Niche wanted a website that would sell their shampoos, conditioners and other products to consumers and inform potential business partners about options to buy bulk, get samples, and set up long-term relationships. The store site had to be scalabe, easy to maintain, and convenient to tune for SEO – you’ve got to be liked by Google if you want to be noticed on the web.

We built a flexible, SEO-optimizable, modern online store for our customer based on Django and Satchmo. Satchmo is one of the most popular Python-based ecommerce frameworks. Built on top of Django, arguably the most elegant web application engine, it provides web developers with a way to quickly create scalable, flexible eCommerce systems. For dynamic features on the browser side, we used jQuery, of course.

Here’s how Satchmo, Django, jQuery and other tools have enabled us to quickly create a functional, dynamic website that acts both as a CMS and an eCommerce system, and is easy to manage by its owners.

Security

For an online store, this is the most important factor. If you do everything else on your eCommerce website right, but ignore security, you will end up harming your customers, hurting your reputation, losing money, potentially destroying your business beyond repair. So we’ve got to think about security first. Because of the way Django application model is designed, it facilitates creation of secure websites more than many other popular web technologies. Built-in features such as cross-site forgery protection help save development time and allow everyone involved to focus on the real business goals of the project, instead of worrying about every detail. Satchmo allows to integrate the online store with a variety of payment gateways, and encourages a well-though-through, safe approach to handling payments and customer information.

Flexibility

To successfully sell products from your website, you need complete control over all the aspects of the site. With Django, we can tune everything: the way URLs of the website are organized, the appearance of the pages (Django has a powerful templating system), the database, caching system, admin features, and so on. Satchmo gave us great flexibility in choosing payment methods, automating shipping cost calculations,
generating PDF documents (invoices, shipping labels), and managing custom discounts.

Unique Design

I’ve already mentioned the powerful support for page templates that comes with Django. Django templates allow designers and programmers to collaborate in a productive fashion, without worrying about each other’s parts in the process. Unlike older web programming technologies, such as ASP or PHP, Django templates enable us to work on the visual aspects of a site independent from the server-side data management. Likewise, changes to business rules or logic on the server can happen without wreaking havoc on the visual side of things. This separation of concerns allows our graphic design team to focus on the presentation aspects of the site and create unique, usable pages, while the programmers implement the logic of the application.

Updates

How easy or difficult it is to update your site’s content and design can define your site’s success or failure in the long run. New products, new information, new ways to present it – all this must be easy to do on your site if you want it to perform well. With Django and its templating system, your website’s design is organized in a hierarchy. This makes it very convenient to update overall design and layout of the site. Changing things like header or footer on all pages uniformly, adding a sidebar, or popping a message about special offer – with well-organized page templates, these things do not cause trouble. In fact, with this online store project, we went though several revisions of overall design and layout, without interrupting the functionality of live website.

Payment System

Satchmo has built-in support for major payment gateways, such as Authorize.net, PayPal, and a handful of others. It also provides a straightforward way to add new payment plugins. So, when we found we needed to add support for MiraPay, a Canadian merchant service, we simply added a plugin that implemented MiraPay’s API. Satchmo allows site creators to have multiple payment methods, which is a great thing – many customers are expecting to be able to pay through their PayPal account, while others prefer to use direct credit card payment.

Shipping Cost Calculation

Evaluating the cost of shipment is not a trivial task. Satchmo has great plugins for this, able to communicate directly with carrier companies to get a precise price for each shipment. As with other aspects of commerce, shipping with Satchmo can be easily customized to implement any specific rules that apply to a given business. Out of the box, it supports integration with the following carriers:

• UPS
• Fedex
• USPS
• Canada Post
• Flat rate shipping
• Multi-tiered shipping based on quantity or price
• Per item shipping cost

Discounts, Special Offers, Coupons

Satchmo comes pre-packaged with support for discounts and coupons. Default templates provide a nice starting point for showing discount information, giving the customer information about special offers, handling the whole process gracefully and correctly (the most important part). Customizing Satchmo templates proved to be a pretty straightforward process, and we were able to take full advantage of its support for coupon codes and specials. Again, this area is extensible, and if your website, like our case here, needs special custom rules for discounts, it’s convenient to implement them using Satchmo.

Custom Products

Some of the products our client sells through the website are customizable – you can choose certain options before purchasing, and the price adjusts accordingly. This is where Satchmo proved most helpful. In fact, it supports several flavours of customizability – as long as you know what you need, you can get it with Satchmo.

Subscription-Based Products and Downloadable Producst

Although we did not use subscriptions in this project, and downloading a bottle of shampoo is not quite yet possible with today’s technology, it’s worth mentioning these Satchmo capabilities here. Satchmo can just as easily sell your ebooks or software, or a paid subscription to monthly market insider tips, as it sells conditioners.

In short, as a web development company, we are excited that such high-quality frameworks as Django and Satchmo exist in open-source world. This gives is the power to solve our customers’ problems elegantly, with confidence and speed.

Contact DesignPractica to discuss your eCommerce or custom web project. We give free estimates.

Vancouver, BC Nov 25, 2011 – DesignPractica, a company that specializes in web development and support, after its experience with recent WordPress attacks, shares the expertise through its new offer to restore and secure WordPress-based websites.

DesignPractica has been building and supporting websites and dynamic web applications since 2009. Its team of professionals is now providing additional support for owners of sites who suffered from hacker attacks against WordPress plugins.

According to internet security agencies, such as SpiderLabs, there are 1.2 million websites that were affected by the latest attack. “We’ve had our share of trouble with this vulnerability, and now we want to share what we learned so that other can benefit from our efforts”, says DesignPractica founder Vlad Orlenko.

For additional information about WordPress vulnerabilities, restoring your website and security help, contact Vlad Orlenko at vlad@designpractica.com or visit www.designpractica.com.

(as seen in all major online news outlets)

Vancouver, BC Nov 21, 2011 – DesignPractica has been creating and maintaining custom websites for small businesses in Greater Vancouver area for several years. Now, in addition to offering WordPress, Django and Google Application Engine websites, DesignPractica also provides support and development services with all top open-source and hosted eCommerce and CMS systems, such as Magento, Drupal, Volusion, Shopify, Satchmo and others, for small, medium and large businesses in the greater Vancouver region. Adding ecommerce for website has become a necessary feature of modern online presence, and DesignPractica is increasing its efforts to satisfy the demand.

DesignPractica has a successful history of helping local manufacturers, farmers, restaurants and entrepreneurs with web design and custom web application development. Over the years, it has accumulated expertise and gathered brilliant talent in its distributed team of designers, analysts, marketers, and programmers. Now it is stepping up its effort to deliver the best web products that can be created with today’s top technical tools to local Vancouver businesses. The solutions DesignPractica provides allow customers to add ecommerce for software products, traditional goods, subscription services and more.

“We feel that by providing best tools available on the market, such as Magento eCommerce framework, we can bring great value to local businesses looking to build new sales channels and to take advantage of online marketing”, says Vlad Orlenko, founder of DesignPractica. “But instead of pushing a single solution to every customer, we begin with analyzing the needs of every particular business that works with us — not everyone requires the same product, and personalized approach to eCommerce and CMS in today’s complex world is our great strength”.

Combining the advantages of global team and local business presence, DesignPractica sets an ambitious goal of building dozens of modern, efficient internet stores that will appeal to the public and provide strong sales for the business owners over the next months, starting this Christmas season. Introduction of ecommerce for websites that did not previously have it is a welcome news.

For additional information about eCommerce and CMS development services provided by DesignPractica, contact Vlad Orlenko at vlad@designpractica.com or visit www.designpractica.com.

(as seen in all major online news outlets)

The online store that we build for you serves one goal: bring you lots of sales. But to achieve this seemingly simple task, it takes a lot of knowledge, skills and experience.

The store has to automate all the parts of the process that can be automated, such as creating invoices and shipping labels, calculating shipping costs and taxes, offering the right discounts and encouraging customers to buy related products.

We always build our sites with search engine optimization (SEO) in mind. Things like standards-based layout and styling, customizable titles and headers, easily-editable content are absolutely necessary for promoting your site with Google, Bing and Yahoo, and we make sure your online store gives you all that today’s web is capable of.

Depending on the business you’re in, we’ll suggest a suitable set of options for online sales.

For example, if you already have a working website with a healthy amount of traffic to it, you do not want to lose all the work that went into it and start from scratch. Fortunately, the powerful tools we use allow us to add e-commerce features to an existing website without interrupting the service or interfering with the relationships you already have with your customers.

If you are planning to build a new online store, we’ll help you choose from the multitude of available technologies and tools (which can be quite overwhelming) the right ones for the job, ensuring fast delivery and cost-effectiveness and easy maintenance in the future. Our goal is to design an approach that will work best while adding the benefits of ecommerce for website that you are either building from scratch or updating.

The main benefit of creating a customized online store is that you have full control over the behavior and appearance of your virtual storefront. You can manage the discounts and shipping the way you like it, customize product information in precisely the manner that maximizes your conversion rate, and optimize your site for search engines so that you know you are getting the maximum benefit out of your “automated sales engine”.

We work with a wide variety of popular e-commerce systems:

• Magento
• Satchmo
• Shopify
• OpenCart
• WP e-Commerce
• Volusion
• osCommerce
• UberCart
• ZenCart
• and many more…

In any web-related project, but especially in online sales, tracking statistics about your visitors is absolutely necessary. That’s why we always include Google Analytics with all the sites that we build. Additional reporting is available depending on the e-commerce framework that is chosen for a particular project, and we help you take full advantage of that.

We also integrate your site with social networks — Facebook, Twitter, FourSquare, Google Plus, etc., and help you make first steps in SEO for your online store — from optimizing the content and format of the site to registering in directories and building links.

In addition to the technical aspects of building the system for you, we take training and education very seriously. We provide instructional videos for our clients, showing how to manage their website by example, which is the best way to learn.

So, in short, here’s our secret sauce: we combine the power of industry-standard CMS frameworks and proven e-commerce solutions with custom design and programming, add generous amounts of uncompromising focus on your business and your clients, and produce great value for you and your company.

To get a free estimate for your e-commerce project, please leave a reply below, or drop us a call at 604-200-3537.

We are doing our best creating Django applications in Coquitlam, Burnaby, Port Moody, and the whole Greater Vancouver.

• First, we listen to you to understand what exactly you need to build. We ask lots of questions about your purposes for the project, the way different people will be using it, the other systems it will interact with. We can meet in person, if you are located in Vancouver area, or talk by phone, Skype, IM – whatever works best for you. (Just drop us a message about the project, and we’ll get back to you on the same day.)
• We make an estimate of the project, for free. You get a detailed list of steps covering the entire project, from analysis and design to implementation details, sketches or examples of design, and an approximate evaluation of the cost. We strive to use fixed estimates and stick to them wherever possible, because this is the most comfortable way for you, our customer. However, if there’s a significant change of plans during the course of the project, we’ll re-estimate as we go.
• Once we’ve agreed on the plan of action, we take a deposit and begin to implement your web application. We focus on early visibility and constant interaction with the customer, so that you can see what is being built, you can test-drive it, and get all the important details and clarifications to us.

Different projects require different sets of instruments. In our custom development work, we use a very wide variety of tools and technologies. We love open-source tools such as Django web application framework, Satchmo online store engine, CMS frameworks — from WordPress and Drupal to Magento and Django-CMS, Ruby/Rails, JQuery, Sencha, etc. We also use .NET, mobile frameworks, and desktop and mobile development tools for Linux, Windows and Mac.

Contact us to discuss your custom project. You’ll be glad you did.

So, my site got hacked. No, scratch that. All of my WordPress sites got hacked. No, that’s not right either. All of my WordPress sites got hacked twice. I’ve repaired it all, prepared the sites for the next vulnerability, and now I’m ready to share my regrets and shame, but mostly experience and tools.

While nobody can guarantee that a WordPress site is not going to be hacked again, there are a few things we can do to lower the risk and make it much easier to bounce back when this happens.

Backups, man! Do you have a recent backup of your site? How long will it take you to get back in the game if you start seeing, all of a sudden, pop-up ads for penis enlargement on your blog? Backups, man, backups. Back up your data, your plugins, your custom styles, everything. Store your backups off-site. All of this is common sense, but most of us start taking this stuff seriously only after a disaster.

At the end of this post, there’s a script that makes backing or restoring a WordPress site a one-step process. But if your site is hacked and you need to go through all the steps before creating the first clean backup, read on.

Step 1: Scan your PC

Often malware is introduced to a website through an infected Windows machine that you use to manage the site. Update your antivirus software and do a full scan of your computer. You want to be sure that your local computer is clean before you start repairing your website from it.

If you do not have an antivirus, AVG is good choice. They have a free version, and the prices for the paid license are very reasonable.

Some malware is very good at hiding from certain types of antivirus software. If you already have an antivirus, it may be a good idea to double-check and scan your PC with another type of antivirus.

Step 2: Verify that your site is infected

How can you be sure that your site has been hacked and has malware? How can you check which of your sites are clean and which are infected? Use an online site scanner. Scan every one of your websites before you start cleaning them up, and repeat the scan as you progress through the steps to restore sanity. Make it a habit to re-scan your sites regularly, or subscribe to Sucuri Monitor or a similar service.

Step 3: Back up your website

Although your site is infected, you still want to keep a copy of all its data and files for reference, at least until you make sure that all is back to normal.

Make a backup copy of your website’s files. If you have SSH access to your hosting provider, copy the entire directory containing your site into a backup location. If you use another way to access your files (such as SFTP, FTP, or web-based file manager), download the whole directory of the site.

Back up the database your site uses. In WordPress, you can download the content through “Tools > Export > All content” in the admin dashboard. Or, preferably, use a command line to export the whole database.

I’ve created a useful script that does both of these steps for a WordPress site automatically (it’s at the end of this article).

Step 4: Talk to your hosting provider

Most likely, the issue affects more than just your website, and your hosting provider is already aware of the problem. Most hosting companies back up their customers’ data regularly, and if your site was infected recently, they can simply restore it to a previous point, when it was not yet infected. They can also help you identify and fix the vulnerability that led to the problem in the first place. If you are lucky and your hosting support rocks, things will be back to normal before you know it. For the rest of us, there are next steps.

Step 5: Try Surgical Repair

This does not always work, but it’s worth a try. If you know the kind of attack that led to the site’s infection with malware (e.g. the infamous TimThumb vulnerability), and you can find good documentation on how the attack works, you can try to clean up the affected PHP files. There are a few WordPress plugins that can help. After every change you make, verify whether the site is infected (use Sucuri Scanner) and if it’s clean, verify that it works. It did? Congratulations! You’re done.

However, this method does not always work (as malware writers are coming up with new ways to hide malicious code), and sometimes you’ll have to scrap all code and install a clean copy.

Step 6: Disable the infected site

Sigh, so you’ve tried to remove the bad code from PHP source, and the site is still broken. You’ll need to set up the WordPress, the theme and plugins from clean slate, re-import the data, and monitor the whole process so that you know at the end of the process your site is clean and fully-functional.

To begin, let’s completely isolate the site from the outside world. The malware that got injected into your site could be acting as a backdoor, bringing more malware in. To prevent the malicious code from re-infecting the site while you’re cleaning it up, temporarily close it down.

A simple way to disable a site that runs under Apache (which WordPress does) is to add a rewrite rule into .htaccess file in the site’s directory, redirecting all requests to a temporary “your site is undergoing maintenance” page.

RewriteEngine on
rewriterule ^(.*)$ http://example.com/maintenance.html [r=301,nc]

(You’ll need to set up the maintenance page somewhere outside of your site, of course).

Now open your website in browser — you should see the maintenance message instead of the site itself.

What have you achieved so far? Your data is backed up, you’re sure that your local machine will not infect the website and you’ve isolated the site from the outside world. Now you’re ready to begin the cleanup.

Step 7: Change Passwords

Change all the passwords. Don’t leave the bastards a chance.

Don’t forget to go through all of the passwords that may have leaked:

• SSH password
• Hosting Control Panel password
• FTP password
• Database password for every database accessible to your account

Step 8: Complete Clean Up

This part will have to be repeated for every website you are repairing. With the right tools (such as the backup/restore script below), it takes about an hour or two per site. Not too terrible.

1. Create a fresh WordPress application instead of the temporarily-disabled site. Use the newest version of WordPress and a new database.
   • At this point, your WordPress should be working and free of malware. Check for malware — if it’s there, you’ve got a problem. Either your PC is infected, or you have a more serious issue on the server. Stop here, call support, run a virus scan on your PC.
   • If the site is clean like it should be, proceed.
2. Create a backup copy of site directory and database. This is your new clean copy – not very useful yet, but at least it will let you come back to this point if you make a mistake at a later step.
3. Install the most recent version of the theme you want to use (make sure the theme does not use modules with known vulnerabilities — such as certain versions of TimThumb).
4. Check for malware again. If the site got infected, it’s likely the theme. Roll back to the backup you created two steps back (good thinking!), and use another theme. If it’s clean, make anoter backup copy and proceed.
5. For every plugin you need to use:
   • Install latest version of plugin
   • Check site for malware
   • Roll back or create new backups as necessary

Step 9: Restore the data

Now that your site looks and behaves close to what it should, time to import old data. We’ll assume that there are no viruses or malware in the database. That’s a reasonable assumption, but before you act on it, please make sure you’ve backed up all your work prior to this point. Ready?

Export the database your site used to use. You can do it through phpMyAdmin or from command line.. The command will look something like this (all in one line):

mysqldump --user=<old_db_user> --password=<old_db_password>
        --databases <old_db_name> --opt --quote-names --allow-keywords
        --complete-insert -c > <archive_filename>.sql

And to load it all into the new database, you’ll import it — either through phpMyAdmin or through a command line like this one:

mysql --user=<new_db_username> --password=<new_db_password> <new_db_name> < <sql_file>

Now, for the last time (hopefully) check that your site does not have any malware, and you’re done!

Except that you are not really done. Time to make sure that an ordeal like this never happens again to you and your websites.

Step 10: An ounce of prevention is worth a pound of cure

Or, in metric system, “twenty-eight grams of prevention is about half-a-kilogram of cure”, which sounds admittedly much less elegant.

Here’s what you can and should do to protect yourself against future attacks.

• Follow the advice in the official guide on hardening WordPress.
• Before installing a new WordPress plugin or theme, at least Google for vulnerabilities related to it.
• Monitor your site — use Sucuri or a similar tool.
• Keep your PC clean and secure. Don’t neglect your Windows antivirus.
• Make automatic backups that let you easily restore your site.
• Consider not using WordPress for serious sites. Use Django, Rails, heck, even .NET. Some platforms just take security more seriously than others.
• If your hosting provider is not helping you in terms of backups and recovery, move to one that does. Webfaction (where this site is hosted) is probably the best shared hosting option available.

Bonus: Backup/restore script for WordPress

Here’s the script that runs backups for DesignPractica and can restore a wordpress site in a single command: [dowload]. This is written in Python, simply because it’s the best language ever. You run these scripts like this.

Backup:

python backup.py <path-to-wordpress-application-directory>

This will create a time-stamped backup directory inside ./wordpress-backup// and put a compressed copy of the application directory and of the database in it.

Restore:

python restore.py <path-to-wordpress-application-directory> <path-to-backup-directory>

If you found this stuff useful and saved some time thanks to my article or code – you can buy me a beer! Thanks!

Note: If your WordPress site was hacked, this means there’s a vulnerability either in WordPress itself or in one of the plugins you are using. Upon restoring from backup, upgrade to all latest versions, and re-scan the site to make sure it did not get infected again. It’s generally a good idea to google for known recent vulnerabilities in WordPress plugins, and take appropriate steps — e.g. avoid affected plugins altogether, use safer alternatives, etc.

Also, if you are hosting your customers’ WordPress sites, make sure your users do not have admin rights. This may sound harsh, but seriously, “editor” role is quite sufficient for day-to-day use. There are good reasons why public hosting companies who support WordPress limit what plugins you may or may not install. There are good reasons not to trust users with this. If all you have is a few simple blogs and “business card” type of sites, sure — install all the experimental stuff you wish. The worst that can happen if they are hacked — you’ll lose your latest blog post or comments. But for large online stores keeping track of their customers, a hacked site may mean serious damage to credibility. If all your customers suddenly start getting spam, if their personal information is compromised, your business is be in serious trouble. If all of your customers’ customers are exposed in this way, you’re dead, as long as your business is concerned.

Well, thanks for reading this long post-mortem. Here are a few affiliate links to the great tools I mentioned in this post. If you decide to purchase their products, do me a favour, go through these links.

• AVG antivirus
• Sucuri Site Scanner

Menu and Specials

 
Make your menu the front page of your website. Let the customers see what food you serve right away, the first moment they open your web page.

This is the #1 reason why people look for your restaurant on Google. They want to know if you serve what they like. Make it easy to get this info, and you’ll get not just lots of new customers, you’ll get lots of happy, “your kind of guy” customers. Everyone wins.

Hire a good photographer to make pictures of actual meals you cook, get those pictures on your website – and you’ve got an outstanding web presence that informs, entertains and entices at the same time. This is so obvious, yet so few people do it.

Same goes for specials – if you serve breakfast or lunch, crowds of people from nearby offices will google for a place to eat at before heading for lunch, and if you have up-to-date info about today’s special menu easily accessible, you’ll stand out from the crowd!
So, make your menu the front page of your site. You’ll instantly become 10 times better than most restaurant websites out there.

Address with a Google Map

I am your customer, and I am spoiled. If you don’t let me see the route from my place to yours in two clicks, I’m gone. But for some odd reason, many restaurant sites do not want to tell me how to get there. As with Menus and Specials, the website has to be a useful tool for your customers. This goes hand-in-hand with Google Places – as a customer, I want to be able to both find your site through Google Maps, and find a map through your site. As a business owner, you want all paths to lead to you.

Hours of operation, parking and contact info

Yes, they need to know how to call you and when you are open. It is unbelievable how many of the restaurant sites either tuck this information into some far corner, or do not have it at all. Instead, they have mission statements and letters from the owner, which nobody ever reads.

Let’s face it: your site is a tool with a specific goal. The goal is to bring you more business. Anything that does not bring you new customers should not be on your site (or at least, should not take up the space on the front page). The things that are the best at this task, like an easy-to-use, attractive menu and specials, must be the most prominent.

Online reservation system that works

This may be the best or the worst part of your customers’ online experience, depending how you approach it. The key part here is “that works”. Many restaurant sites have some sort of reservations page, but if the phone reservations, greetings table, and online reservations do not work as a single coordinated system, there’s no point to confuse the customer.

So, there are two sensible options here: just provide a phone they can call and reserve a table, or go the whole way and adapt your entire reservation process so that phone, online and walk-in all work in a coordinated manner.

Small Things

 
Your restaurant is a local business, so it helps a lot to register it on Google Places for Business and local directories.

Design Practica helps local businesses in Vancouver area to create and improve their web presence. We can make you a new website or give the old one a new life. Contact Design Practica for a free consultation about your restaurant’s website.

It was a fun little project to redesign the WordPress-based website of a Burnaby cafe, giving it a fresher, lighter look. Kata’s Cafe is known and loved by Burnaby locals for its awesome breakfasts. It’s a good thing its website, KatasCafe.ca, is now as fresh as its food.

If your site needs a little refreshing or a complete redesign, Design Practica is here to help with your website. Just give us a shout.