Archive for the ‘Hints Tips and Tricks’ Category

Email Security FAQ

June 25, 2018

Some common questions we have received so far after the update:

1) I am using Outlook or another program to read email do I need to update the server address from mail.storesecured.com to webmail.storesecured.com?

No, the https://webmail.storesecured.com address change is ONLY for those who are using webmail. If you are using Outlook or your phones email etc this does NOT change.

2) Should I enable Secure Password Authentication?

No, Secure password authentication should not be checked, it is only for certain types of servers

3) Should the SMTP port be 25 or 587?

Either one, it does not matter for us, your Internet provider may block one or the other so if one does not work, then try the other

4) Does the outgoing server require authentication?

Yes, the outgoing server requires authentication using the same settings as the incoming server.

5) Can I connect without TLS?

Yes, you can technically connect without TLS but it is then not a secure connection just like using a http vs https webpage. We highly recommend always using a secure connection.

6) My email software only shows a checkbox for SSL and no TLS?

On some email programs we have seen that they do accurately use TLS when you check the SSL box as long as you are connected with the correct port. If your email program does not have TLS selection please try using the SSL selection instead.
If you are using IMAP for incoming, use port 143, if you are using POP3 for incoming use port 110.

7) My email still doesn’t work, can you help?

Yes, if you are running an older version of Windows, ie Windows 7 or 8 it may not support TLS 1.2 by default. To verify this is the case please send your ip address (look it up at www.whatismyip.com) to our support team and we can confirm from the logs.

8) I have Windows 7 and TLS 1.2 is NOT enabled, how do I enable it?

Here is a link to some instructions on how to update Windows 7 to support TLS 1.2
Scroll down in the article about halfway to where it says:
Steps required to switch to TLS 1.2 on Windows 7 and start there.

http://www.teamnetworks.net/blog/4832/enabling-tls-1-2-on-windows-7-complete-instruction/

Follow the steps listed.

Try to connect via email again.

Alternatively here is a article directly from Microsoft describing the same process, I don’t feel it’s quite as easy to follow though you may prefer to go straight to the source.
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-a-default-secure-protocols-in

9) I’m still having problems?

If you are still having problems please contact our support team for assistance.

Advertisements

CloudFlare, Caching, Bandwidth & Speed

April 19, 2016

Recently we have gotten a few queries from customers after the switch to using the CloudFlare services and I wanted to take a explain caching for those of you who are curious.

 

Part of the service that CloudFlare offers by default is a caching mechanism which saves your stores images, css and js files across the globe. This makes the sites load very quickly as the files can come from a server that is located very geographically close to the end user. See the map of CloudFlare’s data centers here https://www.cloudflare.com/network-map/ .

 

StoreSecured tells CloudFlare how long to save static content and then once a single customer has requested a file, that file is ready for the duration of the cache period for super quick loading from the CloudFlare servers and it also tells the user to cache locally (this was done previously as well). Please note that it is a best practice on the web to cache static content like images, css, and js files and to use a  CDN like CloudFlare to do so.  Cache is especially important for images that are part of your store template, ie those that are on each page of your website as once a user loads a file once on the first page load there is no need for them to need to load it again, this makes subsequent page loads much quicker.

 

What happens when you want to change an image or css/js file and want everyone to see it right away? Here is where caching can be more of a pain for you as the site owner/updater.  If the image is cached then users will still see the old image until the cache time period has expired. The way around this is to give the new image a new name. This will ensure that the new image is immediately downloaded and viewed by everyone.  Yes, this can be a pain but there is a big trade off here in site loading time for your users.

 

By default all StoreSecured sites are operating on a 4 hour cache with CloudFlare. This number can be increased, decreased or the cache can be removed (not recommended but it is an option if requested).  To change the default number of hours to cache for your site please contact us via support ticket with the new cache time.   A separate cache expiration can also be set for different folders in your site if desired.

 

Hint: The longer that files can be cached the more efficient/quick loading your site will be.  If your images do not change often and you are comfortable with renaming them when they do change then we recommend at least a 1 week cache expiration.

 

If you view your StoreSecured statistics often you may also have noted that the number of hits shown in your statistics file has gone down since you switched over to using CloudFlare.  This is normal and a good thing and again this is attributed to caching.  This has nothing to do with visitors to your site.  The hits is an indication of how many different files that users request when they come to your site.  A single page view can generate hundreds of hits, ie each image, css and js file that is needed to load a page is a hit.  Thus when a file gets cached it no longer has to be requested from the StoreSecured servers and your hit counts go down.  This also reduces the amount of bandwidth that your site uses.  Your visitor count in the stats should mostly remain the same but may go down slightly due to new protection features that block bad bots, spammers and attackers.  Since those people never reach the site their visit is no longer counted.

 

If you have any questions, comments or concerns please contact us at support@storesecured.com.

Instructions to change email passwords

April 29, 2013

To change your password just log in to web mail, if your password does not meet the strength requirements you will be prompted to change it.

 

What if I don’t know an existing password?

If you don’t know the password for a inbox you can reset it by logging in as the main email admin for your account.

To login as the main email admin go to http://mail.storesecured.com
the username would be managedomain@yourdomainname.com
If you don’t know the password for the managedomain inbox there is a link to have it emailed to you from general–>email–>setup instructions.

Once you are logged in as the main email user you can reset anyone’s password. Go to settings–>domain settings–>users. Click on the check box for the user you want to change the password for and then click edit. From there you can enter in a new password.

 

What if I’m not using the inbox?

If you do not use a particular inbox you should delete it by following the instructions above except choose delete instead of edit for the user you want to remove.

How to change the FTP password

June 27, 2012

In light of all of the recent password changes for the admin and email areas we have had some customers also ask about changing their FTP passwords to also be strong passwords.  FTP passwords can be changed from My Account–>Change FTP Password.  Only the main store admin can access this page and you must know your existing password in order to make the change.  We highly recommend that all users ensure that the FTP password meets the standard password complexity requirements to ensure comprehensive security for your account.

If you do not currently use FTP or do not know what your FTP password is you can visit General–>FTP to request that your password be emailed.  Even if you do not use FTP this is important because it is another way to access your store.

How to unsubscribe from feedback forum emails

May 15, 2012

Recently we have had some merchants asking how to unsubscribe from the feedback forum emails.

 

To unsubscribe

Go to My Account–>Feature Requests–>Feedback Forum

This will take you to the feedback forum

In the top right look for your name/store name, ie Signed in as x

Click on your name

Uncheck the box next to the emails that you do not wish to receive

Hit submit

New Password Requirements and Recommendations

April 24, 2012

There have been some questions lately regarding the new password requirements.  This article is meant to clarify and give recommendations for good passwords.

Password requirements:
Must be at least 7 characters
Must have at least 1 uppercase letter
Must have at least 1 lowercase letter
Must have at least 1 number
Must have at least 1 symbol, such as ` ! ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | \ < , > . /
Must not not be one of your previous 4 passwords

Recommendations for passwords
Do not use your name
Do not use your login
Do not use your friend’s name
Do not use your family member’s name
Do not use a dictionary word
Do not use a common name

To see some good examples or for help creating a good password please visit the strong password generator

Hint of the day

April 12, 2010

Did you know that you can edit attributes for an item directly without having to first go to the item edit page?  Go to inventory–>items–>attributes–>view/edit.  You will see a list of all attributes for all of your items, you can then search for attributes of a particular item or a particular option, ie Size, Color, Red, Blue, etc.

Hint of the day

April 7, 2010

The StoreSecured administration application is optimized for the Firefox browser.  We recommend using the Firefox browser when making edits to your store.

2 Tips to Reduce your Email Spam

December 1, 2009

Don’t use the catch-all email addresses for your domain name, instead use email aliases

A catch-all is a way to collect all email sent to a domain name that does not have its own email inbox.  Many merchants use this to collect email that is sent to different email addresses in a single inbox.  The advantage of a catch-all is that if a email is misspelled it will still be delivered to your inbox.  The disadvantage of catch-alls is that it greatly increases your spam.  Many spammers will send email to random emails at your domain name hoping to find one that you will receive.  Ie emily@mystore.com, john@mystore.com, billy@mystore.com and so on.  If you have a catch-all setup for the mystore.com domain name you would receive all of these emails that the spammer sent out.  If you do not have a catch-all setup for your emails then any email addressed to an address that does not exist is rejected.  If you would like to have a single email address that collects email for multiple names this can still be accomplished using email aliases instead of the catch-all.  Email aliases will ensure that you only receive email for addresses that actually exist.

To check and remove the catch-all for your domain first login as the main email administrator for your domain name.  This can be done from general–>email–>setup instructions.  Click on the button labelled Login to Manage Email.  Go to Settings–>Domain Settings–>Aliases.  Click on the set catch-all icon.  Make sure that the catch-all alias is set to No Catch-All and save your changes.  If you remove a catch-all and were having all mail directed to a single inbox then you shoud now setup aliases for the email addresses that you DO want to receive email for.  From the alias screen select the New icon.  You can now add the name which will be the alias name, ie if you want to accept mail for the user sales@mystore.com in your inbox then the alias name would be sales.  In the email address box type in the email address that should receive email for the alias.  For instance if sales@mystore.com should go to your inbox and your inbox name is john@mystore.com then the name would be sales and the email address would be john@mystore.com

Don’t setup your own domain name/email address as a trusted sender

When a trusted sender is added you are telling the email server to not check any email from that address and/or domain name as spam.   So if your domain name is mystore.com and mystore.com is on your trusted senders list, then any email from anyaddress@mystore.com is automatically delivered to your inbox without checking if its spam or not.  Spam senders know that many email users mark their own domain name as trusted and they take advantage of this and they send email and make it look like it was sent by yourself, ie from sales@mystore.com and to sales@mystore.com

Check and modify your trusted senders list inside of webmail from Settings–>My Settings–>Trusted Senders.  And if you are logged in as the main administrator of your domain email you can also view and edit your trusted senders for the entire domain name from Settings–>Domain Settings–>Trusted Senders

Best Practices for Images

August 25, 2009
  1. Optimize all images for the web to a maximum of 90% quality.  This will make the image filesize 50% smaller, load in half the time and take up less bandwidth, all without sacrificing quality or image size.
  2. Dont use any special characters.  Use only a-z, 0-9, underscore and dash.  Special characters can cause problems with some older browsers and are not worth the trouble.  It is not a good idea to use spaces, quotes etc in image names.  Use a dashes or underscores instead of spaces in image names.  Ie little-red-wagon.jpg, not little red wagon.jpg
  3. Organize images into folders.  This will allow for easier finding of images and later management.  We have found that putting images into folders by department generally works out very well.
  4. Use keywords in your image names to help with search engine placement.  A name like little-red-wagon.jpg is much better then 123ABC.jpg and will also help to remember what the image is for.
  5. Don’t resize the images on the webpage.  It is better to resize the image before placing it on the webpage as this will ensure that the image loads more quickly.  If you upload a image that is 800×800 pixels and only display it as a 10×10 image it will still take as long to load as if it were displaying at the 800×800 resolution.