Wooassist

Assistance for Your Woocommerce Store

You are here: Home / Archives for how-to

Design Tweaks on WooCommerce

By Leave a Comment

SnapCrab_2015-06-26_15-14-47_No-0000

Your online business using WooCommerce is all set. Each important element is in place and accounted for. Your website is done. You get regular traffic. You got your marketing strategies in place. You have a blog and you are active in social media. You think you’ve got it all covered, but then a few things start to bug you.

Optimize Web Design

You realize the design needs few tweaks and you come up with a few ideas that should be able to increase sales. What you have to do right now is optimize your design for better conversion rates. This is called conversion rate optimization.

A few design tweaks on your website will help increase your conversion rates. It may involve adjusting or repositioning some visual and design elements. Color, images, cues and their placement on your landing or checkout pages, are all part of optimizing your web design – see here design tweaks.

Keep Your Design Simple

Your website needs to look good, but not necessarily flashy. Simplicity in your design can go a long way towards increasing conversions.

It is understandable that you’d like to fill your pages with a lot of useful features and elements. However, it could also be a hindrance. Visitors would usually turn away from complicated designs. Keep it simple and understandable.

Design Tweaks

In changing the colors on your website, take the context into consideration. Make use of call-to-actions (CTA), and place them in a favourable manner to make your visitors take action. The design of your website should encourage visitors to want to browse more. Essentially, they should immediately see what they’re looking for.

Use the right amount of white space. It can definitely put emphasis on where it is needed. It is a simple and effective way of making sure that important elements of your site are easy to locate. This post enumerates user interface tweaks can you make, to improve your conversion rates.

Know Your Audience

An important part of adjusting your site’s design is learning about your potential customers. Understand who they are what their personalities are like. That way, you could adjust your design elements to fit in with them.

SnapCrab_2015-06-26_15-15-17_No-0000

You can read more about customer personas in these articles:

New MailChimp User Persona Research

Web Design Tips that Increase Conversions

Having a clear idea of your current users can help you better empathize with them. Combining these tips will not only get people to visit your site, but also encourage visitors to take the next step.

A few design tweaks on your WooCommerce store can set you up for better conversions which will in turn lead to better sales for your business.

How to Counter Brute Force Attacks on WordPress

By Leave a Comment

Counter Brute Force

WordPress is one of the most popular Content Management System (CMS) available. Its popularity is the reason why it is highly targeted by attackers. A secure website is a must if you’re operating an online business so you can protect your business and your customers.

In this article, you will learn:

  • What is a brute force attack?
  • How to know if someone is brute forcing into your site
  • How to counter brute force attacks on WordPress
  • What to do when someone succeeds at brute forcing into your website

WordPress does not currently have any built-in feature to stop brute force attacks so you are responsible in preventing them on your own website.

What is a Brute Force Attack?

Brute Force Fist

Brute force attack or brute forcing is one of the leading causes of website compromises and is similar to a trial and error method. The objective of the attacker is to gain access to the server level of your site by using various username and password combinations repeatedly until it succeeds. Not only that, it can also be utilized to find hidden pages and content in a web application.

Brute Force Attack is, simply put, an attack to the weakest link in a website’s security. Sucuri, a security company focusing on spotting and repairing compromised websites, reports at least 770,000 brute force attacks every hour. Your website is vulnerable to this type of hacking if you require user authentication or login access.

There are endless catastrophic possible events that could happen once an attacker gains access to your site. The access will be exploited and accounts can be locked out, malware or viruses can be injected, important financial transactions can be compromised or blocked, or data can be changed or stolen. All the hard work you have invested in your business could go down the drain in an instant and hurt your virtual presence.

Brute Force Attack Methods

WordPress LoginBrute forcing can be done in different systematic ways. It can be done manually or with automated tools. This can be done in a matter of minutes or years depending on the complexity of your authentication data and process. In most cases, it is done by automated tools that use bots to crawl the web and look for weak preset conditions and weak targets. For WordPress, the common targets are the /wp-admin extensions, /wp-login.php and the XML-RPC.

Brute Force Attacks can be used positively if the goal is to test a website’s security but unfortunately, most of the time, it is used by hackers to crack encrypted data for their own advantage. There is a growing number and improving array of automated tools that can be used for brute force attacks. They are simple to use that even a teenager can use them. These tools determine the length of usernames or passwords and try different possible combinations to gain access. The following are commonly used methods:

Dictionary Attack

The common targets here are administrator accounts. In this method, the attacker will use a database or ‘dictionary’ containing millions of words that are commonly used as a login password. Each one will be tried for authentication. The attacker will succeed once the password is accepted as correct.

These attacks can lock out one account or more and gather more information from the site depending on the error responses. This is actually resource- and time- consuming but this can be done quickly with better computing power. It does not decrypt information. It only cycles through a list of words until it becomes successful.

Hybrid Brute Force Attack

This is similar to the dictionary attack but the attacker may use permutations of words from a password dictionary, your real or site user name, website and company name. It uses a smarter set of rules, such as adding numbers and doubling up some characters or words, to intelligently guess passwords. An attack can occur and succeed quicker if more information is available to the attacker.

Reverse Brute Force Attack

This is less common but your website is vulnerable to this if your site users use weak passwords. In this method, the attacker will try to use one password and try to match it against many user names.

How Do You Know if Someone is Brute Forcing into Your Site?

brute-force-maskThe tough reality is Brute Force attacks can be the same as DDoS (Distributed Denial of Service) or DoS (Denial of Service) attacks. You can differentiate them by the intent. DDoS/DoS is after disruption of service while Brute Forcing is after gaining access. DDoS/DoS however can be a byproduct of Brute Forcing as the access attempts can overload your servers. Some attacks are easy to detect but some are harder to detect because they use different open proxy servers.

Careful observation and monitoring is necessary to detect Brute Force Attacks. Be on the lookout for irregularities and malicious activities in your site. To help you out, these are the most common ones experienced by victims of brute forcing:

  • Numerous failed logins coming from the same IP address
  • Multiple usernames used to login from the same IP address
  • Continuous login for one username from various IP addresses
  • Logins with suspicious usernames and passwords
  • Overloaded server memory that results from excessive bandwidth consumption from a single use
  • Performance problems
  • Weird links
  • Notice from the webserver of attacks and an unusually large amount of data being used in a short period of time
  • Website redirects to a different page or website
  • Unwanted popups and ads are all over their site
  • Malware or virus
  • Spam emails or comments
  • Help desk flooded by complaints of locked out accounts.

How to Avoid Brute Force Attacks

A Brute Force Attack can be minimized, if not avoided, as long as you follow these steps.

Keep Everything Updated

WordPress themes and other plugins update their version to keep them safe from vulnerabilities and to fix bugs. Updating can be tedious but this will help protect your site from known exploits. Just make sure that you keep a backup before doing updates. Be on the lookout for updates in your WordPress Dashboard for the following:

  • WordPress Version
  • WordPress Theme
  • WordPress Plugins

dashboard-update-message

Use Strong Passwords and Change Them Regularly

The best way to protect your site is to use strong passwords and avoid keeping the same password for a long time. If your site allows numerous login accounts, it is best to make sure that all your users follow these basic rules in making strong passwords:

  • Keep your passwords long. Use a minimum of 8 characters.
  • Keep it complex. Do not use dictionary words.
  • Keep it mixed. Use a combination of numbers, upper- and lower-case alphabets and non-alphanumeric characters.
  • Check if your password is a common password.

Avoid Common Usernames

sucuri-common-usernames-1
“admin” is the most used username for Brute Force attacks. Image Source: https://blog.sucuri.net/2014/03/understanding-denial-of-service-and-brute-force-attacks-wordpress-joomla-drupal-vbulletin.html

This is very important especially for administrator accounts. Do not use the default username ‘admin’ or any similar usernames containing the same word. Doing so will significantly increase the likelihood of your site being attacked by malicious users.

Use Two-Way Authentication for Administrator Accounts

For extra security, you can activate two-way authentication in your Cpanel or use a plugin such as miniOrange’s Two-Factor Authentication (Google Authenticator). The con to this, however, is you would need to have your phone with you all the time and your log-in process would take more effort and time from you.

Set Administrator Logins to Certain IP Addresses

If you have the privilege of getting a static IP address, this is a great added security option. You can actually block all sign in attempts from all other IP addresses by editing your .htaccess file. However, this can be a problem if your network uses dynamic IP addresses that can change over time.

Design Your Site to Not Use Predictable and Data Exposing Behavior for Failed Login Attempts.

If you are tech savvy, this is one option that you can do by changing the error messages that your website shows. For example, an error message that shows ‘bad username or password’ will make the attacker try the next information in their list. Adding progressive delays every failed attempt can also help improve your website’s security. You can also prompt your users to answer a captcha or a secret question after failed attempts. Be wary of using captcha though as it can negatively affect your websites user experience.

Secure Your Site with Tools and Plugins

There are many available tools and plugins that you can use. Some are free and some come with a price. Here are some tools, plugins and features that you should consider to significantly improve your website’s security. They can help you counter brute force attacks on your WordPress site. Before adding a plugin, you need to check if it’s compatible with your theme, other plugins, and WordPress version first. Some of the tools mentioned below may overlap with other ones in the list.

Security Scanner

There are so many security scanner plugins available for WordPress and most of them also include various tools that improve your website’s security. Top plugins that you can check out are:

Login attempt limit, blocks, and delay

There are plugins that can limit the rate of login attempts and block IP addresses temporarily to protect your site from brute force attacks such as WP Limit Login Attempts. You can also be on the lookout by tracking IP, usernames, passwords and adding idle timeout in your login with Login Security Solution.

Hide Login Page and Data

Attackers would normally target your /wp-login.php or /wp-admin. To hide your login page, you can use WPS Hide Login plugin.

Strong Passwords

brute-force-login

WordPress already generates a strong password for new users but if you are not a new user, you might want to create a very strong password by using a mix of upper case and lower case letters, numbers and symbols.

One way of creating a strong password that is easy to remember is to think of a sentence. For example: “The quick brown fox jumped over the lazy dog.” Take the first letter of every word and you will get “TQBFJOTLD”. Convert some letters to numbers or symbols and you can get “7Q3FJ0T1D” and then vary the remaining letters to upper case and lower case. Your strong password could be “7q3Fj0T1d”. Whenever you want to type your password, just recall the sentence that you used to generate your password.

Cloud/Proxy Services

You can use the aid of cloud or proxy services to help mitigate attacks all over the web as these block the IPs before they even reach your server. Cloudflare and Sucuri CloudProxy are notable services to check out.

What if Someone Already Got into My Site?

Brute Force Unlocked

Don’t Do Anything Rash

The worst mistake you can do is to delete things without backing up data first or cause further problems by troubleshooting. If your site has been compromised, the best option is to seek professional help.

Keep Calm and Regain Control of Your Site

Keep Calm and Chill

Take a step back and calm yourself down. You can still recover from this miserable event. Try to regain admin access of your site. If your password was changed, you can simply get access again by using the ‘forgot password’ option. If this has failed, get in touch with your hosting provider.

Change All Your Backend Passwords

This is an important step that you should do when you regain access to your hacked website. Make sure that you use a strong password so you can avoid further damage being done to your website.

Identify the Damage Done

Once you’ve gotten access to your site, scan your website with online malware scanners like Sucuri’s or with Google’s Safe Browsing. You can do the latter by typing this in your url: google.com/safebrowsing/diagnostic?site=yoursiteaddresshere.com

Check with Your Hosting Company

Some hosting services provide technical support for issues like this. Getting professional help is still recommended.

Restore from Backup

If you keep regular backups, you can restore your most recent backup just make sure the backup that you chose was from before your site was compromised.

Check and Change User Permissions

Checking user permissions, especially if there are many accounts that can access administrator settings, should be done to further prevent other users’ access while you’re cleaning up.

Close Hacker Backdoors

Secure your wp-config.php file and close all the backdoors that the hacker may have left. You will need professional help for this.

Change Your Passwords Again

Yes, again. The hacker may have gotten wind of your new password through a malware so change your password again when you are done cleaning up.

Have Your Site and IP Address Whitelisted

Once you have finished cleaning your site up, find out where you have been blacklisted. You may still be marked as spam by some online services like Unmask Parasites.

Summary

Your e-commerce website being compromised is one of the worst experiences an entrepreneur can go through. So planning ahead and hardening your websites security should never be taken lightly. The adage “An ounce of prevention is better than a pound of cure” rings true. If you did the hardening methods we have shown in this article, give yourself a pat on the back. If you are here because your website was compromised, get professional help as soon as possible.

How to Create an Awesome About Us Page for your WooCommerce Store

By Leave a Comment

awesome about us page main-imageYour e-commerce site is the face of your company and your brand on the web. Your “About Us” page tells your visitors who you are and what you do. In this post, we will teach you how to create an awesome About Us page.

What is an About Us Page?

The About Us page introduces your brand to your visitors. More people check a website’s About Us page before making online purchases.

About Us Page Statistics

According to the NN Group, while most websites do have an About Us page, these websites often do a poor job of presenting their About pages. They also found that there are more people who couldn’t find information about a company or organization. Factual information from these websites was replaced by out of place marketing. As a result, the subjective satisfaction of website users decreased from 5.2 to 4.6, on a 1-7 scale.

Importance of an About Us Page

Increased Trust Rating

People who shop online check for proof that the company they are buying from is legit. Showing your website’s legitimacy boosts your credibility. This just shows that consumers are very wary of where they spend their money. The About Us page helps you show consumers that you are worthy of their trust, money, and time.

Increased Conversion

In another study, consumers spent five times more when shops tweaked their About Us page. They even spent 22.5% more, on average. These figures may rise depending on how good your About Us page is. Increase your profit by connecting with your visitors on a more personal level.

about-us-boost-conversion

SEO Opportunity

The SEO opportunity in About Us pages is no rocket science. This page can just contain more keywords related to your niche than other pages in your website. It’s a good idea to fit niche-related keywords all over the page, just don’t over-optimize.

Increased Engagement

Adding important internal links, other media and links to social media pages can help increase engagement. You can also add a contact form to serve as a lead generation tool to gather emails.

What Info Should I Put on My About Us Page?

Before creating an About Us page, here are a couple of things you need to do.

First, identify your audience or target market. Better yet, create a customer persona. Use this knowledge to customize the content on your page and reach out to that audience. Stay away from the typical general corporate-speak. Rather, use a personal but professional tone and feel.

Second, provide key context. The About Us page should show what your customers want to know about you. Every element, from text to multimedia, should be a part of your story. Make this page appear ‘human’. Customers enjoy getting a sense of the company behind a product and website.

How to Structure Your About Us page

Teaser or Tagline

This is a brief phrase or statement that summarizes your organization. Copyblogger was witty enough with their power statement. What is your company about in a nutshell?

about-sample-copyblogger

The Round-Up

This section usually contains a paragraph or two. It features your company information, vision, goals and main accomplishments. Be careful not to overdo this by using empty superlatives. The goal here is to provide information and not to gloat.

about-sample-nng
A straightforward About Us page example from the Nielsen Norman Group.

Quick Facts

Add some quick facts on your About Us page. This can come in different forms. You can add information about your team, history, performance, or your office culture. Stay with the facts and let your customers be the judge. Get creative by using different multimedia or graphic elements. Just remember that whatever you put should be accurate and verifiable.

about-sample-abbvie
Easy on the eyes information from AbbVie.
about-sample-woothemes
Simple but informative layout from Woothemes.

Outsider’s Perspective

If you have industry awards, reviews and testimonials, let them be known in your About Us page. If you have a lot, you can add some highlights in the About Us page and link to a sub-page where the rest of the info is placed.

about-sample-blue-fountain-media-awards

Engagement

This is an avenue for interaction. Add elements like a contact form, social media buttons, and calls-to-action.

about-sample-blue-fountain-media-2

Introduce Your Team

Adding information about the people behind your company will boost your credibility. Take time to post photos or some quick information about your team. The National Center for Biotechnology Information found that photos inflate subjective feelings of truth.

How to Create an Awesome About Us Page

You can create your About Us page just as you would any other page. Some WordPress themes have a built-in special About Us page template. If your theme does not have that, you can create a simple About Us page by going to Pages and clicking on Add new. Add your content and then click on Publish to save your page.

about-us-add-new-page

Add content to your About Us page as you would to any other kind of page.

about us create page add content
Name your page “About”, “About Us” or “About ”. Use the same for the permalink.

about us create page

How to Add Your About Us Page to Navigation Menu

Once you’re done saving your page, you need to add it to your navigation menu. Go to Appearance > Menus.

To display your About Us page in your menu navigation, select About Us page in the list of pages. After that, click Add to Menu. Drag it to desired position. Click on ‘Save Menu’ when you’re done.

Plugins that Can Help Create an About Us Page

Plugins are your go-to solution if you don’t know how to code. Here’s a list of plugins that you can use to create an awesome About Us page.

Powr About Us

powr-about-us-pluginPowr About Us is a plugin with free and premium versions. The free version lets you create profiles for your company and employees. It has the features from the premium version, but it shows the plugin’s watermark logo and has limited support. The premium version has premium support, analytics, no access limits and no watermark logo. Once installed and activated, you will see a plug icon integrated in your Pages editor. It’s a drop down menu that lets you add shortcodes in the content area. This will help you create a professional About Us page. Once added, you will be able to edit them on the front end of your site.

Page Builder by SiteOrigin

page-builder-site-origin-pluginPage Builder by SiteOrigin is a free drag and drop page builder. It adds a ‘Page Builder’ tab in the Pages editor after installation and activation. This plugin has a lot of options that you can use to create an About Us page. It allows customization of page dimensions, layouts, and adding different elements to the page. For more advanced users, you can also use CSS to further tweak the look of your page. The plugin allows for creating some very unique About Us pages.

Team

team-about-us-pluginThe Team plugin by ParaThemes will help you build a responsive grid team profiles in WordPress. It uses pure HTML & CSS3 and is easy to customize. It lets you create profiles that include descriptions and links to social media profiles. The free version gives you enough customizations with unlimited team members. If you are not satisfied with the free version’s options, you can get their pro version which gives more in-depth custom controls. It has drag and drop, pop-up profiles, and more display options.

In Summary

The About Us page is an essential part of any website as it introduces your company or organization to your audience. For a Woocommerce site, having a good About Us page may result to an increase in the site’s performance. Creating an About Us page is simple and easy but you need to build it with your users in mind. You may also enlist the help of a plugin to help you create one. Do you have any more tips or ideas that you’d like to share regarding About Us? Let us know in the comments.

6 Things That Slow Down Your WooCommerce Site and What You Can Do To Fix It

By Leave a Comment

highway-speed-lightsIf you see that your WooCommerce site visitors are leaving your site not long after they get in, you might want to check if your site is loading fast enough. Slow page loading is one of the primary reasons people leave websites. Studies have shown that a 1-second delay in page response can result in a 7% reduction in conversions. Even Google admitted they hate slow-loading sites and penalize the ranking of slow websites. In this article, we will get into the factors that cause your site to slow down and how you can fix them.

Unoptimized Images

camera-lensIt is critical for WooCommerce sites to have optimized images, specifically product images. The sheer number of product images and alternate images can significantly affect a WooCommerce site’s page speed. You might want to aim for a file size not larger than 100kb. But this is just a rule of thumb. Full-width images are of course an exception. Also always try to use appropriate sizes. For optimum speed, the images should not exceed the size of the placeholder. Lastly, try to adjust the quality of the image. It doesn’t mean you compromise image quality. There are ways to reduce image file size without affecting image quality. You can optimize the image by adjusting some settings and removing some color palettes that are not observable by the naked eye.

We suggest a plugin called WPSmush.it. This is a plugin that automatically optimizes the image as you upload your images through the WordPress Media Library. Still, it is important that you optimize your images before uploading them. Learn more about pre-upload adjustments in our post about image optimizations.

Serving Content without Caching

Content caching is basically preprocessing the files and storing them as static content instead of asking the server for the contents upon each client’s request. The static content can be stored either from an intermediary nearby server (server-side caching) or from the client’s web browser (client-side caching). This practice reduces page load time significantly because it reduces server load and the content is served from a closer location. Caching can improve your website speed by up to 300%. If you are looking for a caching plugin, we can recommend WP Super Cache.

Having Too Many Plugins Installed

run-track-and-fieldPage size is not the only thing that has a direct impact on your page load time. The total number of HTTP requests is a major factor as well. Every image, JavaScript file, CSS file, and jQuery file adds up to more HTTP requests.

This is why having too many plugins installed on your WooCommerce site is not advisable. The same goes for having a theme with a lot of bundled plugins. Plugins can have their own stylesheets and scripts and these add to total the number of requests. Of course, it depends on the plugin. Some plugins have efficient code, but others can have issues with poorly coded PHP scripts. A poorly coded plugin needs a longer server processing time before it completes a calculation. That’s why it is important to only use plugins that you really need. Avoid plugins with too many features that you don’t really need.

Not Minifying Scripts and Stylesheets

Even if you already uninstalled unused plugins, chances are you will still have a couple of individual stylesheets and scripts queued for request. Minifying is a technique made to handle this issue. What it does is combine stylesheets and scripts. So instead of 5-7 stylesheets and 9-12 scripts, you will end with a single file for each type. After combining, it will further compress the files and serve them with gzip compression. This technique reduces the number of requests and page size significantly. Don’t worry about the technicalities of minifying though. W3 Total Cache has Minify together with the caching service.

Plenty of Externally Hosted Content

binary-treeAnother culprit in slowing down a site is having externally hosted content. They can look harmless at first but without moderation, your site will get bogged down by these contents. Your site will only be as fast as your external host server. It is not limited to external videos, audio, and images. External content can also be stylesheets and scripts. One common culprit is the overuse of Google Fonts, so as much as possible try to only use at most 2 font families from Google fonts.

Server Load

Server overload is a common problem, especially for site owners that use shared servers. Shared servers don’t cost that much but they have their limits. Most of these servers can’t handle huge amounts of traffic. One solution is to invest in a pricier dedicated server. Another one is to use a Content Delivery Network (CDN) service. CDN is a system of distributed servers. Basically, you can apply to use a CDN service and they will store your cached site in their server systems across the globe. You can use the W3 Total Cache plugin to easily set up a CDN for your WooCommerce store.

Conclusion

It is important to invest in speed optimization to maintain a good user experience across your WooCommerce store and if you want to keep your SEO rankings. To test your WooCommerce store’s speed, you can use Pingdom’s site speed test or Google’s page speed tool. If your site takes more than 2 seconds to load, you have to make some adjustments. Hopefully, the pointers above will help you achieve an acceptable page load speed.

Was this article helpful? Do you know of any tips to help improve a WooCommerce store’s page load speed? Let us know in the comments.

Analytics Reports Help Your Online Store Maximize Profits

By Leave a Comment

SnapCrab_2015-06-26_15-06-01_No-0000

There is abundant data available on the Internet to help you better understand website traffic. All that data can be meaningless if you don’t know how to analyze and interpret it. Once you do, you could use the information to maximize your online store’s profits. You can do all that by making proper use of analytics reports.

Google has its own service for tracking and reporting website traffic – Google Analytics. Ecommerce sites can use analytics reports from this tool to assess their overall performance. Best of all, it’s free.Before we go any further, the first thing you need to do is register for Google Analytics and install the tracking code.

Creating Custom Reports

The most useful feature in Google Analytics, custom reports allow you find the data and presentation that is most relevant for your goals.You pick the dimensions and metrics and decide how they should be displayed. Google Analytics has over 70 standard reports to select from.

SnapCrab_2015-06-26_15-06-22_No-0000

This article can help you learn how to create and manage custom reports on Google Analytics on your own. You need not be an expert right away. What’s important is that you understand the process. Here’s another helpful resource on creating a custom report.

Wooassist Analytics Team

Google Analytics can monitor promotional activities, lead generation, visitor’s behaviour and conversion pattern. It can benefit your ecommerce store more than you expect.

Most website owners choose to do it themselves, but they end up collecting incorrect data. No matter easy it is to implement Google Analytics, you may still need the help of experts to make the best use of the data collected. If you find it too technical, or even time consuming to focus on, our Wooassist team can help you.

Let us support your online store so you can manage your business

Get started today

Get 2 Hours of FREE SUPPORT

We are so confident that you will love our services that we will give you your first 4 hours at a 50% discount

That’s 4 hours for only $75

Free eBook

5 Things Every Online Store Can Fix On Their Website In The Next Week To Increase Sales

Wooassist

Australia:
59 Luke St.
Hemmant QLD 4174

Philippines:
San Miguel St.
Poblacion, Iligan City 9200

Connect