• What I've learned about Magento 2 so far - Repost

    This is a repost of a Fooman blog. You can view the actual article here

    It's hard to believe that Magento 2 turned one this month. In the developer community we're finally starting to get a solid understanding of the quirks, opportunities and stability of the platform.

    I've spent most of this year re-writing Fooman Magento 1 extensions from the ground up. Learning the ins and outs of M2 has been a real labour of love. But these development hours have taught me a lot that I want to share with the #realmagento community in our new email series.

    Fooman's new Developer Monthly will hit your inbox with:

    • Our take on what's happening in the world of Magento
    • Tips & tricks: what we're learning
    • Developer Q&A: sharing what our users are learning about Magento 2

    Hope you find it useful. Send a quick reply to let me know what you think.

    What two years developing Magento 2 extensions has taught me Whether you write custom modules for individual clients or are aiming for the Magento Marketplace - M2 extension development is a whole new game. I've learned a heck of a lot rebuilding Fooman's M1 extensions from the ground up to be M2 compatible, and share six ways you can write better M2 extensions. Read more.

    Being a Magento extrovert is challenging Rebecca Troth shares a great read about overcoming fears to get involved in the #realmagento community. I suspect a lot of us can relate to this. Read more.

    Magento 2: UI Components UI Components are probably the most under-documented new feature in M2, but are a powerful feature we all will need to learn how to use. What I am currently hearing from Magento is that there will be even more UI Components coming to Magento 2. Alan Storm has started an excellent series digging into UI Components with this post.


    You can run Magento 2 in three different modes: default, developer and production. Magento 2 allows you to define which mode to run via a server variable (MAGE_MODE).

    My advice: don't bother setting MAGE_MODE on the server environment level unless you are absolutely sure you'll never need to change the mode. Find out what to do instead.


    So far you can download 4 free Magento 2 extensions:

    The following paid extensions are also available on M2:

    Stay tuned for new releases (including Fooman Surcharge, which is right around the corner).

  • What we expect in a Project Manager



    This article is a continuation of my series of articles around customer expectations. After reading the article from Pam Ravenscroft from Space 48, "Project Managers, where the hell are you all?", I got thinking about how important that the PM/PO's understand what they should be doing. More importantly, what are their priorities if they could only accomplish a certain amount of things in a week. The list I came up with is by no means a complete list. It is the list I came up in my head on during my 2-minute shower on November 15, 2016, my 5-minute drive to work and finally after reading Pam's article. (Yes I know, too much detail.)

    Scenario: PM/PO has to do make sure certain things get done during a one week period.

    So if we had to deliver something in a week, what would that be? The deep dive on this exercise is to get the PM/PO to ask certain questions that have to get answered. By asking the questions they can then enable themselves to deliver objective information to the client.

    He is my incomplete list, it is broken into two parts. Client communication and team communication. You will see that team questions will answer the client questions.

    1. How long do we still have to spend on the feature?
    2. What is our capacity this week and are we on track to deliver on time?
    3. Have changes impacted the timeline?
    4. Are we working on features we can work on while still getting requirements for additional features?
    1. What is the due date of the feature?
    2. How long have we spent on the feature?
    3. How long do we still have to spend on the feature?
    4. What are the changes on this feature and do they impact the timeline?
    5. Have you communicated this to the client? (REPORTS!)
    6. Have you spoken to the client this week about how they feel about the project?

    Hopefully, from the simple list of questions, we can learn all the things we need to know to communicate to the client. The communication needs to happen on a weekly basis and the more you can help the client understand when something has changed the better. So a great example is when you find that some feature will take longer than first estimated. This should be communicated the minute you as the project manager found out.

    So now, we had the subjective portion to project management. For this, I want to turn to Pam and her recent article. To effectively answer the questions and in-turn deliver those answers to the client some skills are needed. I only want to add three requirements to Pam's list.

    1. Are you organized?
    2. Are you a planner?
    3. Can you demonstrate the first two questions?

    For our own plug: We are based in Minneapolis, Cochabamba, Mexico City, and Ahmedabad. We have REAL offices in each of these cities staffed by REAL Wagento folks who care passionately about their jobs. We are hiring in all of our locations.

    Space 48's Article Excerpt

    The complete article is again linked here Now the real requirements

    You get your kicks out of a fast-paced environment, and I don’t mean disorganised, I mean busy!

    You absorb pressure like a sponge. I don’t mean you’re a punch bag for clients, I mean you can handle it, it’s all in a day’s work. If you hadn’t chosen a role in project management, you’d be a high-flier in the UN.

    Problems, you love problems, well you love solving them. That doesn’t mean its nothing but problems, but lets not kid ourselves they do happen but you can deal with them. That doesn’t mean you don’t bitch and rant getting to the resolution.

    You don’t believe in process for process sake but you know why it’s needed and how it can enable you.

    Pragmatism is your middle name, you strive to make clients happy but also care about making sure what you do is the right thing for them, not necessarily what they want.

    You’ve worked for a software development agency (not digital). You’ve ideally worked in eCommerce with at least 1 of the top 10 enterprise platforms, eg Magento, Websphere, ATG, Hybris, Demandware.

    You’ll be working in a supportive environment with an experienced team who love what they do. eCommerce is not for the faint-hearted but it is hugely rewarding.

    We’re based in Warrington at the moment and on schedule to open a new office in Manchester end of Q1 2017 where you will then be based.

    The salary matches our expectations and is highly competitive for the right candidate.

    I am linking to some other helpful articles about Project Management Best Practices

    • http://www.techrepublic.com/blog/10-things/10-best-practices-for-successful-project-management
    • https://www.wrike.com/blog/project-management-best-practices-infographic

    Please give me your feedback:

    Twitter https://twitter.com/brentwpeterson Linkedin https://www.linkedin.com/in/brentwpeterson

  • Acquia/Magento partnership: content and commerce combine

    Editors note: This blog post was first featured on DBM.today and was originally posted on November 3rd, 2016

    Acquia and Magento Commerce have joined forces to integrate Acquia’s digital experience portfolio with Magento’s commerce and fulfilment solutions.

    This integration of open-source content and commerce solutions is intended to enable global brands and merchants to take control of the customer journey and deliver highly personalized, content-rich experiences across every touchpoint.

    “Acquia and Magento combine the best attributes of open-source development — agility, speed, innovation and security,” explained Acquia CEO Tom Erickson. “Together, we’re putting the power back in the hands of merchants and brands to allow them to control every pixel of the experience throughout the customer journey.”

    The partnership is promoted as offering B2B and B2C merchants:

    • Personalization at scale: Contextually optimized real-time experiences across the entire customer journey, regardless of device or channel
    • Speed to market: Rapid deployment and management of content-rich commerce experiences
    • Empowered marketers: Allows marketers to own the customer experience and collaborate more closely with merchandisers
    • Flexible integration: Unlimited flexibility to meet any market need or technology configuration

    Magento Commerce CEO Mark Lavelle commented: “The combined power of our respective technologies and our thriving global ecosystems will allow our customers to drive unbridled innovation, engage consumers like never before, and pave the way for the commerce experiences of tomorrow.”

    To enable the solution, Acquia and Magento will integrate the Drupal CMS and Acquia Lift solutions for personalization with Magento’s commerce and order management products to unify content, commerce and context across the customer journey.

  • Issues with EE 1.14.3 / CE 1.9.3 and Malware Cleanup Recommendations

    This email provides updates on remediating sites impacted by the recent malware attacks and issues with newly-released Enterprise Edition 1.14.3 and Community Edition 1.9.3 software.

    Malware Remediation
    New malware strains impacting Magento sites have recently emerged. On Monday, we shared recommendations for identifying impacted sites and protecting your clients from future attacks. Today, we are posting another article on how to remediate a site that has been compromised by malware. You can find the article in the Security Center at https://magento.com/security/best-practices/remediating-your-site-after-malware-attack. Please review it with your team and share it with your clients.

    Issues with Enterprise Edition 1.14.3 and Community Edition 1.9.3
    Several issues with our most recent Magento 1.x release have been reported. Some affect functionality critical to store operations and we are working on a new release (Enterprise Edition Edition that is tentatively scheduled for the end of next week. Magento is aware of the following issues:

    • Search results return all store products
    • Some integrations using Magento APIs no longer work
    • Bundled product prices do not update
    • Store-specific attribute labels disappear
    • Auto generated passwords do not work for some customers
    • Exceptions appear for stores with disabled breadcrumbs
    • Free shipping sales rules are not calculated correctly
    • PHP warnings occur with the session timestamp variable

    We recommend that merchants wait to upgrade to Community Edition 1.9.3 and Enterprise Edition 1.14.3, and instead apply the latest security patch, SUPEE-8788, which does not have these issues.

    If merchants have already upgraded, are experiencing issues, and cannot wait for the new release, the Magento community has created a module that resolves the issues outlined above. It can be found at https://github.com/digitalpianism/bugfixes. Magento has not tested this module. If you and your clients decide to use it, we recommend you remove the community module and upgrade to Enterprise Edition or Community Edition as soon as they are available.

    Thank you,
    Wagento Team

  • New SUPEE-8788 v3 Patch Available for Enterprise Edition 1.13.0.x

    Security Announcement

    An updated SUPEE-8788 v3 patch for Enterprise Edition 1.13.0.x is now available in the “Security Patches – October 2016” folder in MyAccount. It addresses missing files that prevent many Enterprise Edition 1.13.0.x merchants from successfully deploying the SUPEE-8788 patch .

    If your merchant was unable to apply the SUPEE-8788 patch, they should deploy the version 3 patch. If they already successfully applied the version 2 patch, there is no need to do anything.

    To install the new patch:

    • Revert SUPEE-1533 if it has already been installed.
    • Deploy SUPEE-3941 if it hasn’t already been installed.
    • Install the new SUPEE-8788 v3 patch. This patch includes SUPEE-1533, so there is no need to worry about re-installing it.

    • You can find SUPEE-1533 in the “Security Patches – October 2014” folder and SUPEE-3941 in the “Security Patches – August 2014” folder in MyAccount. More detailed installation instructions are available in DevDocs.

    Thank you,
    Team Wagento

  • Steps You Can Take to Boost Security

    Malware attacks targeting ecommerce sites are on the rise and it has never been more critical for merchants to follow security best practices. In most malware cases we’ve analyzed, attackers are not developing new ways to penetrate Magento sites. Instead, they are taking advantage of existing, unpatched vulnerabilities, poor passwords, and weak ownership and permission settings in the file system.

    To ensure the highest level of security, here are actions you and your clients should take:

    • Set up strong passwords and change them at least every 90 days, as recommended by the PCI Data Security Standard in section 8.2.4. You can check password lifetime setting in the following locations:
    • Magento 2.x: Stores > Configuration > Advanced > Admin > Security > Password Lifetime set to 90 days (default setting)
    • Magento 1.x: System > Configuration > Advanced > Admin > Security > Password Lifetime set to 90 days (default setting)
    • Keep systems up-to-date and install all security patches and updates immediately.
    • Stay informed of new patches by subscribing to Magento security alerts at https://magento.com/security/sign-up.
    • Scan stores monthly on MageReport.com to detect malware and to identify any security patches that may not have been deployed. MageReport.com is a highly-regarded service that is available at no charge.
    • Each month, review all Admin user accounts and remove any that are not recognized, or are no longer valid or active.
    • Verify that the system file permissions are set according to Magento 1 and Magento 2 file permission guidance. Misconfigured permissions may allow attackers to modify Magento code files and inject vulnerabilities into your client’s environment.
    • Check systems for unauthorized programs. For example, check for processes that perform key logging functions and unnecessary processes that are not required for Magento system operation.
    • Make sure your clients put other Magento Security Best Practices in place.

    If you discover that a client’s site has been attacked, immediately clean the site of all malicious code, install any missing patches, and update all Admin passwords. If you think that you have found a specific vulnerability in Magento and can provide more technical details, please report it to security@magento.com.

    Thank you!


    Earlier this week you may have been contacted by your Account Manager, Product Owner or Business Owner about the latest Magento security patch that was released on Tuesday 10/11/2016. Magento security patch SUPEE - 8788 was found to have some issues with earlier versions of Magento EE 1.13 and earlier. Here is the press release for that issue:

    We’d like to make you aware of an issue with our recent security release. The SUPEE-8788 patch for Enterprise Edition 1.13 and earlier versions fails if a store has previously applied SUPEE-1533 or SUPEE-3941 security patches. We are working to correct this issue and will provide new patches in one to three days in the “Security Patches – October 2016” folder in MyAccount. Until then, we are removing these versions of the SUPEE-8788 patch from distribution.


    Updated versions of the SUPEE-8788 patch for Enterprise Edition and Community Edition are now available. The Enterprise Edition patch is in the “Security Patches – October 2016” folder in MyAccount. The Community Edition patch is available in the Release Archive of the Community Edition Download Page.

    The new patch addresses two issues:

    • Removes compatibility issues with SUPEE-1533 and SUPEE-3941 security patches experienced by merchants using Enterprise Edition 1.13 and earlier and Community Edition 1.8 and earlier releases.
    • Resolves issues with some 3rd party payment methods during checkout.
    Installation process:

    • Revert SUPEE-8788 if you have already installed it.
    • Revert SUPEE-1533 if you have already installed it.
    • Deploy SUPEE-3941 if it hasn’t already been installed.
    • Install the new SUPEE-8788 v2 patch. This patch includes SUPEE-1533, so you don’t need to worry about re-installing it.

    You can find SUPEE-1533 in the “Security Patches – October 2014” folder and SUPEE-3941 in the “Security Patches – August 2014” folder in MyAccount and in the Release Archive of the Community Edition Download Page.

  • Upcoming Magento 1.x and 2.x Releases Provide Critical Security and Functional Updates

    Get Ready to Assist Clients

    To help you better serve your clients, we are providing a preview of important Magento releases scheduled for Tuesday, October 11, 2016. This information should be kept confidential and should not be shared or discussed publicly until the release date.

    Enterprise Edition 1.14.3 and Community Edition 1.9.3 deliver over 120 quality improvements, as well as support for PHP 5.6. They also resolve critical security issues, including:

    • Remote code execution vulnerabilities with certain payment methods
    • Possibility of SQL injections due to Zend Framework library vulnerabilities
    • Cross site scripting (XSS) risks with the Enterprise Edition private sale invitation feature
    • Improper session invalidation when an Admin user logs out
    • The ability for unauthorized users to back up Magento files or databases

    The SUPEE-8788 patch addresses these security issues in earlier Magento versions. Functional update details and installation instructions will be available Tuesday in the Enterprise Edition and Community Edition release notes; a full list of security updates will also be published Tuesday in the Magento Security Center.

    Updates to Magento 2 software address the same critical security issues described above. Additionally, the releases make several functional improvements and API enhancements. New API methods allow 3rd party solutions, such as shipping or ERP applications, to use APIs to transition an order state when they create an invoice or shipment. Magento 2.1.2 now also includes PHP 7.0.4 support and Magento 2.0.10 and 2.1.2 are compatible with MySQL 5.7. A summary of improvements will be available in the release notes on Tuesday; all security updates will also be listed Tuesday in the Security Center.

    We strongly encourage you to work with your clients to implement these releases immediately, as attackers may target merchants who are slow to patch these issues. Updates should be installed and tested in a development environment before being put into production. Also, please use this occasion to do a security assessment of your clients’ systems in accordance with our Security Best Practices.

    Thank you for your continued cooperation and support.

  • Security Announcement - New SQL Injection Vulnerability

    Third-Party Themes and Extensions Are at Risk

    We recently learned that an SQL injection vulnerability has been found in several third-party themes and extensions. Extensions with the vulnerability include:

    • EM (Extreme Magento) Ajaxcart
    • EM (Extreme Magento) Quickshop
    • MD Quickview
    • SmartWave QuickView

    These extensions are used in several different themes, including Porto, Trego, and Kallyas from SmartWave. Other SmartWave themes may also be at risk. Vulnerable EM modules are used in some EM themes. The core Magento application is not impacted in any way by this vulnerability.

    We’ve received reports that the SQL injection vulnerability is potentially being exploited. If you currently use these extensions or themes, you should immediately contact the company from which you purchased the extensions or themes to request updated code. We understand that Themeforest, part of Envato Market, has already removed the vulnerability from the Porto theme, but the status of other themes and extensions is unknown.

    It is also important for you to evaluate all your Magento administrator accounts to make sure there are no unknown users and to reset all your administrator passwords. Please review the Magento Security Best Practices for more information on how to secure your site and use magereport.com to scan your site for missing patches or known issues.

    This update is part of our ongoing commitment to advise our merchants on security issues as we become aware of them. We thank you for your attention to this matter.

    Thank you.

  • We Are Magento: Imagine 2016 Highlights And Recaps

    Magento Imagine 2016 has wrapped and it appears that everyone survived! Albeit a little bit tired and a little less money in the bank, it was otherwise a success and a great time! The theme this year was "We Are Magento" and it was embraced by all who attended. This was Magento's first Imagine as an independent company so it was exciting that they celebrated the diversity, creativity, and shared passion of the thriving global community of engineers, entrepreneurs, investors, and inventors—from the trailblazing merchants who know exactly the kind of customer experience they want to create, to the technologists and innovators who help them realize their vision. Magento made some important announcements about how Magento Commerce continues to innovate to support this global community. Of course Magic Johnson wowed the crowd Tuesday night, and the parties are always fabulous, but here are other key highlights. Enjoy!

    Magento News

    Recognizing Excellence Across Our Ecosystem

    Imagine is all about recognizing the best among our merchants, partners and developers. We kicked off with awards for our incredible Magento Masters, representing the 20 most active members of the Magento developer community. Our very own Brent Peterson is right in the middle of the picture in a bright blue shirt!!

    Magento Masters

    At Imagine 2016 we talked a lot about the trailblazers of commerce. We honored the winners of the 2016 Imagine Excellence Awards, recognizing the exceptional creativity, innovation and success of merchants across the global Magento ecosystem. These trailblazing merchants who are conquering the wild country of commerce with Magento inspire us all.

    Fun Stuff and Events

    #PreImagine Cocktail Party hosted by @interactive4’s @ignacioriesco, and @magentogirl Fun was had by all!

    The Big Dam Run - which was hosted by Wagento. Rumor has it that the run was the best part of Imagine ;)

    Big Dam Run

    Lots of exciting things are happening with Magento over the next year - Cloud, B2B, Magento 2.1 (to be released in June), plus lots more! Everyone walked away from the conference with an energy and an excitement to improve Magento further and bring better technology and features to our clients sites. Here's to 2016 being an amazing year for Magento and our clients and always looking forward the next Magento Imagine! :)

1-10 of 33

  1. 1
  2. 2
  3. 3
  4. 4