A few weeks ago I had a client email me with this message:

Just got this. I haven't made any changes on the site recently, have you?
....
> Subject: File alarm for My website
> The following files generated alarms:
> ALARM: /home/abc/public_html/404.php was modified: 01/02/2013 01:29:42
> If you did not modify these files - please check for possible hackers on your site.

This alarm came from a script I’d installed on his site a few months ago, which checks for new / modified scripts on the server. After getting his email, I checked out the file, and determined it was indeed a “suspicious” file, and that a hacker had indeed breeched the site.

After removing the file for safety, I contacted the hosting company, who confirmed that the file had been uploaded via ftp. Someone had leaked the ftp password, so we changed it immediately. In all likelihood the password had been given out at some point to a designer / programmer to upload something, and never changed.

So two lessons here:

1. Change your passwords regularly – and especially after you have changed programmers or developers. Also track when you give out passwords and to whom.

2. Monitor your site regularly for suspicious activity – hackers can get in from multiple avenues, sometimes not requiring passwords at all. So check and investigate any changes to your code, and try to determine how it happened.

Mobile web traffic is exploding – if you are not aware of it, your website is probably already getting 5-10% of its traffic from mobile devices (smartphones, tablets, etc.). How should you respond to this sea-change in the way your customers access your site?

I’ll be co-presenting on this topic with Tom Allebach (sitecats.com) at the Penn Suburban Chamber’s annual “Small Business University” event, February 1, 2013.

View SBU Flyer

Learn about the major web strategies for accomodating mobile visitors – including apps, “responsive design” and others. While preparing for this presentation, I was inspired to convert my website to a responsive design. It now renders reasonably well on all types of devices, without requiring multiple templates.

If you cannot attend this event, contact me and I’ll gladly discuss mobile strategies with you in relation to your business.

I just launched a revamped website, using a responsive-design template. What is that, you ask? Well, it means that the site should display well on any device – from a 20″ desktop monitor, to a smartphone screen. I believe many sites will go to this type of design going forward.

To see it in action, you can just take your browser and shrink it – squeeze it vertically, and see how the content shifts. Or load it in your tablet or smartphone. There are still some glitches to work out with the content / styling, but overall, I like the responsive capabilities.

I recently upgraded 2 clients to 4.3.5 – both went pretty well, with minor glitches to work out. The 4.3.5 version may be the final release before the big upgrade to 5.0, which is a complete rewrite. I expect that transition to be a challenging one for most stores, so they may hang out on 4.x for a while.

Many hosting providers are starting to push users to php 5.4, as support for 5.2 and earlier is dropped. 1&1, for instance, is giving customers until April to switch (they are forced to switch in April). For many applications, 5.4 will not be a big issue, but some functions are removed in 5.4, so you should test your applications in advance, if you can.

I just completed an upgrade to Sunshop 4.3.4 for one of my clients. Overall the upgrade went well, with minimal errors to flesh out. With these upgrades the major issues are syncing up templates, and any code changes that were made. In this case, the code changes were nil, but the old site was running 4.2.0, so many templates had changed. For security reasons, I’m not listing the site (no need to broadcast any info about the software being run there).

In general if you can afford to upgrade to 4.3.4, that’s recommended. There are just too many security issues in the older versions. Even with patches applied, it’s best to do the upgrade.