
A vulnerability has recently been discovered in PHP and we recommend Magento Commerce customers adopt changes to address the issue.
A presentation by John Hughes on indexes and why refreshing them is not best practice or as he put it "Stop refreshing the @#$%&! indexes"
The presentaion takes an irreverent look at indexes laying out the aims, what indexes are, their impact on performance and what should be done. We also have knights, kings, dancing and dragons (Giffs are as much a past-time for Hughes as Magento).
Give you a solid understanding of Magento's indexes
Outline the impact indexes can have on store performance
Provide you insight on following the process of how data is indexed to aid with dubugging common issues.
An index is responsible for collecting, parsing and storing data to facilitate fast and accurate information retrieval. Hughes describes an index as a form of caching but where the data is transformed during the process. Indexes prevent the server from repeatedly making complex calculations in the form of database queries to retrieve often needed information. The larger your site the further the performance impact is without indexes.
See below John Hughes simple terminology.
We the learn what Magento Indexes:
Product inventory (stock) status
Product attribute data
Product category associations and more....
As an example pricing:
The final price displayed to a customer on the frontend can be impacted by:
Special price (and from / to dates)
Tiered / customer group pricing
Catalogue price rules
All of which can be per website!
Or as Hughes puts it:
Then consider the complex product types:
Configurable / grouped
Min / max price (e.g. cheapest / most expensive product)
Min / max price (e.g. cheapest / most expensive items combination)
Dynamic / fixed pricing of all child bundle items
Hughes goes on to look at indexing modes Update on save and Update on schedule
Here you see how saving just one product with update on save clears the full page cache for every single product and if all products are affected then all categories are too so full page cache is also cleared for every single category!
So having established that is an incredibly bad way of doing things we now look at update on schedule, or essentially a cron task (running default every minute).
This feature is available in Magento 1 Commerce Edition 1.13.0 and newer, and Open Source Edition for M2. Indexes are run via schedule so no longer immediately after save. Things get even better as only the the data that has been changed will be indexed and only pages relevant to that record are removed from the full page cache.
From here Hughes goes into more detail concerning the cascading effects of refreshing indexes, what you need to look at and best practice for going foreward, and dragons, don't forget the dragons.
For the full presentaion CLICK HERE
Magento Supee 11155 available now offering a range of security updates.
If you are working with composer you may also need to work with a specific version of php. While you can edit composer.json it is easier to specify when you call composer...
As any of our customers will know Plesk has always provided 1 click PHP selection on a per domain basis. This is a powerful tool for anyone rolling out different applications or testing upgrades with newer version of PHP. However, Ubuntu 18 supports only those versions of PHP that support OpenSSL 1.1, and that are PHP 7.x and newer. Therefore, if you require php 5.6 then you will need to take additional steps and manually install PHP 5.6 and add this as an additional handler in Plesk.
New patch release: SUPEE-11086.
New releases and security Updates coming soon on March 26th 2019
A long awaited minimum update for WordPress PHP requirements.
A vulnerability has been discovered in Magestore Locator extension.
For many retailers the moment the customer hits the ‘buy’ button the transaction is over. What occurs post-purchase can be equally beneficial to creating a trusting and lasting relationship no more so than the delivery of their item.
Authorize.net will stop supporting MD5 based hash usage on March 14.
An under-appreciated improvement was made with the release of Magento 2.3, included support for the Open Source version of Elasticsearch.
There is an increasing number of SPAM user accounts targeting Magento stores.
Here we look at what can be done to prevent further malicious sign-ups.