Website UX in 2021 Cause Visitors To Leave Your Website

As the growth of internet and technology, most websites today are using all types of popups to display deals, track performance, provide latest news, or make sure users understand the services that your website are providing etc. However, the more popups you use, the more likely it would bring a negative effect to  your users, causing them to leave your website, and decrease conversion rate.

Here’s an example of the most common popup display types you’d see in most websites in 2021. Is your website using any of these popups as well?

Astral Web specializes in website designs that are user experience friendly. Contact Astral Web today to help optimize your website user experience, improve session durations, and increase conversion rate!

Magento Open Source vs Commerce & How to Choose

Transcription:

Hey, everybody. This is Ori from Astral Web and in today’s video, I’m going to introduce to you the difference between Magento Open Source and Magento Commerce versions. I’m going to introduce all the information you need to know and try to help you and point you to the direction of choosing which one you should choose for your business. Now, in addition to the information we’re providing, I really want everybody to ask questions, comment on the YouTube videos, and I’ll try to help you guys with specific cases because this video is fairly general.

It’s going to give you a lot of information, but your specific case will help you decide which one you need to choose, and if you share more in the comments, I’ll be happy to direct you into this case. So a few things before we start. So number one, Astral Web, our company, is we’re Magento partners, so I just need to disclose that. And second thing is we’ve done tens of projects with Magento and Magento Commerce and we understand very well which ones you should fit for which one.

Not all cases need to use Magento Commerce, not all cases need to use Magento Open Source. So this is an informational video to try to help guide you and share information, share knowledge. Okay? So what I’m going to do is we prepared a slide that we’ve been using for a while and I want to share a little bit of some things. And in addition, we have two versions, we have a backend of Magento Open Source and a backend of Magento Commerce so you can see some differences.

I want to show you some visuals in addition to just talking. Okay? So let’s jump in right now. Okay, great. So first thing we have here is there’s actually three versions in Magento for the actual commerce part. Okay? There’s the Open Source, there’s the Commerce, and the same Commerce also has a Cloud.

So let’s explain what the difference is first. Okay. So Open Source, first of all, all of the Magento versions, the code itself, the software itself is all open source, which means you have full access to all of the code itself and you can use them in different ways. Okay?

So first of all, the version which they call Open Source, and again, they’re all open source, just the name of it is called Open Source, it’s free, there’s no annual fee. You don’t need to pay anything to Magento. You get some base functionality, which is very, very good in Magento, and that’s it. You have to develop by yourself. You use the code itself, which has basic functionality. You have to set up and pay for your own infrastructure, which is the hosting, for example, AWS, or Linode, or any other company.

And the license that you can use is open source, OSL-3.0. This is kind of the, let’s call it business license, right? It’s the license which shows what you’re allowed to do with the software itself. Okay? The second version is the Commerce version. Commerce version, you’re paying Magento or Adobe, you’re paying them an annual fee based on your GMV, based on your annual sales.

You make an agreement with them, either sign a one, two, three, or more years forward, you tell them how much you’re going to sell, and then they charge a fee for that based on how much you sell. So a company that’s a smaller company may be selling a million or 2 million a year, you’ll have a lower fee. Someone that’s…a company selling 20, 50, you know, million, they’re going to pay a higher fee. Okay?

And that’s in negotiation with them. So what you need to do is contact Adobe and get some quote. They’ll ask you to answer some questions and go from there. If you’re not sure, you can also contact us, we can help bridge that but again, you can, you know, do anyway. Now, with Commerce, you pay an additional fee but you also get more things than the Open Source. Mainly what you get are a few things.

Number one, you get additional functionality, which we’re going to go over in the slide. You get a lot of more functionality than the Open Source version. You can do a lot more. A lot of them are related to marketing features. What can you do with your customer? How can you interact? How can you engage them?

And more functionality and tools that help you do more. There’s some really, really cool tools about it and we’re going to jump into it. And then in addition to the functionality, you also get support from Magento. So if there’s core bugs, if you have some questions, how to do certain things, you have support. You have an account manager and you have a ticketing system which you can open tickets. With Open Source, you’re fully responsible yourself to do these things.

Okay? And then the hosting itself, the servers hosting, you have to do it yourself. The last thing is the business license is…the business license is a little different from the OSL. There’s actual business license which allows you, protects you and allows you to use it based on the agreement in the payments you make.

Okay? And then the third version is Commerce Cloud. It’s the same exact software as Commerce but the only difference is instead of you taking care of the infrastructure, the servers, AWS, Linode, whatever it might be, Magento has a neat system, a very closed system that works very easily to deploy code to manage the infrastructure. Right now, they actually do use AWS but they take care of that.

You have a nice web interface and command line interface for your developers to easily deploy things. And in addition to the software itself, excuse me, the servers themself, you also have some additional things like a CDN use Fastly, which uses like a Varnish type. So it makes your website very fast. You have monitoring like New Relic which monitors the servers.

And obviously, they issue your SSL certificates and all these things related to the serving of the data, the infrastructure. It’s really, really nice, it works very well, and easy to deploy itself. Okay? So now we have three versions we’ve covered. They’re really just two versions, which is Open Source and Commerce, and then there’s a Commerce without servers and a Commerce with servers, which they call Commerce Cloud. Okay?

So let’s jump into the actual differences between. Okay. So first of all, Open Source and Commerce versions, Commerce and Open Source, everything looks the same. The core code, the core functionality is all the same. If you go here to sales, right, in the Open Source version, you have sales, and orders, and shipments, and refunds, right? And if you go here, so everything is basically the same.

In the backend, Commerce just has more functionality, more things you can do. Okay? So this is the difference. It’s not a different version really, it’s the same core but they’re doing things slightly more enhanced or, in some cases, a lot more enhanced. Okay. So what do you have here? So in regular in both versions, in Open Source and Commerce, you can process orders, manage your catalog, manage your customers, do some marketing things like promotions, SEO-related things, reviews, manage your pages, your content, view basic reports, set up your store, set up your system, for example, your user permissions.

All of these stuff are really the same on both. Now, what do you have here? Let’s talk about the things that you basically have in Commerce. So first of all, what I’m going to do is I’m going to link, in this video, all of our tutorials to both. We have a ton of tutorials for both Open Source and for Commerce. I’m going to link both of those.

We have some playlists for both and if you really want to go deep into each functionality one by one, we’ve basically made everything. Okay? And including the Commerce one. So if you want to go, this video is a general one to help understand everything. Okay. So what do you have that’s special to Magento Commerce? Okay?

So what is special about Magento Commerce? First of all, abandoned cart. If a customer goes to add something to their shopping cart, you can send a reminder email to them and say, “Oh, sorry, you’ve abandoned yesterday your cart.” You know, “Here’s a reminder or here’s a coupon,” or things like that. Everything I’m saying here in Commerce versions in the next two pages are only for Commerce. Okay?

So abandoned cart or everything we’re talking about is core code because this is open source. You could obviously expand Open Source, but in Commerce, it just comes ready to go. So what do you have? Abandoned cart. So what you can do, you can go here to Marketing in the Commerce version, you can set up email reminders and you can set up some kind of rule in saying, “Okay, I’m going to add a rule and say, ‘now, I want to remind my customers who have added to cart but not purchased after one day, one hour, etc.'” You can set up multiple follow-ups.

And email reminders also has…you can send reminders to people who have added to their wishlist. So email reminder is actually abandoned cart plus wishlist. So for example, you can send an email once a month to customers that have added products to their wishlist but never purchased them, right? Just to remind them, “Hey, I know you like these, why don’t you purchase it?” Okay?

Second thing, admin actions log. What that means is when…anyone that logs into the backend, they’re called an admin, administrator, okay, even if they have full permissions or just partial permissions. Anything they do, for example, save a product, add something, edit, change the status of an order, a promotion, you can actually log that in the system. So you actually have a section you can log and see what they did, what the admin did.

So, for example, if someone deletes something by mistake, you know which person actually did that. You can monitor step by step what they did. Okay? Action log is right here. Okay? And this is a nice thing to know, especially you can keep track who’s logging in, who’s doing things. Are they viewing?

Are they editing? Are they logging in? Did they change any passwords, anything like that? Okay? Next one, B2B. This is a whole different topic for a video, but B2B, if you need…if your store is selling to businesses, business to business, not to consumers, because Magento is originally made for consumers, B2C, you’re a business, you’re selling to a customer buying your product.

But if you’re selling to other businesses, for example, you need different business flows, you need to give credit instead of the, you know, maybe you’re selling something very high value and you have credit with your company, you can give them a net 30, net 60, you can work with them differently. You’re selling to the business, not to the customer. Businesses can have multiple roles, they can have a lot of different things.

So this is really, if you need…if you’re selling B2B, for sure, you would choose only Magento Commerce, right? But we’ll talk about what to choose when a little later. BI and custom reports. The reports in Magento, Magento Open Source, they’re very basic. Okay?

You don’t want to make too many business decisions on it. They’re just basic reports, very simple things like orders and products, they’re just simple tables. Okay? Let me log in. One second. Okay, let me refresh this. And so what the reports are for both of them, they’re very simple.

I can see orders. For example, I can see here, I’m going to select just some example. Okay? And then I can see reports, simple tables, I can export them. Both versions have the same, but Magento Commerce has BI Pro or it depends on which package you have. But what they do is there’s another system, which you can see here, right here, and you’re going to have some additional reports that basically have an external system that you can click and you can actually view more enhanced reports.

And most importantly, you can build your reports. And so it’ll use something kind of like SQL commands and then you can actually build anything. With any data you have in Magento, you can build them. Super valuable. You can make low stock reports, custom reports for your boss, automation, you can do a lot of things.

This is a really nice feature that you can pay for or that comes included in your Commerce version. Okay, next one. So next one is the CMS Hierarchy. So CMS are basically content pages. When you go here, you go to build basically a page. When you go to Categories, let me explain what that actually means, Hierarchy. When you manage your products, your categories in Magento Open Source or Commerce, you have categories and categories can be categories, subcategories, sub-sub-categories, like a level here, kind of like a tree, right?

This level, and then this is a second level and third, so you have levels. Now, content pages in Magento Open Source, are just pages by themself. They have no relation to each other. They’re just one page, two page, they have no relation. You can link them in a nice way on the frontend where the customer sees but they have no relation. In Magento Commerce, you can build relationships.

You can build a relat-…for example, FAQ might have the main FAQs and the categories of the FAQs which are considered subpages, and then the actual FAQs themselves. So you can have multiple levels on many different things. You can build nice breadcrumbs and you can have relationships between pages. That’s what Hierarchy means.

Okay. Let’s go here, so Hierarchy. Okay, next. Let’s go here. Content staging, this is a really nice feature. So what you would do is when you save something, for example, I want to save a product page, now, for example, my, excuse me, like a content page, maybe I have a page called promotions or something like that or content or a product, now, let’s say I want to set live at midnight tomorrow, some kind of special promotion.

In Magento Open Source, I’d literally have to go at midnight, at 11:59, edit that in the middle of the night, and then click on something and save it. Now, with Commerce, what you can do is you can schedule changes. So you can set up the changes forward, I say. You can say, for example, “Okay, tomorrow at 11:59, I want to set live this change and then I automatically cancel that change a week later.”

And you can set up all these changes right here. You can set up schedules and you can see that it’s really, really nice to do that. Okay, next. Credit. You can allow your customers to purchase with credit, not just with money, with your credit card, they can actually purchase with credit. So they can earn credit and, for example, when you create a refund, instead of giving them real money back, you can put credit in their account and they can use that for future purchases.

Okay. Next one, customer segments. This is probably my favorite feature as a marketer for Magento Commerce. What is customer segments? So in Magento, you actually have customers and every customer belongs to a group. Every customer can belong to one group. For example, I’m not logged in, I’m logged in maybe on a VIP group, or maybe I’m a wholesaler group, or something like that.

Okay? One second. So, what can you do with segments? This is a marketing feature. You can go ahead and go to segments and you can create certain types of customers. For example, you can segment all the men, all the women, all the men that live in a certain area, all the women that have purchased more than three times that are loyal customers, and you can create all of these rules.

What these do, so let me share an example. Okay, so male, let me just share an example. So I can now create the conditions and I can group them into certain things, for example, their birthday is a certain day or their address is a certain day or their browsing history or their purchase history has done a certain thing.

And then once you do that, you create these segments, customers can belong to multiple segments, and you can report on that differently. You can create special promotions based on certain characteristics. And the coolest thing is you can actually show different content, what we call dynamic content, to customers. So imagine a customer goes to the homepage of your website and it’s a customer…first of all, there’s one customer that has never ever been to your website before.

So you can show them a certain banner and say, “Oh, new customers, welcome. We’re going to give you 10% off.” And then another customer comes but they’re already an existing customer, maybe they’re a VIP or whatever, they’ve purchased before, you can show them a complete different banner and section of the website even though it’s the same exact page.

You can create personalized user experiences based on the customer segment and you can do a lot of things. You can have special promotions that only apply to customers and a lot of different things. I love this feature. You can be super creative but your marketing team needs to spend some time. I love this feature. It’s really good. Okay, next one.

Enhanced Ecommerce. So when you sync data to Google Analytics, you obviously want to use Google Analytics to understand your visitors better, right? So customer segments is understanding them better, right? But sending the data to Google Analytics including tracking of your orders is really important. Now, Open Source only allows you to track ecommerce, just the sale, the sale and the product, that’s it, the amount of product.

This is what we call in Google Analytics, Ecommerce Tracking. Now, in Commerce version, you have Enhanced Ecommerce Tracking. What that does, it provides additional data in the backend, right? You can have funnels, you can see how many viewed with…how many visited with product views, add to cart, checkout.

You can understand where the funnel drops and understand your customers better and also understand much more data. And so this is included in Commerce. You have both GTM, Google Tag Manager integration and it automates it with Google Enhanced Ecommerce so you don’t need to add additional coding to really understand your customers even better. Okay, so next one.

Next one is gift cards. You can offer different types of gift cards to your customers. It’s pretty straightforward. Okay. A multiple wishlist. So Magento Open Source has…your customers can add their products to a wishlist but only one. Here, customers can make their own wishlists.

They can have multiple wishlists. This is my birthday wishlist, this is my wedding wishlist, this is my, etc. Page Builder, this is my second favorite feature for Magento Commerce. It’s really cool. So, content, so when I go to a page, it doesn’t matter if I’m editing a product description, or a page description, or a banner, or anything, so any section that I go here, when I create something, let’s say I want to edit, visually, I want to edit.

So in Magento, when you create a description of a product, or a page, or something, you either have to use the very basic WYSIWYG. So let me show you what that means. So basically, it’s a simple editor that kind of looks like Word. You can bold things and add a picture and just change the layout, very, very simple ways. The second way you can do, for example, is you obviously need a developer to make code and make it the way, the beautiful way you want.

So this is Open Source version and if I want to edit the privacy policy page, I can just go here, use the editor, and I can just do very basic thing like indents, bullet points, you know, align left, align right. I can’t really make it really nice or I can make some basic things. But with Commerce, what you can do is you can go ahead and use the Page Builder and you can create simple things like this, right?

So you can go here and you can drag everything here. For example, I want to add a new row here and I want to add a column. Let me add another column. Let me space it out this way, right? So I have, you know, different versions right here. This looks a little better. And now, I can add some heading here, I can add some text, I can add some pictures, videos, sliders, a Google Map, and you can just easily add stuff right here.

It’s super simple. So, you know, buy now, you know, today only promotion. And you can make it really, really nice and just easily drag and drop. I love this feature. It’s really, really good. Most of our clients, most of the project use it. They really like it.

You can do scheduling, obviously, like we talked before, and just create things, simple, like, something like this, it’s so simple. You can create it very easily. Okay. Next one is private sales, okay? So you can basically create restricted times and areas on the website that are only private to certain customers. So, for example, if you have a certain customer group, you can send them an invite, send them to a section that no one else can see on the website.

Maybe there’s a certain category that’s not visible. Next one is product recommendation engine. This is also a really cool thing. Adobe from last year, from 2020, they started adding Adobe Sensei, which is their AI, to help provide product recommendations. So if you have a widget, for example, recommended products or you may also like or the widget, the products on your homepage, you can run it through Adobe’s AI and they will do product recommendations.

Instead of you choosing what to show to the customer, you can select sections, which ones to use the AI to better promote products and provide better product suggestions to your customers to increase your order, you know, value cart, your orders, etc. Next one is reward points. So based on customer actions, for example, if you register, we’re going to give you some points, they can spend those points on the checkout.

So is it their birthday? Is it a, excuse me, birthday is not included. Have they registered, have they purchased, have they reviewed, and have they invited others? Birthdays we’ve done, but we had to customize the code for that, so my apology. Next one is RMA, super important. In Open Source, when a customer purchases, there’s no way for them to contact the business to make a return, right?

Return management, RMA. So what they have to do is fill out a contact form, and then all of the communication in Magento Open Source for returns or replacements has to go off the website. Here, there’s a module that both the customer and the business can manage, communication chats, which products to return, which products, you know, shipping labels, all these things. RMA, probably my third favorite and most popular feature of Magento Commerce.

Next one is scaling for large websites. If you have a business that has very high traffic, Magento Commerce has split the databases into three instead of one for Open Source and you can do a lot higher traffic. You can do things much better.

So this is for high scale, really, really important for big businesses. And the last one is Virtual Merchandiser, which means you can also drag and drop how your products look and display on the category pages. Okay? This is an easy way to just prioritize them. You could do that via numbers, just click, click, but here, you can also do it via just drag and drop. Okay.

These are the main features. Other than that, obviously, we talked about you get support, which is really important, you get a different business license and things like that but these are most of the features. So, my favorite features from these are the customer segments, as I talked about, the RMA, the Product Recommendation engine, and for sure, the Page Builder. I love the Page Builder, our clients love the Page Builder.

I think that’s probably the favorite feature of most of our clients that use Commerce, the Page Builder. So what else do we have here? So everything, you know, obviously, I’m just going to recap here before I jump into the next part. So the versions are the same, Magento Commerce just has a lot more stuff. Okay?

That’s really simple. They look the same, they act the same. There’s a few other features that I didn’t cover, and one important thing I want to cover here is when you create access roles, when you actually allow new admins to log into the backend, Magento Commerce has a feature that you can segment, for example, I want them to only see, for example, let’s say orders, okay? Now, because Magento is built very well for multi country and multi projects, multi websites within one admin, the Magento Commerce version also has a way for you to segment, for example, only seeing the sales or the orders but you can also segment them by website, store, store view, which means this country can be seen only by this admin and the other country can be seen by the other admin.

So you have a lot…you have a few other features that are included but I’ve covered the big ones. Okay. So, now we’re going to talk about how do I choose, what’s going on? What do I choose, where do I start from, what is going on? So first of all, comment in the YouTube channel and we’ll be able to answer specific questions. This is the best way to know because I can give you the general, the one that fits 70% or 80% of your answers, but if you give me your exact business model, I can provide more detail.

Great. So let’s talk about when I would choose Magento Commerce. So first of all, number one is… number one is, let’s go right here. If I am a very marketing-oriented business, I want to choose Magento Commerce. Why is that?

If I’m focused just on my product and I don’t have a big marketing team, I don’t want to actually do marketing things, then Open Source might be a better fit. If I really want marketing features, I want the customer segments, I want to know more about my customers, more about in Google Analytics, I want to do content staging, which is I want to schedule new pieces of content, new event pages, promotions on time, I want to have, you know, do my abandoned carts and reminders, all of that stuff, you see, a lot of features are marketing, so abandoned cart is marketing, the Hierarchy is partial marketing, content stage is marketing, sales and marketing is credit, I want to have credit, and points, and customer segments, and understand them in Google Analytics, I need to use Magento Commerce.

If you really are good at marketing and you know how to use these tools, you will get the value and much, much more in the product by paying Magento for Commerce and using these. We’ve seen a lot of businesses that buy Magento Commerce, they don’t even have the marketing team and the staff to do that and they don’t even use all the features. It’s kind of wasteful, honestly, and that some of these features are really, really good, especially, I love the customer segments, which I’ve talked about multiple times.

So this is really important, right? Well, multiple wishlists, gift cards, marketing and sales, right? Private sales, all of these things, Page Builder. Okay? So these things, Page Builder is a… let’s talk about that, a separate one, right? RMA, so all of these things are really…there’s a lot of marketing things.

So if you have a good marketing team, they know what they’re doing, you need to give them the tools to make money for you guys, okay, to bring awareness, brand, etc. Okay, so that’s number one. Number two reason where for sure you’d need to use Magento Commerce is the B2B. It’s really hard to change the order flow in Magento Open Source. So if you need B2B, your business is selling to businesses, for sure, it’s a no brainer, because there are so many functionalities that are very specific to Magento Commerce B2B.

Okay? That’s the second thing. The third thing, which again, this is the most popular for us, is the Page Builder. A lot of our businesses, our clients, when they came from…they used to have a different platform on a different site and they came to us to upgrade to Magento, they always ask their developers to create new pages for them.

And aside from time and money, it was just not convenient. They wanted to do something, they had to wait. They had to say, “Oh, you know…” so marketers, sometimes talking to engineers, to developers is a little bit difficult because it’s hard. They kind of think in different ways. So if you have a Page Builder, you can just make it yourself. You don’t have to wait, you have much less cost, and then you can, you know, make templates and things like that.

So this is a really important feature. I’d say this is the most popular one, and the second most popular one is RMA, right? So a lot of our businesses don’t understand why Magento Open Source doesn’t have a return management. I mean, it’s a ecommerce system, you accept orders but you can’t return, you can’t manage your return, so it’s a little weird.

So Magento Commerce has it. Okay? And then the other reason, which is very important, if you have a really big website, I mean, you have, you know, high volume orders, then you definitely need Commerce for scaling of large websites. There’s very few that really need this but when you do, we have a few clients in particular, it’s really good. So scaling for large website is for very, very big ones.

If you’re not sure, you know, comment in the YouTube channel and we’ll be able to explain kind of more details about that. Okay? So those are the main, main features. Those are the ones that, for me, pretty much no brainer, if you have B2B functionality, you have a good marketing team, you got to go with Magento Commerce. Then, now there’s companies that are, you know, not, then you need to kind of decide.

So another reason why you might decide is you don’t want to take care of…either you don’t want to take care of the server infrastructure or it’s too costly for you or something like that, then you can just, excuse me, use Magento Cloud and then they take care of the infrastructure and their system is pretty easy.

Obviously, you don’t have the cost of paying for the infrastructure. I mean, obviously you pay for it in the license but the maintenance, managing it, you don’t really pay for it. And so if you hire a company and you use Magento Open Source or Commerce, you’re going to have to pay them an annual fee to maintain your site and maintain your servers.

This is already included in one and it’s pretty good, honestly. Other than that, Open Source, why would you use Open Source? Number one is maybe you’re a small starting company, you don’t have a budget for a license fee. Okay? That’s number one. Maybe, you know, you want to use Open Source because you don’t have budget, number one. Number two, maybe you’re trying it out, you’re not sure about the functionality, maybe you don’t have, you know, a marketing team that knows what to do, you just want to start out simply.

These are the reasons why you do want to use Open Source, right, mostly because of cost and time, etc. Other than that, Open source does have enough core functionality to run a business, right? And you can always buy extensions use, you know, from AheadWorks or Amasty. So you could actually get some of the functionality from Commerce and you can add it to Open Source.

Now, some of them are, you know, good quality, some are not. It really depends on it, you have to do your research or have your developers build something. So there’s some downsides of doing it, but obviously, cost is a big factor. And we also have a lot of clients that use Open Source. Open Source is pretty good, honestly. So it really depends on what you’re trying to do.

And then obviously, if you want to integrate, you want to connect, like if you have a new website, you want to build it, if you use Commerce and you have more features that are built in out-of-the-box, then obviously, your time to market, the time it takes you to develop your new site is going to be shorter in Commerce versus Open Source. But again, Open Source, you need to do your calculation.

Can I use Open Source and maybe build or buy some extensions that, you know, get closer to Commerce? That’s for your decision. In general, the out-of-the-box Commerce is always going to be better than Open Source plus some extensions because of future security updates, quality of code, and upgrading, and time, etc. but Open Source fits a lot of projects as well.

So that’s pretty much it for today. These are the main, main things. If you have specific questions, obviously follow the…we have two… I’m going to attach two playlists. One is for all of the features in…all the detailed features, so it’s just going to be hours of videos of everything that Magento Open Source can do and everything that Magento Commerce can do. And most importantly, third time we’re going to mention, tell us in the comments, what specifics you’ve, you know, what you’re looking for, what your business is about and I’ll help recommend honestly, truthfully, if you should use Open Source or Commerce.

That’s it. I appreciate you guys’ time. We’ll be making more videos in the future about comparisons between platforms, features, ecommerce, Magento, Shopify, Google Analytics, etc., etc., anything web growing, we’ll be making. Please subscribe, ask questions, we’re here to help everybody. Thank you, guys.

Appreciate it.

Laravel 8 URL rewrite issue fix

On the Web, there are many Nginx configuration examples for supporting Laravel. The configuration is quite simple, however, when using Laravel 8 the following error might be displayed.

InvalidArgumentException

Can only instantiate this object with a string.

The error is not very descriptive but this issue is explicitly addressed in Laravel documentation for versions 4.2~5.3, regarding URL re-writes, which requires adding the following line in the Nginx configuration file.

location / {
try_files $uri $uri/ /index.php?$query_string;
}
It is not clear why the documentation lacks this information for Laravel versions > 5.3; however, you can add this line in your Nginx configuration if you are facing the same issue.

To The Moon+ Shopify Apps

In 2020, Astral Web has released a range of apps for Shopify store owners to help grow online and extend shops with needed functionality.

We will continue to add new Shopify apps and listen to our customer requests.

To The Moon+ Agree to Terms

Require terms and conditions consent before customer checkout

To The Moon+ Alt Text

Get maximum SEO value for your product images alt text tags

To The Moon+ FAQ

Easily create a great FAQ section for your store

To The Moon+ Bars

Tools to guide customers with sticky bars to checkout

Disable Audience Ads in Microsoft (Bing) Ad Campaign

To be honest, we were initially a bit surprised by the positive performance of several campaigns on Bing Ads (now Microsoft Ads). For several of our clients, it has a significantly higher ROI than Google Ads, albeit with a smaller audience.

However, when viewing campaign performance for a couple clients, I noticed that the portion of ads served via the “Microsoft Audience Network” had a conversion rate that was significantly lower than that of Search Ads.

To get a quick look view of this, you can compare the columns Search Ads Total vs. Audience Ads Total on your Campaigns or Adgroups gridview.

Bing Ads grid view showing "Audience ads total"

To Disable Adience Ads:

This can be done at either campaign or adgroup levels:

  • For Campaigns: Campaigns > Settings > Advanced Settings > Other Settings > Audience Ads. Set Bid Adjustment to Decrease by 100% to disable entirely.
Bing Ads decrease audience ads bid at campaign level
  • For Adgroups: Adgroup > Set Bids > Other Settings > Audience Ads > Set Bid Adjustment to Decrease by 100% to disable entirely.
Bing Ads decrease audience ads bid at adgroup level

Note that, ad the adgroup level, there are additional options to control the delivery platforms that ads will be served on, described by Microsoft here.

It’s definitely looking at their delivery networks and figuring out what has the best ROI for your campaign. I just wanted to share the answer to those of you who see discontinuing the Audience Bids as an easy way to stop wasting money 🙂

Create In-Page (Anchor) Links in WordPress

The newest versions of WordPress with the Gutenberg editor make inserting anchor links a very straightforward task.

Step 1: Add Link to Section Headers:

The new WordPress interface has a field specifically for adding anchor links to blocks that are using a header tag (H1, H2, H3). Simply click on your header block, open the Advanced dropdown, and give your header a unique link (no spaces or characters).

If you view the html you’ll see that this field inserts an <id> tag to your header that had to be manually added in the classic editor:

<h2 id="first-section-header"><strong>What is Lorem Ipsum</strong></h2>

Step 2: Link Table of Contents to Section Header

For this step, simply use the hyperlink tool to add the unique link you’ve created preceded by a “#” (hash or pound).

Step 3: Repeat As Needed

If you are working with the classic WordPress editor, the only difference is that you’ll need to create the anchor links for each heading directly in the HTML or using an extension.

Cyber Security Practice for Individuals and SMBs

Cyber Security Best Practices Article Banner

The most secure methods for protecting personal and sensitive information are constantly evolving as industry practices and bad actors continue to push each other to the next level.

However, there are several best practices to follow that minimize your risks and, by extension, the risk of any organizations that you belong to. Below we outline a few starting points which protect both individuals and businesses.

  1. Basic Best Practices
    1. Track Breaches and Leaks
    2. Password Security
    3. 2FA Authentication
  2. Browsing and Usage Habits
    1. Confirm SSL Connections
    2. Caution with Email Links and Requests
    3. Up-to-date Operating Systems
  3. Organizational / Company Security
    1. Structured Access
    2. Access Sharing
    3. Employee Changes
    4. Clean Desk Policy
    5. Document and Educate
    6. Alligator Moats
 

Basic Best Practices:


 

Find out whether your data has already leaked:

If you’ve been active online for a while, there’s a good chance that you’ve already been involved in some sort of data leak. A cool website built by Troy Hunt, https://haveibeenpwned.com, scrapes a variety of public sources to provide a database of compromised emails and accounts associated with breaches.

You can subscribe for notification if your email is discovered in any future breaches, hopefully giving you a better chance of mitigating any fallout.

If nothing else, check out this site to get a sense of how common data breaches are and get inspired to put in a little extra effort.  

Passwords:

The best place to start in securing yourself and your organization is your passwords. For the points steps below, a password manager such as Last Pass is a great option that allows you to quickly create, update and manage your passwords.

If you’re an organization for which security has to be absolutely airtight, you may want to manage your passwords internally. However, in most cases, the security gained from a dedicated third party manager is greater than the risks of having all your passwords in one location.

Password Makeup: The obvious starting point for security is to ensure that your passwords are making use of as many characters as possible.

If you’ve tried to use your old go-to password from 2005 (e.g. myDogsName) you’ll notice that most sites won’t accept a simple string of letters anymore. However, simply substituting a 0 for an o and adding a “!” isn’t much of an upgrade. Massive databases of common substitutions and punctuation placements makes the password myD0gsName! only marginally more secure than the original.

Modern browser versions as well as password managers will auto generate and store complex passwords for you. When using an application like this, there’s no reason not to make your passwords as long as possible, making them exponentially more difficult to crack.

When storage of an auto-generated password isn’t an option (e.g. your password for your password manager), a good method is to create a “passphrase.” For example, YouknowmybirthdayisonJuly2(woohoo)butyoustillwon’tcrackthis!

Password Diversity: Making use of unique passwords for different accounts means that, when a breach occurs on one account, the remainder of your accounts don’t immediately become available to whoever gives it a shot.

Password Frequency: Similar to above, changing your passwords at regular intervals reduces the chances of being affected even if your account information has been compromised. If you’re working with software like we do, you can often set passwords to expire at set intervals.

Two Factor Authentication (2FA)

Wherever possible, use 2 factor authentication. Despite hackers finding sophisticated ways around 2FA, it’s still an extremely important component of online security

Nearly all major companies now support some form of two factor authentication through apps such as Google Authenticator and Authy or direct SMS.

If you can’t be bothered to use 2FA for all of your accounts, be sure to have it in place for the most crucial ones such as your email and your password manager (any accounts that share access and information with other websites and services).

If you manage an organization or network, we’d suggest making 2 factor authentication mandatory for all users.

 

Browsing and Usage Habits (Operational Security)


 

Confirm SSL Certificates

There’s really no excuse for websites that store any personal information (not to mention accept payments) to be without an SSL certificate. Up-to-date browsers are increasingly forceful about alerting you to being on websites that have insecure elements but you can ensure the connection with a browser extension such as HTTPS Everywhere by the EFF.

The most common way for your accounts to be hacked is not through a superspy remotely hijacking your computer but rather through simple emails that trick you into forking over the keys to the kingdom.


When you receive an email with any request for you to login or provide information, take an extra moment to verify the domain of the sender and the domain of the link provided. Not seeing a green HTTPS padlock on any login page is a significant red flag.

Any company that takes security seriously will not ask you to provide your password via email or phone call.

In the event of any suspicion, look up publicly listed information and contact them directly.

Furthermore, look out for unusual requests from contacts within your organization or contacts list. Maybe you have a great password, but your friend doesn’t – use another channel to confirm that the request really came from your friend or coworker.

Keep Operating Systems and Applications Up-to-Date

Easily skipped over inconvenient interruptions, the updates to your browsers, software and operating system often include crucial security patches.

 

Organization Security


 

For most smaller organizations and businesses, the best first step is to enforce the points outlined above at at an organizational level: have minimum password requirements, use an organization-wide password manager and require 2FA for any accounts connected with your business. Wherever possible, enforce enforce enforce! It’s easy for all of us to get complacent so, wherever it’s an option, enforce these measures through software or platform settings (microsoft, G Suite).

Again, these tips are a supplement rather than a substitute for a comprehensive internet/information security plan.

Structured Access

Larger businesses should have systems in place for a hierarchical information access. However, it’s important to implement for smaller businesses as well, even if it’s not an explicit policy – the basic concept is to segment access so that individuals (and networks) are only interacting with the information that’s necessary for their work.

At smaller businesses and startups where one individual can wear a lot of hats, it’s rarely so black and white. However, it’s still important to take basic steps to audit access at scheduled intervals.

Don’t Share Access

This may sound obvious, but, particularly in smaller organizations, it’s very easy to make “exceptions” in the interest of expediency, particularly when clients are involved as they our in our daily workflow. In those situations, it’s helpful to be able to fall back on “I’m sorry, we’re unable to do that due to an internal policy,” as it draws a line on the conversation, even if someone thinks they have a compelling argument for sharing.

Employee Changes

When an employee moves on, it’s an absolute must to change their passwords and review access immediately. Make sure that someone is responsible for a full audit of their access to primary and related company accounts. The more organized your password and SOPs for access management, the easier this is.

Clean Desk Policy:

For offices with access to sensitive information, communicate an explicit policy against any written passwords or credentials being left on desks where passers-by can see them.

Document and Educate

The fact is that we’re all busy and security can easily become an abstract concept that takes a back seat to the immediate task at hand. The more that your security measures are documented and communicated, the less likely they are to be considered “suggestions” by employees and coworkers.

Implementing a regular audit of password security, 2FA and access and communicating best practices for operational security in writing makes security more tangible. Making it clear that these steps are for each individual’s security can be more effective than a dry document about company assets.

Alligator Moats

The modern business needs to be alert to more than just cyber threats; ninja’s are out there and you need to take actions to defend against them.

After you’ve dug your moat, we’d recommend investing in robot alligators – regular alligators just eat bad ninjas, cyborg alligators laser them and eat them simultaneously. Any serious security professional will tell you that this is just good sense.

Ok, just kidding… get regular alligators

Configure Zabbix Alert Scripts

zabbix alert scripts banner

Steps:

 

  • Create Jabber Script
  • Test from terminal
  • Configure Zabbix to use Jabber script
  • Create Email Script
  • Test from terminal
  • Configure Zabbix to use phpmailer script
  • Tell Zabbix to notify
  • Flap a server to verify operation

jabber.sh is a replacement for the built-in Jabber/XMPP functionality within Zabbix.  You may need to install ‘sendxmpp’ prior to installation.  This is functional in an Ubuntu Xenial server installation, but the path may vary for CentOS/RHEL deployments.

Contents of /usr/lib/zabbix/alertscripts/jabber.sh:


#!/bin/bash
to=$1
body=$2


cat < $2
EOF

 

Adjust ‘user’, ‘server’ and ‘password’ accordingly for your particular setup.  The script should be owned by the zabbix user and have execute permissions set:

-rwxr-xr-x 1 zabbix root 288 Jun 16 05:11 jabber.sh

To test, simply execute the script like any other. Note the arguments passed into it:

# /usr/lib/zabbix/alertscripts/jabber.sh recipient@server message

If unable to send, try using sendxmpp outside the script and make sure it can send that way, then debug the script as required.

Your Zabbix should look like this:

 

zabbix setup 1

zabbix alert scripts screenshot 2

Note that the ‘Type’ of the media for the user corresponds to the name of the script we added earlier.

Email follows a similar procedure. Just make sure to have the necessary PHP modules installed. Below is the setup to use a gmail account:

Contents of /usr/lib/zabbix/alertscripts/phpmailer.php:


#!/usr/bin/php
require_once "Mail.php";


$from = "ZABBIX <user@domain>";
$to = $argv[1];
$subject = $argv[2];
$body = $argv[3];


$host = "ssl://smtp.gmail.com";
$port = "465";
$username = "username";
$password = "password";


$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password));


$mail = $smtp->send($to, $headers, $body);


?>

Adjust ‘user’, ‘server’ and ‘password’ accordingly for your particular setup. The script should be owned by the zabbix user and have execute permissions set:

-rwxr-xr-x 1 zabbix root 572 Jun 16 12:26 phpmailer.php

To test, simply execute the script like any other. Note the arguments passed into it:

# /usr/lib/zabbix/alertscripts/phpmailer.php user@domain.tld subject body

Make Zabbix look like this:

zabbix-4

 

Note that the ‘Type’ of the media for the user corresponds to the name of the script we added earlier.

zabbix screenshot 5

Most important step!  This tells zabbix to actually use everything we just set up.  Once this is enabled, flap a server to give zabbix something to tell you about.  Check Pidgin and your email to see if it worked! 🙂