How to Protect Your Magento Website from Being Hacked

One thing all ecommerce managers worry about is hacking. Hackers pose a huge potential danger to your website, as well as to your brand. And once trust in your brand is gone, it can be impossible to get back. As Magento is the most popular platform for ecommerce sites (over 250,000 retailers use the platform), we thought we’d write a helpful guide on how to protect your Magento site from hackers. Here at Peacock Carter, we’re Magento experts, and we’d like any of our clients and readers to benefit from this. If you follow our advice, your Magento website is much more likely to remain safe and secure from hackers.

Use well-known, trusted extension developers

One of the best features of Magento is that its extensions allow you to make all kinds of customisations to your site, and there are countless developers who make their living by making useful Magento extensions. However, there are so many different extension sources and some of them provide possible ways in for hackers. When you decide to add a new function to your site, look for trusted developers. If you’re unsure about whether or not you can trust them, look around for reviews or give them a call. Make sure that the developer uses interceptors or observers instead of class rewrites.

Create complex passwords and usernames that are impossible to guess

This perhaps sounds too obvious, but weak passwords and generic usernames are so often the reason why a website is hacked into. Often, with so many passwords to remember, it’s tempting t make them simple enough to remember. Do not do this. Instead, make complicated passwords with upper and lowercases, numbers as well as letters. If you make note of your passwords, then you won’t forget them – and the fact that you’re making a note will allow you to make your password complex enough that no one will ever guess it. The same goes for usernames.

Apply Magento core patches as soon as they are available

It’s important to always keep you Magento core up to date. If a new patch comes out, make sure you download it straight away. It’s also important that you are aware of any specific themes or extensions that need to be updated manually. Doing this will ensure that your core and extensions are fully up to date and that there aren’t any weak points for hackers to exploit.

Do not use ‘/admin’ for your admin URL

A hacker cannot even attempt to guess your usernames and passwords if they can’t work out your admin URL. So many Magento websites use /admin, i.e. However, there is no reason for this to be the URL, and making it so just makes it as easy as possible for hackers to find it and begin trying out various passwords and usernames. It’s also a good idea to restrict your admin URL and other key areas of your site to a whitelist of trusted IP addresses. Obviously, this could make it awkward if you move around a lot and need access to your admin account when travelling, but it stymies any hackers trying to get in through your admin page. And even if they manage to figure out or find your admin URL, you’ve delivered a clear message to them: it is going to be VERY hard and take a LONG time to hack into my site; you might as well give up!

Lock down file permissions


We hope this blog post helps you protect your Magento site from hackers. If you have any worries about your Magento site’s security, you can use It gives you a security status report for your ecommerce site. However, if you’d like to take your website’s security to the next level, as well as work on customising it in other ways, then please get in touch with Peacock Carter today.

Sunderland Digital: Next Generation of Ecommerce

Sunderland Digital – The Next Generation of Ecommerce

I’m looking forward to speaking tonight at Sunderland Digital tonight on the theme of the “next generation of ecommerce”.

Sunderland Digital is a relatively new monthly meeting for those working in – or interested in – the creative, digital and technology sector in Sunderland. Held at Sunderland’s Software Centre, the evening has speakers from Moltin, the ecommerce API, and Salesforce, too. It’s great to be invited and to share knowledge in our field with others in the region – something Peacock Carter is very passionate about, alongside promoting ecommerce web development as an interesting industry to work in.

For those unable to attend the event tonight, I’ll be posting my slides online later this week.

Magento and the next generation of ecommerce

As ever, our favourite ecommerce platform at Peacock Carter is Magento, and my talk will provide attendees tonight with an introductory-level flavour of what Magento is, who uses it, and the future of ecommerce for the platform with Magento 2. Key topics include:

  • A brief history of Magento
  • Magento Community Edition vs Magento Enterprise Edition
  • A showcase of big-name brands around the world on the Magento ecommerce platform
  • Magento’s features, from catalogue management to promotional rules and built-in SEO settings
  • Magento Enterprise’s additional feature set
  • Changes in Magento 2
  • Magento 2 highlights for web developers

As ever, I’m sure there will be time for a few questions after my talk – just keep them easy, as it’s been a long week so far! I look forward to seeing you all in Sunderland tonight.

Magento 2 demo screenshot

Why Magento for ecommerce?

Magento is a leading ecommerce platform used by hundreds of thousands of retailers around the world.

We’ll take a look at what Magento is, who uses Magento, and why Magento for ecommerce is a sound choice for your business.

Who uses Magento?

Some familiar businesses use Magento for ecommerce: global brands such as Nike, Christian Louboutin, Mothercare, Harvey Nichols and Jaguar use Magento as a base for their ecommerce arms.

Targeted towards more mature ecommerce business, or businesses with high growth potential, Magento provides a stable, reliable base for both consumer-focused ecommerce stores and business-to-business websites. As an established Magento agency, Peacock Carter have worked on countless Magento ecommerce projects, and have seen the true extent of Magento’s flexibility.

Magento is ecommerce at heart

One of Magento’s key strengths is that is was built from the ground up with ecommerce in mind. Some ecommerce systems, such as WordPress’ WooCommerce, are an add-on to an existing system which doesn’t have ecommerce at heart. While this is fine for small-scale ecommerce operations, you may find it limiting at a larger scale of sales.

Mulitingual, multicurrency, multisite: Magento has the ability to do all of these, allowing you to scale your website in to new markets as your business grows. There is also a licensed version of the platform, Magento Enterprise, which provides improved customer management tools, staged content management and advanced promotional tools. With Magento, the sky is the limit.

Magento provides a great deal of flexibility, too, with an ever-growing range of extensions to extend its core functionality…

There’s an app for that!

As a mature ecommerce platform – it was launched in 2007 – Magento has a rich ecosystem of third party extensions to help you find the functionality you need. From integration with specific payment gateways (although PayPal comes built-in) to integration with cloud accounting systems, stock and inventory systems, courier integrations for delivery, there is a great deal of your ecommerce business you can streamline with Magento. And, with a trusted Magento development partner (that’d be us!), you can develop even more bespoke functionality for your store.

So, why Magento for ecommerce? Your business requires a stable, tried-and-tested ecommerce platform, and Magento provides just that.

Web design projects

What to do when a web design project goes wrong

Web design projects can go awry for many reasons. Perhaps the agency you’ve employed misunderstood your brief; the specification was wrong; the agency didn’t have the skills it claimed to have; the project is more complicated than anticipated; the agency has lost a key member of staff.

Whatever the reason web design projects going wrong can be very stressful – it can delay product launches, marketing campaigns, and disappoint your customers. So, what can you do when a web design project goes wrong?  

As a web design agency who have been around for over 10 years, we see a lot of “web design rescue” projects coming in. This article is aimed to help you detect the “bad smells” of a project going wrong, and how to rescue the project, based on our experiences.

Bad web design project smells

The first trick in your arsenal is to detect a bad – or potentially bad – project. One or two of the below indicators may occur in any given web design project, but if you nod your head at the majority of the below, your web design project may be in trouble:

  1. Long times between contact: are you struggling to contact your assigned project manager? Do team members take a long time to reply to emails? We’re all busy, but if you’ve lost your communication lines with the team working on your website, your project may be turning sour.
  2. A lot of what you were promised in initial meetings with the agency is now “unachievable” in the budget. Web design agencies can be guilty of over-selling, and once you have committed may try and reduce the features and scope of the project to keep the project sustainable for them. There are many genuine technical reasons an agency may decline a particular feature, however.
  3. Deadlines pass without contact – projects can overrun, but you should be informed ahead of a deadline if it won’t be made.
  4. Work presented is hugely different from the specification or project brief you had approved. Communication is a large factor in any project’s success, and it can cause huge misunderstandings in how your project develops. Bear in mind your web design agency may be working in a sector they’re not familiar with, which brings its whole new dictionary of jargon and acronyms; you may need to clarify how your industry works, and key processes within it.
  5. Poor quality control: if you’re receiving work of poor quality, it may be down to the agency’s quality control processes. Bugs are a natural part of any technical project, and no project is ever “bug free”, but agencies should be aiming to minimise the bugs in a system in a consistent process.

How to rescue your web design project

Every project is different, but there are many common factors in “bad” web design projects, as you’ve seen above. Below is a list of suggestions to help you rescue your web design project:

  1. Talk to your web design agency: this may seem obvious, but let your existing agency know you’re unhappy, and work with them to resolve it. Whilst transferring your project to a new web design agency may seem tempting, this can often over-complicate the issue and delay the project further. This is because the new agency will need to get up to speed on the project, and work out what is complete, and what is in need of rewriting or additional work. For simpler issues, therefore, it can be best to stick with your existing agency to complete the project.
  2. Mediate; if talking directly to your web design agency isn’t working, trying contacting a third party web design consultant who can help ascertain the state of the current project from a technical viewpoint, and where the issues lie.
  3. Consult other agencies: we offer website audits which can give you an idea of the state of the work that has been completed, and where you stand. These can be a great way of maintaining your relationship with the agency, and providing a guiding hand in ensuring you’re receiving work of a good quality to your requirements.
  4. Build on the existing project, or start it again? This is a question we’re asked frequently for “web design project rescue” scenarios – should you keep the work completed so far, and have another agency build on that, or start again?
  5. Most of all, try and remain calm – work with your agency, rather than – in all likelihood, they will want the project to succeed just as much as you do.

Need help to rescue your website project?

If you’d like to discuss how we can help you rescue your web design project, please do get in touch. Peacock Carter have over 10 years experience in mediation and auditing web design projects to help resolve issues between clients and agencies.

Magento 1 DIY book

Magento 1 DIY book

We’ve been at it again here at Peacock Carter: after the Magento 2 Theme Designs book was released late last year, we’ve since acted as technical reviewers for Apress’ new release, Magento 1 DIY.

The Magento 1 DIY book, by Viktor Khliupko, aims to empower smaller business owners, allowing them to create their own Magento store, and get up and running.

What does the book contain?

The book is a respectable 221 pages in length, and covers content split in to five key sections:

  1. Set up – this section covers installing and configuring your Magento store, and your product catalogue
  2. Sales generation – a look at techniques to promote your products, from social media platforms such as Twitter and Facebook, to more traditional digital marketing like search engine optimisation (SEO) and paid advertising (PPC)
  3. Growth – this chapter looks at how to automate key ecommerce processes in Magento
  4. Enterprise – a walkthrough of Magento Enterprise’s key features, and how you can replicate them in Magento Community using existing third party extensions
  5. The final section, Custom Magento Development, covers deeper customisation of Magento for those new to the platform

The Magento 1 DIY book provides a good overview of Magento’s functionality for those interested in ecommerce and without web development experience.

Our involvement with Magento 1 DIY

Peacock Carter’s involvement with the book comes from our involvement as technical reviewers on behalf of the publishers, Apress. As technical reviewers, we were tasked with verifying the technical correctness of the book’s content and any code samples, as well as providing guidance on best practice for Magento development and configuration. This content is then fed back to the author before the book is published.

Our director, Richard Carter, has authored 4 books on the Magento platform, and been involved in the technical reviewing of content in many other publications.

If you’d like to work with Peacock Carter on your next Magento project, please do get in touch.


Web design project placeholder

Key reasons people aren’t buying from your website

So, you have a healthy ecommerce website with good levels of traffic: great!

But is your website slowing your online sales down? Is your website hindering your customers, not helping them? Ecommerce experts and Magento agency Peacock Carter list 10 common reasons people aren’t buying from your website:

  1. Customers are not reassured by your landing page: are you using the right language your customers would expect? Is there too much jargon?
  2. Your brand name doesn’t work for the industry you’re in: are you selling high-end products with a bargain-basement name? Consumer perception can effect customer decision
  3. Does your website fail to answer key questions about your products potential customers have? Are the product’s key features listed clearly? Is a warranty period mentioned clearly?
  4. Your website’s checkout isn’t secure: ensure customers can see the green padlock in the address bar, even if payment is taken on a third party merchant website
  5. Your delivery or shipping charges aren’t clear. If you can’t give away free shipping with all of your products, consider offering free shipping for orders over a set amount (e.g., £50, £100).
  6. Your website’s design doesn’t inspire trust: if your website looks old and unloved, your customers can lose confidence in your website, and shop elsewhere
  7. Your product photographs are poor quality: use high quality, zoomable photos, including back, front and sides where applicable.
  8. Your returns policy isn’t easy to find: having a clearly linked returns policy in the footer of your website can be a reassuring sight for new customers who are unfamiliar with your brand
  9. You don’t offer a convenient payment method:
  10. Your checkout slows customers down too much: do you ask for too much information at checkout? Is your checkout process too
  11. Your website is too slow. If your website is too slow to load for customers, you’re highly likely to lose them to other, faster competitors

If your store isn’t converting traffic in to sales effectively, we can help: our website SEO audits are designed for just this purpose!