19 May

Magento EOL: Am I able to retain PCI Compliance on Magento 1?

With Magento’s end of life (EOL) fast approaching we’ve had some clients raise the question – ‘Are we still PCI compliant after June?’. PCI compliance can be very ambiguous with the PCI Council rarely commenting on specifics. This has led some actors to jump in and claim that they’ll look after clients wanting to stay … Continue reading

28 Nov

Patching Magento SUPEE-10975

SUPEE-10975 is an important security update for Magento to address remote code execution and SQL injection vulnerabilities. Where to download Its best downloading the patch from the Magento.com download section - or via MDA - the Magento download tool (this is what this guide will use). Dependencies SUPEE-10975 Applying the patch The application of this … Continue reading

14 Oct

Patching SUPEE-8788

SUPEE-8788 is an important security update for Magento to address remote code execution and SQL injection vulnerabilities. Unfortunately, Magento have released two versions of SUPEE-8788 due to insufficient testing that lead to conflicts with previous patches. The original SUPEE-6788 patch (released before 14/10/2016) is known as SUPEE-8788 v1 (although, this it is not identified as … Continue reading

10 Apr

Identifying and blocking "Bad" Magento traffic

There's a number of common attacks on Magento stores; that can range from aggressive crawlers/bots, to XSS attacks, to severe SQL/compromise attacks. There are two approaches to dealing with attacks of this nature, Automated - Through the use of a WAF Manual - By traversing log files for patterns and blocking said patterns/sources as necessary … Continue reading

7 Apr

Correcting incorrect timestamp after server migration

An issue we (admittedly infrequently) come across when moving Magento stores from one server to another, is when the previous server's time was incorrect - causing all historical order data to be incorrect on MySQL import. More often than not, we see stores migrated from US West (-7:00) show orders that are in the future … Continue reading

4 Sep

Fix for "No search results" after CLI reindex on Magento Enterprise (SOLR)

Edit shell/abstract.php and add Mage::app()->addEventArea('adminhtml'); public function __construct() { if ($this->_includeMage) { require_once $this->_getRootPath() . 'app' . DIRECTORY_SEPARATOR . 'Mage.php'; Mage::app($this->_appCode, $this->_appType); + Mage::app()->addEventArea('adminhtml'); } $this->_applyPhpVariables(); $this->_parseArgs(); $this->_construct(); $this->_validate(); $this->_showHelp(); }

13 Jul

Simple Magento performance/load testing with Mage-Perftest

Mage-Perftest is a simple Linux command line tool to test the performance of your Magento store, it can perform a number of clever operations which makes it far more suitable than siege or ab. Its not a replacement for fully fledged simulation tools (like jMeter), but it is simple to set up and run. You … Continue reading

16 May

The nolocal theming and packaging methodology

So this will cause ultimate uproar and go against the grain of every Magento developer - but we've got a solid process for theming - that does not use local.xml (more on that later). We always work off the base/default template - but zero out the CSS. Even though all designs don't particularly lend themselves … Continue reading