Archive for the ‘Hints Tips and Tricks’ Category

CloudFlare, Caching, Bandwidth & Speed

April 19, 2016

Recently we have gotten a few queries from customers after the switch to using the CloudFlare services and I wanted to take a explain caching for those of you who are curious.


Part of the service that CloudFlare offers by default is a caching mechanism which saves your stores images, css and js files across the globe. This makes the sites load very quickly as the files can come from a server that is located very geographically close to the end user. See the map of CloudFlare’s data centers here .


StoreSecured tells CloudFlare how long to save static content and then once a single customer has requested a file, that file is ready for the duration of the cache period for super quick loading from the CloudFlare servers and it also tells the user to cache locally (this was done previously as well). Please note that it is a best practice on the web to cache static content like images, css, and js files and to use a  CDN like CloudFlare to do so.  Cache is especially important for images that are part of your store template, ie those that are on each page of your website as once a user loads a file once on the first page load there is no need for them to need to load it again, this makes subsequent page loads much quicker.


What happens when you want to change an image or css/js file and want everyone to see it right away? Here is where caching can be more of a pain for you as the site owner/updater.  If the image is cached then users will still see the old image until the cache time period has expired. The way around this is to give the new image a new name. This will ensure that the new image is immediately downloaded and viewed by everyone.  Yes, this can be a pain but there is a big trade off here in site loading time for your users.


By default all StoreSecured sites are operating on a 4 hour cache with CloudFlare. This number can be increased, decreased or the cache can be removed (not recommended but it is an option if requested).  To change the default number of hours to cache for your site please contact us via support ticket with the new cache time.   A separate cache expiration can also be set for different folders in your site if desired.


Hint: The longer that files can be cached the more efficient/quick loading your site will be.  If your images do not change often and you are comfortable with renaming them when they do change then we recommend at least a 1 week cache expiration.


If you view your StoreSecured statistics often you may also have noted that the number of hits shown in your statistics file has gone down since you switched over to using CloudFlare.  This is normal and a good thing and again this is attributed to caching.  This has nothing to do with visitors to your site.  The hits is an indication of how many different files that users request when they come to your site.  A single page view can generate hundreds of hits, ie each image, css and js file that is needed to load a page is a hit.  Thus when a file gets cached it no longer has to be requested from the StoreSecured servers and your hit counts go down.  This also reduces the amount of bandwidth that your site uses.  Your visitor count in the stats should mostly remain the same but may go down slightly due to new protection features that block bad bots, spammers and attackers.  Since those people never reach the site their visit is no longer counted.


If you have any questions, comments or concerns please contact us at


Instructions to change email passwords

April 29, 2013

To change your password just log in to web mail, if your password does not meet the strength requirements you will be prompted to change it.


What if I don’t know an existing password?

If you don’t know the password for a inbox you can reset it by logging in as the main email admin for your account.

To login as the main email admin go to
the username would be
If you don’t know the password for the managedomain inbox there is a link to have it emailed to you from general–>email–>setup instructions.

Once you are logged in as the main email user you can reset anyone’s password. Go to settings–>domain settings–>users. Click on the check box for the user you want to change the password for and then click edit. From there you can enter in a new password.


What if I’m not using the inbox?

If you do not use a particular inbox you should delete it by following the instructions above except choose delete instead of edit for the user you want to remove.

How to change the FTP password

June 27, 2012

In light of all of the recent password changes for the admin and email areas we have had some customers also ask about changing their FTP passwords to also be strong passwords.  FTP passwords can be changed from My Account–>Change FTP Password.  Only the main store admin can access this page and you must know your existing password in order to make the change.  We highly recommend that all users ensure that the FTP password meets the standard password complexity requirements to ensure comprehensive security for your account.

If you do not currently use FTP or do not know what your FTP password is you can visit General–>FTP to request that your password be emailed.  Even if you do not use FTP this is important because it is another way to access your store.


How to unsubscribe from feedback forum emails

May 15, 2012

Recently we have had some merchants asking how to unsubscribe from the feedback forum emails.


To unsubscribe

Go to My Account–>Feature Requests–>Feedback Forum

This will take you to the feedback forum

In the top right look for your name/store name, ie Signed in as x

Click on your name

Uncheck the box next to the emails that you do not wish to receive

Hit submit


New Password Requirements and Recommendations

April 24, 2012

There have been some questions lately regarding the new password requirements.  This article is meant to clarify and give recommendations for good passwords.

Password requirements:
Must be at least 7 characters
Must have at least 1 uppercase letter
Must have at least 1 lowercase letter
Must have at least 1 number
Must have at least 1 symbol, such as ` ! ? $ ? % ^ & * ( ) _ – + = { [ } ] : ; @ ‘ ~ # | \ < , > . /
Must not not be one of your previous 4 passwords

Recommendations for passwords
Do not use your name
Do not use your login
Do not use your friend’s name
Do not use your family member’s name
Do not use a dictionary word
Do not use a common name

To see some good examples or for help creating a good password please visit the strong password generator


Hint of the day

April 12, 2010

Did you know that you can edit attributes for an item directly without having to first go to the item edit page?  Go to inventory–>items–>attributes–>view/edit.  You will see a list of all attributes for all of your items, you can then search for attributes of a particular item or a particular option, ie Size, Color, Red, Blue, etc.


Hint of the day

April 7, 2010

The StoreSecured administration application is optimized for the Firefox browser.  We recommend using the Firefox browser when making edits to your store.


2 Tips to Reduce your Email Spam

December 1, 2009

Don’t use the catch-all email addresses for your domain name, instead use email aliases

A catch-all is a way to collect all email sent to a domain name that does not have its own email inbox.  Many merchants use this to collect email that is sent to different email addresses in a single inbox.  The advantage of a catch-all is that if a email is misspelled it will still be delivered to your inbox.  The disadvantage of catch-alls is that it greatly increases your spam.  Many spammers will send email to random emails at your domain name hoping to find one that you will receive.  Ie,, and so on.  If you have a catch-all setup for the domain name you would receive all of these emails that the spammer sent out.  If you do not have a catch-all setup for your emails then any email addressed to an address that does not exist is rejected.  If you would like to have a single email address that collects email for multiple names this can still be accomplished using email aliases instead of the catch-all.  Email aliases will ensure that you only receive email for addresses that actually exist.

To check and remove the catch-all for your domain first login as the main email administrator for your domain name.  This can be done from general–>email–>setup instructions.  Click on the button labelled Login to Manage Email.  Go to Settings–>Domain Settings–>Aliases.  Click on the set catch-all icon.  Make sure that the catch-all alias is set to No Catch-All and save your changes.  If you remove a catch-all and were having all mail directed to a single inbox then you shoud now setup aliases for the email addresses that you DO want to receive email for.  From the alias screen select the New icon.  You can now add the name which will be the alias name, ie if you want to accept mail for the user in your inbox then the alias name would be sales.  In the email address box type in the email address that should receive email for the alias.  For instance if should go to your inbox and your inbox name is then the name would be sales and the email address would be

Don’t setup your own domain name/email address as a trusted sender

When a trusted sender is added you are telling the email server to not check any email from that address and/or domain name as spam.   So if your domain name is and is on your trusted senders list, then any email from is automatically delivered to your inbox without checking if its spam or not.  Spam senders know that many email users mark their own domain name as trusted and they take advantage of this and they send email and make it look like it was sent by yourself, ie from and to

Check and modify your trusted senders list inside of webmail from Settings–>My Settings–>Trusted Senders.  And if you are logged in as the main administrator of your domain email you can also view and edit your trusted senders for the entire domain name from Settings–>Domain Settings–>Trusted Senders


Best Practices for Images

August 25, 2009
  1. Optimize all images for the web to a maximum of 90% quality.  This will make the image filesize 50% smaller, load in half the time and take up less bandwidth, all without sacrificing quality or image size.
  2. Dont use any special characters.  Use only a-z, 0-9, underscore and dash.  Special characters can cause problems with some older browsers and are not worth the trouble.  It is not a good idea to use spaces, quotes etc in image names.  Use a dashes or underscores instead of spaces in image names.  Ie little-red-wagon.jpg, not little red wagon.jpg
  3. Organize images into folders.  This will allow for easier finding of images and later management.  We have found that putting images into folders by department generally works out very well.
  4. Use keywords in your image names to help with search engine placement.  A name like little-red-wagon.jpg is much better then 123ABC.jpg and will also help to remember what the image is for.
  5. Don’t resize the images on the webpage.  It is better to resize the image before placing it on the webpage as this will ensure that the image loads more quickly.  If you upload a image that is 800×800 pixels and only display it as a 10×10 image it will still take as long to load as if it were displaying at the 800×800 resolution.

Use Maxmind to reduce fraud

January 29, 2009

Maxmind is a third party tool that is integrated with the StoreSecured and helps to identify and reduce the number of fraudulent transactions that are processed by the store.

The Maxmind service will check a variety of factors and give a score reflecting the likelihood of fraud for that particular transaction.

The following types of checks are done:
Is the user connecting from a high fraud country?
Is the billing address they have entered close to the location they are connecting from?
Is the user using a free email address?
Is the phone number located in the same location as the billing zip code?
And so on….

The cost for this service is $5 a month for up to 1250 queries. We highly recommend that all merchants use this low cost service to reduce the amount of fraud especially for high dollar items. Remember though no service is perfect and this will not 100% reduce your fraud. It is still up to you to decide which transactions to accept and which to deny but it will give you increased information to detect and stop a large majority of fraudulent transactions.

Many merchants ask, how should I use the maxmind service? Originally I would recommend that you set the fraud rejection score to 11. This will approve all transactions because the maximum score returned by maxmind is 10. As transactions begin to get maxmind scores you can see what kind of scores that they get from maxmind and determine what score is an appropriate rejection score. Ie I want to reject all transactions with a fraud score over 5. Once you set that score then no transactions with a score over 5 would be allowed to complete.

To get started with maxmind login to your storesecured account. Click on General–>Payments–>Fraud Control and complete the on screen directions and signup.