Archive for the ‘Important Changes’ Category

Email Security Changes and Maintenance Period 6/24

June 20, 2018

Effective June 24th there will be several security changes to our email server to comply with PCI rules.

  • Webmail will be moved from to (ONLY for Webmail).
  • Webmail must be connected to securely, ie https vs http
  • All connections to read/deliever mail should be done securely, using TLS (NOT SSL) connections
  • TLS 1.0 will be disabled, SSL will be disabled. All connections must use TLS1.2 or higher
  • The mailserver will not accept plaintext credentials. All credentials must be encrypted.
  • SSL access to the email server via ports 993, 995, and 465 via SSL will be disabled in favor of more secure TLS connections on ports 25, 110 and 143

Email Server Maintenance
The email server will be unavailable periodically during the maintenance period from approximately 8:00pm-midnight pacific time on June 24th to make the above changes.

How can I prepare for these changes ahead of time?
When using webmail start going to INSTEAD of

If using Outlook or other email program to read your mail make sure it is setup to use TLS connections with the proper ports:
To change this setting in Outlook

  1. With your Outlook client open, select Tools from the main menu. Then select Account Settings… from the drop down menu.
    This will open up the Account Settings window.
  2. If you have more than one email account configured, make sure that your StoreSecured Internet account is selected.
  3. With your StoreSecured email account highlighted, select Change.
  4. This will open another window called “Change E-Mail Account“.
  5. Click More Settings….
  6. This will open another window called Internet E-mail Settings.
  7. Click the Advanced tab.
  8. Look in the section called Server Port Numbers.
  9. In the drop down menu under Incoming server select TLS from the list of options.
  10. If you are using IMAP the port number should be set to 143.
  11. If you are using POP the port number should be set to 110.
  12. Then, in the drop down menu under Outgoing server (SMTP), select TLS from the options.
  13. Your outgoing server port number should be set to 25, in the Outgoing server (SMTP) field or port 587 can be used as an alternate SMTP port if you cannot connect via port 25.

Additional Questions
If you have questions about your particular setup, email program etc, please contact StoreSecured support via our support system for additional assistance.  Also you can read our FAQ about the change here.


New Feature – Secure Custom Domain Names

November 15, 2016

StoreSecured now supports the ability to make your custom domain name the secure name for your store as well.  Ie currently if you have a name like your secure url during checkout might be something like

The new functionality will allow you to keep your custom domain name active for the entire checkout process, ie no switching the name during checkout.  It will also enable the store to be in secure mode 100% of the time.



Your site must be using the Cloudflare service in order to activate your custom domain name as the secure name.  If Cloudflare is not yet activated you will be unable to proceed.


To enable this feature please visit

General–>Domain Name–>View/Edit

Click on the Edit link for the default custom domain name

Check the box labelled, Set as secure

Select the Save button


The store will now use the secure default domain name for all pages of your site and will no longer switch back and forth.

Old method for shopping etc once login and checkout are started

Once changed used everywhere

All old urls will continue to be active, ie visitors coming in to would be redirected to the stores default domain name.


Important Considerations

The store will automatically use secure mode 100% of the time if your secure name and default name are the same.  This is a good thing for Google and other search engines as it can boost your rankings since they now give preference to secure sites.  It is important to note however, that if you are using external scripts, image paths or full path to other references that are unsecure, ie http vs https, these external unsecure references can potentially give an error message to your customers on the secure page.  Ie something like, warning there are unsecure items on this page.  The actual security is not compromised but the error message can scare away some customers.  Therefore if you want to take advantage of this functionality we highly recommend first ensuring that you do not have any unsecure paths referenced.

We normally see these unsecure paths coming from external scripts, ie things added to the template like, 3rd party seals, 3rd party javascript, counters or statistics scripts, or images that are hosted outside of our system.  If you are receiving these unsecure errors and need help determining how to correct or find the issues please contact our support team by submitting a support ticket, we would be happy to help.

Important data storage change

August 3, 2016

Important changes regarding credit card data storage.

Due to the ever changing PCI landscape and increasingly stringent PCI rules and regulations, moving forward StoreSecured will no longer store full credit card numbers. Storing this information causes increased potential risk and PCI burden for StoreSecured and all our merchants.

Effective 9/1/2016 ONLY the last 4 digits will be stored for new transactions.  All existing full credit card numbers stored in the system will be removed by September 16.

For merchant using No Processor, (manually processing credit cards)

Please note that this means that StoreSecured will no longer support offline manual credit card processing due to the requirement to access the full credit card numbers for doing so.  Instead we recommend the usage of one of our low cost gateways for real time processing such as Braintree or PayPal.  See general–>payments–>gateway.  All merchants using no processor have been contacted previously about this change.

For merchants using a real time payment gateway

Please note that the credit card information is NOT required for credits, voids or refunds.  The last 4 digits of the card number will be saved for reference purposes and also for a few gateways who require the last 4 digits for refunds and captures.  In addition most gateways provide a way to re-charge a customer who has already made a purchase through your store, thus making access to the credit card information not necessary.

Merchants, your PCI compliance scope should be reduced with the removal of access to this sensitive information which may mean less strict requirements and an easier yearly questionnaire.

For any questions, comments or concerns regarding these changes please contact us via the support system or at

Merchant Action Requested – DNS Change

April 13, 2016

**Merchant Action Requested for Custom Domain Names**
If your store uses a custom domain name, for instance the following instructions apply to you.

If your store is only available at a subdomain, for instance, or the below information does NOT apply.

In order to take full advantage of the planned upgrades and for a more seamless transition we urge all customers who are currently using Rackspace nameservers to update your domain nameservers.

If your current domain nameservers are:

Change the domain nameservers to:

ONLY the two CloudFlare name servers should be present. All other nameservers must be removed.

Your website will not experience any downtime when you change your nameservers.

How do I change nameservers?
Nameservers can be changed at your domain name registrar, ie the company who you pay your yearly domain name fee to. Some examples of domain name registrars are network solutions and godaddy.

Why do I need to do this?
We are transitioning all merchants who use the Rackspace DNS to Cloudflare DNS for their advanced zone apex management and traffic protection. The Rackspace DNS is older and does not provide the necessary support and automated management. All sites WILL continue to function even if the change is NOT made but we will be unable to automatically route your shoppers to the least busy server.

What is CloudFlare?
CloudFlare offers regular DNS services along with traffic acceleration, DDOS protection and a worldwide CDN. As part of the DNS switch we will also activate CloudFlare’s advanced features on your site. You can read more about Cloudflare at

Special notes and considerations
If you use your domain name for any services outside of StoreSecured, ie 3rd party email or websites please let us know so that we can ensure your setup is correct for the switch over.

If you have any questions, comments or concerns please contact support at, we would be happy to help.

Bandwidth limits doubled for all merchants

November 4, 2013

Ho Ho, Merry Christmas, Santa has come early this year.  Just in time for the busy holiday shopping season we have negotiated a new deal with our hosting provider to offer additional bandwidth for all of our merchants.  The new plan limits will take effect for the November billing cycle which is billed at the beginning of December.


Old Bandwidth 16 GB

New Bandwidth 32 GB


Legacy merchants, please visit the plan limits for legacy merchants help page for information on new bandwidth limits for your plan.


To change an existing bandwidth subscription based on the new limits please contact support via the help desk system.  Note: the extra 16 GB is equivalent to approximately 3 bandwidth subscriptions.

Login Changes Completed

August 3, 2013

The login change mentioned previously has now been implemented. All customers can now login using either their email or their old user name.

No changes or settings are required for individual stores.

What exactly has changed?

  1. Customers will no longer be asked to create a username when creating a new account, the email address will be used instead.
  2. The user name field on the login screen for returning users has been changed to be labelled Email.
  3. There are no longer separate email addresses for billing and shipping, the login email is used for both.
  4. If an existing customer tries to re-register the system will prompt them to login (if login is enabled for the store), or they can continue with registration.

Comments, questions, issues, please submit a support request.

Important: Log in change coming

July 26, 2013

Effective Saturday August 3rd evening all stores will be switched to a log in method based on email address INSTEAD of user name.  To prevent confusion or problems, all existing customers will be able to log in using EITHER a user name OR email address.   New customers will no longer be asked to choose a user name upon registration and the system will automatically use the email address for this purpose.  The fields currently labelled User name will be modified to say Email Address.  This change will enable easier registration for users as well as easier return log in with no need to remember a user name.   The email address log in is now standard among most online stores.


The store will no longer ask for separate email addresses for billing and shipping.  The email address given will be used in place of both and all customer email notifications will be sent to that address.   No changes are required from individual store owners, our team will update all stores automatically with the new functionality.


This notice is being given 1 week ahead of the update to allow you to notify your customers if you feel it is necessary before the change takes place.  Existing users can still log in with their user name if they so choose.  For example if the user name is entered instead of the email address in the email field it will be accepted and the user will be logged in.


We want to make sure this transition is smooth for all of our clients and their customers and welcome any questions, comments or concerns via support request.

Important Changes – Blog Summary and Abandoned Purchase Email

May 22, 2013

Blog Summary Changes

The blog summary handling has been modified to include a separate summary field.  Merchants can now define a special blog summary which will be shown on the main blog page instead of the full blog post.  This replaces the previous handling where we were automatically cutting down the full blog post to 500 characters.  Automatically cutting the blog post was creating problems with invalid html on many blog posts due to html throughout the posts and tags no longer matching.  If no separate blog summary is given the entire post will be shown on the summary page.  To create summaries for your blog posts please visit the blog post edit screen, ie Design–>Blogs–>View/Edit

Abandoned Purchase Email

A check box has been added to the abandoned purchase email notification to alert the store admin about the abandoned purchase.   This email will automatically be sent, if it is enabled, at the same time that the email is sent to the customer about their purchase.  This allows the store admin to follow up with the customer if necessary.    To enable the admin notification go to General–>Email–>Notifications and look under the Abandoned Purchase Email heading.

Email Password Strength

April 24, 2013

Recently we have been visited by spammers who were able to send spam through a few of our merchants email accounts.  The email accounts which were compromised had easy to guess simple passwords.  These attacks have affected our reputation as an email provider which in turn affects the deliverability of messages sent from our server.  It is everyone’s responsibility to ensure that your email inbox’s have strong passwords to prevent these types of attacks from happening.  Our staff is working hard to restore our reputation but we need help from you.  Please double check all of your email inbox passwords to ensure that they are using strong passwords consisting of at least one each of the following:

  • upper and lowercase letters
  • number
  • symbol
  • at least 7 characters

The strong email passwords have been a requirement since June 25th of last year but they are only enforced automatically for users who login via webmail (to see the applicable blog entry click here).  Over the next few days we will be sending support requests to stores which have email passwords that do not meet the strong password criteria and asking you to update them if applicable.  Inbox’s which do not meet the password requirements will be limited to only sending a few messages per hour beginning May 1st.  To change your password just login to webmail, if your password does not meet the strength requirements you will be prompted to change it.

I know, these types of updates and new requirements aren’t fun and it they take time away from your core business but security is important.  Hackers and spammers are getting more sophisticated every year and we all need to stay ahead of them to ensure your business and ours runs smoothly.

FTP Enable/Disable

March 28, 2013

Per our previous blog post regarding the important FTP changes, if your FTP password does not meet the password strength requirements your FTP access been disabled.  If your FTP account was disabled it can be re-enabled by updating your FTP password from My Account–>Change FTP Password and then enabling FTP from General–>FTP.

If you do NOT use FTP we recommend keeping it disabled.