In 2020, Astral Web has released a range of apps for Shopify store owners to help grow online and extend shops with needed functionality.
We will continue to add new Shopify apps and listen to our customer requests.
Require terms and conditions consent before customer checkout
Get maximum SEO value for your product images alt text tags
Easily create a great FAQ section for your store
Tools to guide customers with sticky bars to checkout
To be honest, we were initially a bit surprised by the positive performance of several campaigns on Bing Ads (now Microsoft Ads). For several of our clients, it has a significantly higher ROI than Google Ads, albeit with a smaller audience.
However, when viewing campaign performance for a couple clients, I noticed that the portion of ads served via the “Microsoft Audience Network” had a conversion rate that was significantly lower than that of Search Ads.
To get a quick look view of this, you can compare the columns Search Ads Total vs. Audience Ads Total on your Campaigns or Adgroups gridview.
This can be done at either campaign or adgroup levels:
Note that, ad the adgroup level, there are additional options to control the delivery platforms that ads will be served on, described by Microsoft here.
It’s definitely looking at their delivery networks and figuring out what has the best ROI for your campaign. I just wanted to share the answer to those of you who see discontinuing the Audience Bids as an easy way to stop wasting money 🙂
The newest versions of WordPress with the Gutenberg editor make inserting anchor links a very straightforward task.
The new WordPress interface has a field specifically for adding anchor links to blocks that are using a header tag (H1, H2, H3). Simply click on your header block, open the Advanced dropdown, and give your header a unique link (no spaces or characters).
If you view the html you’ll see that this field inserts an <id> tag to your header that had to be manually added in the classic editor:
<h2 id="first-section-header"><strong>What is Lorem Ipsum</strong></h2>
For this step, simply use the hyperlink tool to add the unique link you’ve created preceded by a “#” (hash or pound).
If you are working with the classic WordPress editor, the only difference is that you’ll need to create the anchor links for each heading directly in the HTML or using an extension.
The most secure methods for protecting personal and sensitive information are constantly evolving as industry practices and bad actors continue to push each other to the next level.
However, there are several best practices to follow that minimize your risks and, by extension, the risk of any organizations that you belong to. Below we outline a few starting points which protect both individuals and businesses.
If you’ve been active online for a while, there’s a good chance that you’ve already been involved in some sort of data leak. A cool website built by Troy Hunt, https://haveibeenpwned.com, scrapes a variety of public sources to provide a database of compromised emails and accounts associated with breaches.
You can subscribe for notification if your email is discovered in any future breaches, hopefully giving you a better chance of mitigating any fallout.
If nothing else, check out this site to get a sense of how common data breaches are and get inspired to put in a little extra effort.
The best place to start in securing yourself and your organization is your passwords. For the points steps below, a password manager such as Last Pass is a great option that allows you to quickly create, update and manage your passwords.
If you’re an organization for which security has to be absolutely airtight, you may want to manage your passwords internally. However, in most cases, the security gained from a dedicated third party manager is greater than the risks of having all your passwords in one location.
Password Makeup: The obvious starting point for security is to ensure that your passwords are making use of as many characters as possible.
If you’ve tried to use your old go-to password from 2005 (e.g. myDogsName) you’ll notice that most sites won’t accept a simple string of letters anymore. However, simply substituting a 0 for an o and adding a “!” isn’t much of an upgrade. Massive databases of common substitutions and punctuation placements makes the password myD0gsName! only marginally more secure than the original.
Modern browser versions as well as password managers will auto generate and store complex passwords for you. When using an application like this, there’s no reason not to make your passwords as long as possible, making them exponentially more difficult to crack.
When storage of an auto-generated password isn’t an option (e.g. your password for your password manager), a good method is to create a “passphrase.” For example, YouknowmybirthdayisonJuly2(woohoo)butyoustillwon’tcrackthis!
Password Diversity: Making use of unique passwords for different accounts means that, when a breach occurs on one account, the remainder of your accounts don’t immediately become available to whoever gives it a shot.
Password Frequency: Similar to above, changing your passwords at regular intervals reduces the chances of being affected even if your account information has been compromised. If you’re working with software like we do, you can often set passwords to expire at set intervals.
Wherever possible, use 2 factor authentication. Despite hackers finding sophisticated ways around 2FA, it’s still an extremely important component of online security
Nearly all major companies now support some form of two factor authentication through apps such as Google Authenticator and Authy or direct SMS.
If you can’t be bothered to use 2FA for all of your accounts, be sure to have it in place for the most crucial ones such as your email and your password manager (any accounts that share access and information with other websites and services).
If you manage an organization or network, we’d suggest making 2 factor authentication mandatory for all users.
There’s really no excuse for websites that store any personal information (not to mention accept payments) to be without an SSL certificate. Up-to-date browsers are increasingly forceful about alerting you to being on websites that have insecure elements but you can ensure the connection with a browser extension such as HTTPS Everywhere by the EFF.
The most common way for your accounts to be hacked is not through a superspy remotely hijacking your computer but rather through simple emails that trick you into forking over the keys to the kingdom.
When you receive an email with any request for you to login or provide information, take an extra moment to verify the domain of the sender and the domain of the link provided. Not seeing a green HTTPS padlock on any login page is a significant red flag.
Any company that takes security seriously will not ask you to provide your password via email or phone call.
In the event of any suspicion, look up publicly listed information and contact them directly.
Furthermore, look out for unusual requests from contacts within your organization or contacts list. Maybe you have a great password, but your friend doesn’t – use another channel to confirm that the request really came from your friend or coworker.
Easily skipped over inconvenient interruptions, the updates to your browsers, software and operating system often include crucial security patches.
For most smaller organizations and businesses, the best first step is to enforce the points outlined above at at an organizational level: have minimum password requirements, use an organization-wide password manager and require 2FA for any accounts connected with your business. Wherever possible, enforce enforce enforce! It’s easy for all of us to get complacent so, wherever it’s an option, enforce these measures through software or platform settings (microsoft, G Suite).
Again, these tips are a supplement rather than a substitute for a comprehensive internet/information security plan.
Larger businesses should have systems in place for a hierarchical information access. However, it’s important to implement for smaller businesses as well, even if it’s not an explicit policy – the basic concept is to segment access so that individuals (and networks) are only interacting with the information that’s necessary for their work.
At smaller businesses and startups where one individual can wear a lot of hats, it’s rarely so black and white. However, it’s still important to take basic steps to audit access at scheduled intervals.
This may sound obvious, but, particularly in smaller organizations, it’s very easy to make “exceptions” in the interest of expediency, particularly when clients are involved as they our in our daily workflow. In those situations, it’s helpful to be able to fall back on “I’m sorry, we’re unable to do that due to an internal policy,” as it draws a line on the conversation, even if someone thinks they have a compelling argument for sharing.
When an employee moves on, it’s an absolute must to change their passwords and review access immediately. Make sure that someone is responsible for a full audit of their access to primary and related company accounts. The more organized your password and SOPs for access management, the easier this is.
For offices with access to sensitive information, communicate an explicit policy against any written passwords or credentials being left on desks where passers-by can see them.
The fact is that we’re all busy and security can easily become an abstract concept that takes a back seat to the immediate task at hand. The more that your security measures are documented and communicated, the less likely they are to be considered “suggestions” by employees and coworkers.
Implementing a regular audit of password security, 2FA and access and communicating best practices for operational security in writing makes security more tangible. Making it clear that these steps are for each individual’s security can be more effective than a dry document about company assets.
The modern business needs to be alert to more than just cyber threats; ninja’s are out there and you need to take actions to defend against them.
After you’ve dug your moat, we’d recommend investing in robot alligators – regular alligators just eat bad ninjas, cyborg alligators laser them and eat them simultaneously. Any serious security professional will tell you that this is just good sense.
Ok, just kidding… get regular alligators
jabber.sh is a replacement for the built-in Jabber/XMPP functionality within Zabbix. You may need to install ‘sendxmpp’ prior to installation. This is functional in an Ubuntu Xenial server installation, but the path may vary for CentOS/RHEL deployments.
Contents of /usr/lib/zabbix/alertscripts/jabber.sh:
#!/bin/bash
to=$1
body=$2
cat < $2
EOF
Adjust ‘user’, ‘server’ and ‘password’ accordingly for your particular setup. The script should be owned by the zabbix user and have execute permissions set:
-rwxr-xr-x 1 zabbix root 288 Jun 16 05:11 jabber.sh
To test, simply execute the script like any other. Note the arguments passed into it:
# /usr/lib/zabbix/alertscripts/jabber.sh recipient@server message
If unable to send, try using sendxmpp outside the script and make sure it can send that way, then debug the script as required.
Your Zabbix should look like this:
Note that the ‘Type’ of the media for the user corresponds to the name of the script we added earlier.
Email follows a similar procedure. Just make sure to have the necessary PHP modules installed. Below is the setup to use a gmail account:
Contents of /usr/lib/zabbix/alertscripts/phpmailer.php:
#!/usr/bin/php
require_once "Mail.php";
$from = "ZABBIX <user@domain>";
$to = $argv[1];
$subject = $argv[2];
$body = $argv[3];
$host = "ssl://smtp.gmail.com";
$port = "465";
$username = "username";
$password = "password";
$headers = array ('From' => $from,
'To' => $to,
'Subject' => $subject);
$smtp = Mail::factory('smtp',
array ('host' => $host,
'port' => $port,
'auth' => true,
'username' => $username,
'password' => $password));
$mail = $smtp->send($to, $headers, $body);
?>
Adjust ‘user’, ‘server’ and ‘password’ accordingly for your particular setup. The script should be owned by the zabbix user and have execute permissions set:
-rwxr-xr-x 1 zabbix root 572 Jun 16 12:26 phpmailer.php
To test, simply execute the script like any other. Note the arguments passed into it:
# /usr/lib/zabbix/alertscripts/phpmailer.php [email protected] subject body
Make Zabbix look like this:
Note that the ‘Type’ of the media for the user corresponds to the name of the script we added earlier.
Most important step! This tells zabbix to actually use everything we just set up. Once this is enabled, flap a server to give zabbix something to tell you about. Check Pidgin and your email to see if it worked! 🙂
