Wagento Creative

  • What I've learned about Magento 2 so far - Repost

    This is a repost of a Fooman blog. You can view the actual article here

    It's hard to believe that Magento 2 turned one this month. In the developer community we're finally starting to get a solid understanding of the quirks, opportunities and stability of the platform.

    I've spent most of this year re-writing Fooman Magento 1 extensions from the ground up. Learning the ins and outs of M2 has been a real labour of love. But these development hours have taught me a lot that I want to share with the #realmagento community in our new email series.

    Fooman's new Developer Monthly will hit your inbox with:

    • Our take on what's happening in the world of Magento
    • Tips & tricks: what we're learning
    • Developer Q&A: sharing what our users are learning about Magento 2

    Hope you find it useful. Send a quick reply to let me know what you think.

    What two years developing Magento 2 extensions has taught me Whether you write custom modules for individual clients or are aiming for the Magento Marketplace - M2 extension development is a whole new game. I've learned a heck of a lot rebuilding Fooman's M1 extensions from the ground up to be M2 compatible, and share six ways you can write better M2 extensions. Read more.

    Being a Magento extrovert is challenging Rebecca Troth shares a great read about overcoming fears to get involved in the #realmagento community. I suspect a lot of us can relate to this. Read more.

    Magento 2: UI Components UI Components are probably the most under-documented new feature in M2, but are a powerful feature we all will need to learn how to use. What I am currently hearing from Magento is that there will be even more UI Components coming to Magento 2. Alan Storm has started an excellent series digging into UI Components with this post.


    You can run Magento 2 in three different modes: default, developer and production. Magento 2 allows you to define which mode to run via a server variable (MAGE_MODE).

    My advice: don't bother setting MAGE_MODE on the server environment level unless you are absolutely sure you'll never need to change the mode. Find out what to do instead.


    So far you can download 4 free Magento 2 extensions:

    The following paid extensions are also available on M2:

    Stay tuned for new releases (including Fooman Surcharge, which is right around the corner).

  • What we expect in a Project Manager



    This article is a continuation of my series of articles around customer expectations. After reading the article from Pam Ravenscroft from Space 48, "Project Managers, where the hell are you all?", I got thinking about how important that the PM/PO's understand what they should be doing. More importantly, what are their priorities if they could only accomplish a certain amount of things in a week. The list I came up with is by no means a complete list. It is the list I came up in my head on during my 2-minute shower on November 15, 2016, my 5-minute drive to work and finally after reading Pam's article. (Yes I know, too much detail.)

    Scenario: PM/PO has to do make sure certain things get done during a one week period.

    So if we had to deliver something in a week, what would that be? The deep dive on this exercise is to get the PM/PO to ask certain questions that have to get answered. By asking the questions they can then enable themselves to deliver objective information to the client.

    He is my incomplete list, it is broken into two parts. Client communication and team communication. You will see that team questions will answer the client questions.

    1. How long do we still have to spend on the feature?
    2. What is our capacity this week and are we on track to deliver on time?
    3. Have changes impacted the timeline?
    4. Are we working on features we can work on while still getting requirements for additional features?
    1. What is the due date of the feature?
    2. How long have we spent on the feature?
    3. How long do we still have to spend on the feature?
    4. What are the changes on this feature and do they impact the timeline?
    5. Have you communicated this to the client? (REPORTS!)
    6. Have you spoken to the client this week about how they feel about the project?

    Hopefully, from the simple list of questions, we can learn all the things we need to know to communicate to the client. The communication needs to happen on a weekly basis and the more you can help the client understand when something has changed the better. So a great example is when you find that some feature will take longer than first estimated. This should be communicated the minute you as the project manager found out.

    So now, we had the subjective portion to project management. For this, I want to turn to Pam and her recent article. To effectively answer the questions and in-turn deliver those answers to the client some skills are needed. I only want to add three requirements to Pam's list.

    1. Are you organized?
    2. Are you a planner?
    3. Can you demonstrate the first two questions?

    For our own plug: We are based in Minneapolis, Cochabamba, Mexico City, and Ahmedabad. We have REAL offices in each of these cities staffed by REAL Wagento folks who care passionately about their jobs. We are hiring in all of our locations.

    Space 48's Article Excerpt

    The complete article is again linked here Now the real requirements

    You get your kicks out of a fast-paced environment, and I don’t mean disorganised, I mean busy!

    You absorb pressure like a sponge. I don’t mean you’re a punch bag for clients, I mean you can handle it, it’s all in a day’s work. If you hadn’t chosen a role in project management, you’d be a high-flier in the UN.

    Problems, you love problems, well you love solving them. That doesn’t mean its nothing but problems, but lets not kid ourselves they do happen but you can deal with them. That doesn’t mean you don’t bitch and rant getting to the resolution.

    You don’t believe in process for process sake but you know why it’s needed and how it can enable you.

    Pragmatism is your middle name, you strive to make clients happy but also care about making sure what you do is the right thing for them, not necessarily what they want.

    You’ve worked for a software development agency (not digital). You’ve ideally worked in eCommerce with at least 1 of the top 10 enterprise platforms, eg Magento, Websphere, ATG, Hybris, Demandware.

    You’ll be working in a supportive environment with an experienced team who love what they do. eCommerce is not for the faint-hearted but it is hugely rewarding.

    We’re based in Warrington at the moment and on schedule to open a new office in Manchester end of Q1 2017 where you will then be based.

    The salary matches our expectations and is highly competitive for the right candidate.

    I am linking to some other helpful articles about Project Management Best Practices

    • http://www.techrepublic.com/blog/10-things/10-best-practices-for-successful-project-management
    • https://www.wrike.com/blog/project-management-best-practices-infographic

    Please give me your feedback:

    Twitter https://twitter.com/brentwpeterson Linkedin https://www.linkedin.com/in/brentwpeterson

  • Acquia/Magento partnership: content and commerce combine

    Editors note: This blog post was first featured on DBM.today and was originally posted on November 3rd, 2016

    Acquia and Magento Commerce have joined forces to integrate Acquia’s digital experience portfolio with Magento’s commerce and fulfilment solutions.

    This integration of open-source content and commerce solutions is intended to enable global brands and merchants to take control of the customer journey and deliver highly personalized, content-rich experiences across every touchpoint.

    “Acquia and Magento combine the best attributes of open-source development — agility, speed, innovation and security,” explained Acquia CEO Tom Erickson. “Together, we’re putting the power back in the hands of merchants and brands to allow them to control every pixel of the experience throughout the customer journey.”

    The partnership is promoted as offering B2B and B2C merchants:

    • Personalization at scale: Contextually optimized real-time experiences across the entire customer journey, regardless of device or channel
    • Speed to market: Rapid deployment and management of content-rich commerce experiences
    • Empowered marketers: Allows marketers to own the customer experience and collaborate more closely with merchandisers
    • Flexible integration: Unlimited flexibility to meet any market need or technology configuration

    Magento Commerce CEO Mark Lavelle commented: “The combined power of our respective technologies and our thriving global ecosystems will allow our customers to drive unbridled innovation, engage consumers like never before, and pave the way for the commerce experiences of tomorrow.”

    To enable the solution, Acquia and Magento will integrate the Drupal CMS and Acquia Lift solutions for personalization with Magento’s commerce and order management products to unify content, commerce and context across the customer journey.

  • The Client



    Please read the previous post here Things Change to get context

    Let’s briefly look at what the typical client expects at the end of any project. (This is not meant to be a comprehensive list but a summary of the basic items a customer expects. If you think something should be there please comment on this post. I am always looking for feedback.)

    1. They would like what they like. This may or may not be defined at the start of a project.
    2. They want to know how much it will cost. This almost always must be defined at the start of a project.
    3. The cost has a max. This is ALWAYS true with everyone.
    4. They would like to know when it will be done, but unlike cost, when it will be done may or many not be as important.

    Like what you like but what is it like?

    If everything was a “Yes” and “No” projects would be simple. If there wasn’t complexity and, more importantly, subjectivity, projects would be easy to plan and deliver. The problem is the following:

    Client: “Dear Agency, I would like my website to look like MegaCorp.com” Agency: “Ok we will model some designs to make it look similar to MegaCorp.com” Client: “Please tell me how much it will cost to make it look exactly like MegaCorp and how long it will take.”

    If the agency is not careful they will start the project already failing. The “want” in a subjective environment is the hardest thing to attain and contains the greatest risk. The “want” is something that a young designer could deliver quickly or a seasoned designer may never deliver. The point is that it is very subjective. The “want” is the biggest risk because you don’t know what anyone really wants until you start working. The client may have many ideas in their head about what they want and those ideas change every time they look at the new website. For the agency, this means it is a moving target that can only be achieved once a design is locked down, agreed on by both sides, and signed off on.

    To further complicate things, if the design is something new and if the designer comes up with something revolutionary and fantastic, the inherent complexity of new design will most likely take longer and be more expensive. If they stray far from what Magento can do, the backend estimates for this design will be greatly inflated. This leads some clients to question why. It is the agency's responsibility to have a developer sign off on designs even before a client sees them. If you take a category page for example; The default category page does 80% of what most clients want. The designer may have great ideas but some of the functions they may suggest would require extending the basic functionality of Magento and thus add cost to the project.

    You can see how quickly the design portion of a project can get complicated and you can see why it is important to move from the subjective to the objective. If you have a design that shows what the look will be and then describes what the look will do then you will be able to gauge the effort of that feature much better than just “I like the Google.com page”.

    No Free Lunches

    I recently met with a large enterprise agency and they stated they build in 40% risk to a fixed bid project. In fact, if any agency is not building in some risk then they are providing a disservice to their team as well as their client. The time and materials model works the best if there is a broad budget of what is trying to be accomplished. The fixed bid is a myth and what fixed bid means is the following: I have a bunch or requirements that will never change and I will not want to add anything over the next 12-16 weeks. I have never had a software project where nothing changed. This is the reason that fixed bids are full of risk and that risk is built in. I will stress, if you are a client and reading this, don’t think the risk is something that you want to add. The risk is for something that wasn’t known but could have been, should have been or, at some point in the project, became known.

    Max Headroom

    The idea of a broad budget is, in my opinion, the best way to approach a project. You can section off specific buckets of work and then scope out that work. The risk is balanced over different areas and it will allow the client to see where changes happened and how they impact the project. Design, Development, DevOps, and Data are all big buckets that can sit at the top of your SOW. These buckets can be pared down into smaller segments which will further reduce the risk.

    The Final Countdown

    Of course, everyone wants to know when their project will be done. I think this is the most overlooked area. Once you have hours estimated you can by definition plan on when those hours can be worked. From this, you can plan on how long it will take to carry out the work. Finally, you can build in the time that tickets go back and forth with clients. Once you have that formula you can come up with a launch date. The launch date will help to hold everyone accountable. It not only holds the agency accountable, but it also holds the client accountable to what they need to complete.

    Tomorrow, tomorrow, I’ll finish tomorrow

    As we just discussed, the “when” can easily be estimated and the more you report the “when” the better everyone understands what is holding things up. So the final launch date is set, we are moving towards a date and the client decides they want to wait.

    …and wait

    …and wait

    What do you do?

    Next week we will look at the Agency perspective and see how the waiting and other things can be resolved.

  • Issues with EE 1.14.3 / CE 1.9.3 and Malware Cleanup Recommendations

    This email provides updates on remediating sites impacted by the recent malware attacks and issues with newly-released Enterprise Edition 1.14.3 and Community Edition 1.9.3 software.

    Malware Remediation
    New malware strains impacting Magento sites have recently emerged. On Monday, we shared recommendations for identifying impacted sites and protecting your clients from future attacks. Today, we are posting another article on how to remediate a site that has been compromised by malware. You can find the article in the Security Center at https://magento.com/security/best-practices/remediating-your-site-after-malware-attack. Please review it with your team and share it with your clients.

    Issues with Enterprise Edition 1.14.3 and Community Edition 1.9.3
    Several issues with our most recent Magento 1.x release have been reported. Some affect functionality critical to store operations and we are working on a new release (Enterprise Edition Edition that is tentatively scheduled for the end of next week. Magento is aware of the following issues:

    • Search results return all store products
    • Some integrations using Magento APIs no longer work
    • Bundled product prices do not update
    • Store-specific attribute labels disappear
    • Auto generated passwords do not work for some customers
    • Exceptions appear for stores with disabled breadcrumbs
    • Free shipping sales rules are not calculated correctly
    • PHP warnings occur with the session timestamp variable

    We recommend that merchants wait to upgrade to Community Edition 1.9.3 and Enterprise Edition 1.14.3, and instead apply the latest security patch, SUPEE-8788, which does not have these issues.

    If merchants have already upgraded, are experiencing issues, and cannot wait for the new release, the Magento community has created a module that resolves the issues outlined above. It can be found at https://github.com/digitalpianism/bugfixes. Magento has not tested this module. If you and your clients decide to use it, we recommend you remove the community module and upgrade to Enterprise Edition or Community Edition as soon as they are available.

    Thank you,
    Wagento Team

  • New SUPEE-8788 v3 Patch Available for Enterprise Edition 1.13.0.x

    Security Announcement

    An updated SUPEE-8788 v3 patch for Enterprise Edition 1.13.0.x is now available in the “Security Patches – October 2016” folder in MyAccount. It addresses missing files that prevent many Enterprise Edition 1.13.0.x merchants from successfully deploying the SUPEE-8788 patch .

    If your merchant was unable to apply the SUPEE-8788 patch, they should deploy the version 3 patch. If they already successfully applied the version 2 patch, there is no need to do anything.

    To install the new patch:

    • Revert SUPEE-1533 if it has already been installed.
    • Deploy SUPEE-3941 if it hasn’t already been installed.
    • Install the new SUPEE-8788 v3 patch. This patch includes SUPEE-1533, so there is no need to worry about re-installing it.

    • You can find SUPEE-1533 in the “Security Patches – October 2014” folder and SUPEE-3941 in the “Security Patches – August 2014” folder in MyAccount. More detailed installation instructions are available in DevDocs.

    Thank you,
    Team Wagento

  • Steps You Can Take to Boost Security

    Malware attacks targeting ecommerce sites are on the rise and it has never been more critical for merchants to follow security best practices. In most malware cases we’ve analyzed, attackers are not developing new ways to penetrate Magento sites. Instead, they are taking advantage of existing, unpatched vulnerabilities, poor passwords, and weak ownership and permission settings in the file system.

    To ensure the highest level of security, here are actions you and your clients should take:

    • Set up strong passwords and change them at least every 90 days, as recommended by the PCI Data Security Standard in section 8.2.4. You can check password lifetime setting in the following locations:
    • Magento 2.x: Stores > Configuration > Advanced > Admin > Security > Password Lifetime set to 90 days (default setting)
    • Magento 1.x: System > Configuration > Advanced > Admin > Security > Password Lifetime set to 90 days (default setting)
    • Keep systems up-to-date and install all security patches and updates immediately.
    • Stay informed of new patches by subscribing to Magento security alerts at https://magento.com/security/sign-up.
    • Scan stores monthly on MageReport.com to detect malware and to identify any security patches that may not have been deployed. MageReport.com is a highly-regarded service that is available at no charge.
    • Each month, review all Admin user accounts and remove any that are not recognized, or are no longer valid or active.
    • Verify that the system file permissions are set according to Magento 1 and Magento 2 file permission guidance. Misconfigured permissions may allow attackers to modify Magento code files and inject vulnerabilities into your client’s environment.
    • Check systems for unauthorized programs. For example, check for processes that perform key logging functions and unnecessary processes that are not required for Magento system operation.
    • Make sure your clients put other Magento Security Best Practices in place.

    If you discover that a client’s site has been attacked, immediately clean the site of all malicious code, install any missing patches, and update all Admin passwords. If you think that you have found a specific vulnerability in Magento and can provide more technical details, please report it to security@magento.com.

    Thank you!


    Earlier this week you may have been contacted by your Account Manager, Product Owner or Business Owner about the latest Magento security patch that was released on Tuesday 10/11/2016. Magento security patch SUPEE - 8788 was found to have some issues with earlier versions of Magento EE 1.13 and earlier. Here is the press release for that issue:

    We’d like to make you aware of an issue with our recent security release. The SUPEE-8788 patch for Enterprise Edition 1.13 and earlier versions fails if a store has previously applied SUPEE-1533 or SUPEE-3941 security patches. We are working to correct this issue and will provide new patches in one to three days in the “Security Patches – October 2016” folder in MyAccount. Until then, we are removing these versions of the SUPEE-8788 patch from distribution.


    Updated versions of the SUPEE-8788 patch for Enterprise Edition and Community Edition are now available. The Enterprise Edition patch is in the “Security Patches – October 2016” folder in MyAccount. The Community Edition patch is available in the Release Archive of the Community Edition Download Page.

    The new patch addresses two issues:

    • Removes compatibility issues with SUPEE-1533 and SUPEE-3941 security patches experienced by merchants using Enterprise Edition 1.13 and earlier and Community Edition 1.8 and earlier releases.
    • Resolves issues with some 3rd party payment methods during checkout.
    Installation process:

    • Revert SUPEE-8788 if you have already installed it.
    • Revert SUPEE-1533 if you have already installed it.
    • Deploy SUPEE-3941 if it hasn’t already been installed.
    • Install the new SUPEE-8788 v2 patch. This patch includes SUPEE-1533, so you don’t need to worry about re-installing it.

    You can find SUPEE-1533 in the “Security Patches – October 2014” folder and SUPEE-3941 in the “Security Patches – August 2014” folder in MyAccount and in the Release Archive of the Community Edition Download Page.

  • Upcoming Magento 1.x and 2.x Releases Provide Critical Security and Functional Updates

    Get Ready to Assist Clients

    To help you better serve your clients, we are providing a preview of important Magento releases scheduled for Tuesday, October 11, 2016. This information should be kept confidential and should not be shared or discussed publicly until the release date.

    Enterprise Edition 1.14.3 and Community Edition 1.9.3 deliver over 120 quality improvements, as well as support for PHP 5.6. They also resolve critical security issues, including:

    • Remote code execution vulnerabilities with certain payment methods
    • Possibility of SQL injections due to Zend Framework library vulnerabilities
    • Cross site scripting (XSS) risks with the Enterprise Edition private sale invitation feature
    • Improper session invalidation when an Admin user logs out
    • The ability for unauthorized users to back up Magento files or databases

    The SUPEE-8788 patch addresses these security issues in earlier Magento versions. Functional update details and installation instructions will be available Tuesday in the Enterprise Edition and Community Edition release notes; a full list of security updates will also be published Tuesday in the Magento Security Center.

    Updates to Magento 2 software address the same critical security issues described above. Additionally, the releases make several functional improvements and API enhancements. New API methods allow 3rd party solutions, such as shipping or ERP applications, to use APIs to transition an order state when they create an invoice or shipment. Magento 2.1.2 now also includes PHP 7.0.4 support and Magento 2.0.10 and 2.1.2 are compatible with MySQL 5.7. A summary of improvements will be available in the release notes on Tuesday; all security updates will also be listed Tuesday in the Security Center.

    We strongly encourage you to work with your clients to implement these releases immediately, as attackers may target merchants who are slow to patch these issues. Updates should be installed and tested in a development environment before being put into production. Also, please use this occasion to do a security assessment of your clients’ systems in accordance with our Security Best Practices.

    Thank you for your continued cooperation and support.

1-10 of 103

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. ...
  7. 11