Ecommerce and Brick-and-Mortar

Posted by & filed under List Posts.

We know that the average shopper has needs that are met in-person, as well as ones that are met through digital channels. How can companies balance their efforts between online and offline for the best possible results?


Stats that prove the transition to online shopping


When we think of a store, the first thing that might come to mind is a physical one. We walk through the door and can browse through the aisles, picking products up and trying things on before making our decisions. Virtual reality may offer “full immersion,” but the real “full immersion” is reality itself: the product in your hand.


However, that value of in-person inspection comes at the cost of relative convenience, as more options have emerged online and people have grown increasingly comfortable shopping for and paying for items through their computers and mobile devices. While the landscape is changing, the position of storefront retail is changing; and yes, it is clearly on the decline. Fourth-quarter industry statistics from Investor’s Business Daily show poor numbers for all the retail groups the publication monitors; in fact, the Department Stores category is last out of all industries – ranked 197 out of 197. The good news is that this devastation to the world of B&M is aligned with an expansion of e-commerce sales – a 29% overall rise during the 2016 holidays.


Another way to see this trend is in comparing the Q4 2016 results to determine the “online growth edge” for a couple of major box stores (IBD):


Brand E-commerce Storefront Online growth edge
Target +34% -1.5% +33%
Walmart +29% +1.8% +27%


As e-commerce continues to become more sophisticated and better able to address consumer expectations, what is the value of a physical storefront? We know it’s not the heavy-hitter it once was. It’s not just clear from the above megabrands that are straddling the fence but from those that have gone bankrupt or are closing their stores nationwide, such as American Apparel, The Limited, Wet Seal, Aeropostale and Pacific Sunwear.


Is B&M sinking into oblivion?


There is sufficient evidence to suggest that the physical store can be viewed as similar to snail mail: it is useful to many now but will only become increasingly irrelevant, says this perspective. That’s not quite right though. In essence, the rise of digital does not signal the demise of brick-and-mortar so much as an evolution of the way that people shop and a shift in the role of stores to serving a more functional, mundane purpose as a distribution point.


Boston Retail Partners principal Ken Morris uses the example of Restoration Hardware to make this case. The showrooms of the brand are settings for inspiration, notes Morris. “[T]hey’re not really selling anything there,” he says. “It’s like a giant 3D real-time catalog.”


BRP’s vice president and practice lead, Perry Kramer, adds that the service experience needs to be treated as paramount in order to win at storefront retail in the new age. The example he gives is the Apple Store, where you can try products and get advice from salespeople who are generally considered well-trained and helpful.


How omnichannel goes beyond multichannel as an integrator


You may have heard the word omnichannel a bunch of times and perceive it as one of those annoying marketing buzzwords; but actually, omnichannel is an important business concept.


You can think of omnichannel as a type of multichannel or even the newer, savvier evolution of multichannel. “[A] multichannel approach to sales that seeks to provide the customer with a seamless shopping experience,” TechTarget defines omnichannel, “whether the customer is shopping online from a desktop or mobile device, by telephone or in a bricks and mortar store.”


What differentiates omnichannel from multichannel? In a nutshell, it’s integration. Omnichannel involves backend integration rather than just diversification of channels. Compare the above description of omnichannel to a definition of multichannel provided by Jay Acunzo in the HubSpot Blog. Acunzo defines the simpler multichannel concept as communication across various channels, both digital and otherwise. Multichannel is about marketing in many different places at the same time; omnichannel is about bringing together the insight from each approach.


There is another aspect of omnichannel that is evident in its name. While multichannel is about many avenues you can go (see its prefix multi-), omnichannel is about addressing every possible channel (see omni-). Omnichannel is a more thorough approach based on the idea that people now expect to be able to shop, experience your brand, and engage with you as a customer through a full range of possible means (for example, within all the various social media sites, brick-and-mortar stores, your websites, and your mobile apps).


To better understand how an omnichannel strategy can be leveraged by a brand, just look at what customers think should be available to them. An expectation of nearly three-quarters of shoppers (71%) is that brands will have in-store inventory data available online. Similarly, an expectation held by half of customers (50%) is that they be able to buy on the Internet and pick up items in-person (“Customer Desires vs. Retailer Capabilities: Minding the Omni-Channel Commerce Gap,” Aberdeen).


The final, fundamental reason why omnichannel is such a key concept for your company’s growth is that these consumers are big spenders. “Omnichannel shoppers are typically a retailer’s most valuable customers—spending over five times as much as those who only shop online,” notes a Bain & Company report. “Creating a great experience for those customers is critical, and not doing so is very risky.”


Forgetting the money and simply looking at omnichannel in terms of user experience, your users should be able to shop more efficiently and without having to stop and start along the way. Customer service should be as sophisticated as possible; and brands often neglect that concern, so integration of different touchpoints via omnichannel is a powerful differentiator.


3 brands with omnichannel to emulate


Here are three household-name brands with omnichannel user experiences that are noteworthy and worthy of mimicry:


  1. Disney – This incredibly popular family brand has embraced omnichannel with its My Disney Experience tool, which allows consumers to comprehensively plan their trips, from getting Fast Passes to the park to pre-determining dining locations. Within any Disney park, you can find attractions and wait times via the mobile app. The Magic Band program, which offers Fast Pass integration, adds further capabilities and complexities: hotel room key functionality, storage of photos with Disney characters, and food ordering.
  2. Bank of America – This brand is considered a bellwether in finance related to omnichannel. The company’s tools include the ability to deposit checks and schedule appointments both via mobile and on desktop. Additionally, customers are able to pay their monthly bills seamlessly through any device.
  3. REI – This company provides clear product data throughout its customer ecosystem, says Aaron Agius in the HubSpot Blog. “[T]hat kind of internal communication will keep customers happy, satisfied and returning back to their store again and again,” he adds.




Hopefully, the above advice can help you address the need for balance between online and offline shopping at your company. Do you need help getting your e-commerce site up and running, or improving the performance of your current site? At Total Server Solutions, we support all of the top shopping cart applications and also offer merchant accounts so you can sell and accept payments quickly and easily. See our secure e-commerce solutions.

WordPress Lovers

Posted by & filed under List Posts.

  • The SEO-friendliest CMS
  • Expandable open source
  • Flexibility / customization potential
  • Time-saving
  • Peace of mind
  • Lower cost upfront and ongoing
  • Responsiveness
  • Scalability
  • Simplicity


As indicated in our companion piece “Calling All WordPress Haters”, 18.3 million people now use WordPress. That number of users accounts for 59% of the market, more than 8 times the second-place content management system, Joomla (6.9%).


The sheer volume of people using this technology probably does not alone convince you that it’s the way to go. What are a few of the most compelling arguments to use WordPress? Here are nine of those mentioned by coders, web design companies, and others who are highly familiar with the environment:


The SEO-friendliest CMS


One of the surest ways to get more visitors to your site is to improve your search rankings. Here are a few ways WordPress is standardly geared toward strong SEO that are mentioned by Nick Schäferhoff in Torque Magazine:


  • Although the primary language of WordPress is PHP, the software creates HTML pages that search engines can scan effortlessly.
  • You can set permalinks that include the keywords of the article or other page. The permalink will auto-generate with the title, but it can often be shortened and refined for better keyword focus.
  • The title is a key component of how your page will be understood by Google. The combination of the title and the heading tags also provide the search spider with a sense of structure.
  • Content marketing is critical to getting noticed online. Since WordPress was originally conceived as a blogging platform, it is considered a powerful tool for text or multimedia posts.
  • The CMS makes it simple to bring in images and to optimize them with descriptions, ALT tags, and other elements to further increase your search prominence.


All those aspects of WordPress are included in the basic installation, before you add any plugins or tweak your code.


Expandable open source


WordPress is free, open source software, and you can host it yourself – which means that you won’t have to pay anything to download or maintain it (i.e., you have access to updated releases).  The ecosystem of plugins for the CMS is vast, including more than 20,000 options (caching plugins, contact forms, social buttons, automated “related post” integration, etc.).


Flexibility / customization potential


A strength of WordPress is that it provides a cookie-cutter structure, but that model is by no means rigid. Anyone using it can easily change the basic design and functionality by switching out the themes or plugins. Elisha Terada of web design company Fresh Consulting notes that these fundamental aspects of how your site operates and is presented are not just developed by enterprises but are user-created (which doesn’t hurt when it comes to seeing things from your perspective).


Mikke of Mikke Goes Coding also lists customization as a key WordPress strength. He notes that the appearance of the site and the way that it is organized for the user are just as central to your success as what the site provides from a utilitarian view. Customization within the CMS is nearly open-ended if you want to work with a developer on rebuilding elements. If you want to spare that expense, there are a vast number of plugins and themes you can use to improve the visuals of your site, what’s available to users, and how it works for you.


You can change how the features and areas of your pages are laid out, ways it can be navigated, and (of course) the content. You will be able to make adjustments to the background, visuals, fonts, and colors.


For broad-sweeping changes, you can switch out the theme that you are using almost instantly. There are many thousands available, and a good portion of those are free. Businesses often decide it makes sense to use paid themes, though, since the developers are then better incentivized to provide bug fixes and security updates; support for the theme can then sometimes be included.


For adding a functionality to the site, you can use plugins. Example functionalities include pointing readers to related blog posts, creating a contact form pop-up, building in analytics, creating newsletter lists, adding different languages (such as Spanish), spam comment blocking, and SEO friendliness.




Time is at a premium in 2017. You want the tools that you use for your site to help you streamline and operate efficiently. Learning how to work with WordPress is much faster than building a site from the ground up using HTML, CSS, and JavaScript.


Time is one of the reasons Mikke gives for why he uses WordPress, saying that the framework allows you to accelerate earlier. “[I]nstead of starting with small steps and the very basics of programming a website,” he says, “you can take jumping leaps with WordPress and be able to launch your web page surprisingly quickly.”


Peace of mind


You often hear about WordPress hacks. Like in any environment, though, a lot of the challenge is to be conscientious: use a complex password, keep up with the latest updates, and consider using a security plugin. WPBeginner suggests Sucuri, for example.

Lower cost upfront and ongoing

All of these open source options are “free,” in a sense – but you still may want to pay an outside party to get your installation in place, optimize it, and regularly update it. When DeviousMedia compared the top three CMS options by assessing the costs of setting up, customizing, and maintaining a typical site, WordPress was better than both Joomla and Drupal. Because WordPress is so widely used and there is such a large professional community surrounding it, it’s easy to get someone to provide you with development or design services as needed.




When you use WordPress, your site will be responsive so that they will be user-friendly on any device – desktop or mobile. This is highly important since mobile is becoming more central to the web all the time. Worldwide, mobile traffic increased 63 percent in 2016. Put another way, the data flowing through mobile is 18 times greater than it was just five years ago!




There is sometimes a misconception that WordPress is a starter kit for the Internet. That’s not the case whatsoever. In fact, the system is used by news websites and other organizations that depend on driving huge amounts of traffic to their information. Mikke notes that CNN, MTV News, Fortune, TechCrunch, and Sony Music are all WP devotees.


We have mentioned that it is fast to get WordPress up and running. Not only is it quick, but there is not a huge barrier to entry – as indicated by WPBeginner. The CMS’s community continues to expand in part because ease-of-use is a fundamental principle.


The open source community is thriving. If you want additional help, you can get paid WordPress support. In terms of the actual hardware that powers your site, a managed service provider can help you with all the technical aspects so that you can focus exclusively on the front end.


Terada concurs with WPBeginner on this point, referencing the democratization of technology allowed by this system. A primary reason that WordPress is so approachable is that it has the usability of a word-processing program, which is because it was initially a blogging platform. It was built for people who didn’t necessarily have any tech background and just wanted to put their ideas up online.


“[M]ost… user-interface components are user-friendly,” says Terada, “and there are written and recorded manuals available for you to easily learn how to use WordPress.”




The truth is, not everyone is quite so enthusiastic about WordPress as you might think from the above discussion. Want to hear the other side on WordPress? See “Calling All WordPress Haters.”


On the other hand, are you now convinced that WordPress is the way you want to go? While this CMS is an extraordinary tool, it’s key that you have a high-performance infrastructure for better user experience and SEO. As with a premium theme, you may value consistent support and expert management for your server. See our testimonials.

WordPress Haters

Posted by & filed under List Posts.

You know you need a website, and everything you hear is about how great WordPress is – how simply and seamlessly you can create a site using the platform. It’s clear from the number of sites using it – 18.3 million at last count – that it is an immensely popular brand. But the statistic that is the most staggering is WP’s market share. Here is market share for the top 5 CMS systems (W3Techs; May 29, 2017):


  1. WordPress — 59%
  2. Joomla — 6.9%
  3. Drupal — 4.7%
  4. Magento — 2.5%
  5. Blogger — 2.2%.


In other words, WordPress has more than 3.6 times as many users as its four biggest competitors combined. We all want the best tools, not just the one that first comes to mind, so the question must be asked in this context: Is WordPress as great as everyone seems to think it is? Or is it just as much a lazy, safe choice?


Let’s look at that second scenario, exploring the perspective of those who toss it aside. We get a good example from people who are completely familiar with the ecosystem and still choose to go another direction – such as web developer Ben Gillbanks.


Related: Calling All WordPress Lovers


When WordPress Theme Providers Forego WordPress


The thing that’s interesting about Gillbanks specifically is that he actually co-owns a WordPress theme site called Pro Theme Design. The avenue he and his partner, Darren, took to transition away from WordPress went through the distinction between and self-hosted sites using the CMS installation.


The site was based on WordPress until 2014, at which point Ben and his partner Darren switched out their multipage structure for a non-WP, static, single-page site that included the company’s themes available on Their top priority for the business at that point was manageability and building up the brand by focusing on – so the company didn’t even offer self-hosted options.


Darren decided that the decision to move to a site that was unrelated to WordPress was liberating – so he kept with the static site even when the company began to reintroduce self-hosted themes to its catalog again.


The specific technology that backs the site is FlightPHP, a PHP microframework. Data is contained in text files rather than a database. It’s free of dynamic elements. Third-party services provide the analytics and contact forms.


What’s Wrong with WordPress?


You’ve surely seen plenty of argument for why moving to WordPress is a great idea. Let’s look at the top reasons to ditch WP in favor of an alternative:


  1. “It’s slow to respond.” – Many people actually choose WordPress because it is considered relatively fast, assuming you make a number of tweaks focused on acceleration. However, speed is one of the three main factors that was listed by Smash Company’s Lawrence Krubner when he decided to transition away from WordPress in 2017.
  2. “It’s a contained universe.” – It can be a good idea for people who are currently using WordPress to try something different simply for variety and building a new skillset. Gillbanks noted that this was a core concern for him since he felt he was stagnating as a developer when he was trapped inside the world of WordPress.


This reason for dropping WordPress is kind of a switcheroo on something that current users often tell themselves: that it is a strong choice, for efficiency and ease, to stay with it because it’s what they’re doing now. Instead, Ben embraces the road less traveled since the very act of changing up his approach will help him become nimbler and more capable.


“Doing something even a little bit different is good for the mind,” he said. “By working with a PHP Framework that I haven’t used before, by ditching databases, by integrating with third party services, I can learn.”


  1. “It’s a frequent hacking target.” – Another primary factor listed by Krubner was poor security: he said his site had been hacked twice.


When Sucuri analyzed more than 11,000 sites that were infected with malware or being used in phishing scams, they found that fully three-quarters were WordPress sites; and half of that 75% chunk were outdated.


Clearly, security is a broad and growing problem. 50 million Internet users have experienced warnings that a site may contain malware or that their information might otherwise be compromised (March 2016, Google). What’s particularly shocking about that figure is that it rose from 17 million since March 2015 (almost tripling in size). Phishing results in search engine blacklisting for 50,000 sites a week and malware vilifies and sidelines another 20,000.


Sucuri emphasizes that the data on phishing and malware only reveals the number of sites for which security issues have immediate and obvious consequences. Additional sites are unknowingly jeopardized, and their authority downgraded, for falling victim to such infections as spam SEO.


  1. “It’s weak and bloated.”


WordPress is not just WordPress usually but a combination of the core CMS platform with various plugins from outside parties. Incorporating numerous plugins within a site can help with user-friendliness, but it will race through server resources. If your site is bogged down with a bunch of plugins, your search visibility will also suffer, and users will be likelier to depart your site because of slow loading.


Outside the plugin ecosystem of WP, errors occur less frequently. Going another route that also includes external services (such as the site approach of Gillbanks) still requires careful vetting, though. Always make sure that any outside services are well-constructed and stable, and have backup plans if any issues arise.


  1. “It ain’t the only open source in town.”


WordPress has succeeded to a great degree because it is open source – which means that its code is constantly being improved by its savvier, more technically adept users. Well, any site that is based on open technologies can push the language that makes it come to life out to the community – as Ben did by publishing his site’s code on Github.


People can study the site’s code for new ideas, and they can also submit pull requests and make note of problems.


  1. “MySQL sucks.”


A chief technology used for WordPress is MySQL. The incorporation of MySQL is one of Krubner’s biggest beefs with the CMS. Who else says, in so many words, that “MySQL sucks”?


  • In a piece entitled simply, “Avoid MySQL,” programmer Elnur Abdurrakhimov notes that the open source relational database management system (RDBMS) is unsafe and doesn’t functionally outdo the alternatives. Elnur switched away from MySQL to PostgreSQL after discovering a bug that was not being resolved. “It’s not really important what the bug is,” he said. “It’s the mentality of MySQL developers to do buggy s— they can’t fix and then call them features.”
  • In a thorough piece on the topic of MySQL’s numerous failings, covers challenges he has experienced with storage and data processing; central flaws in the way it’s designed; and what he considers poor arguments for why it’s the right choice.
  1. “It’s slow for development.”


Everyone thinks that WordPress is the fast and easy way to get a website going. It’s accepted almost religiously that it is a faster development tool than just about any other. Interestingly, though, Ben says that he has found he can code faster with his new, non-WordPress setup.



Understandably, you may want to stick with WordPress because it’s a comfort zone and for positives not listed here. But clearly, there are some good reasons to consider using other options. Do you need hosting and expertise for your project transitioning off WordPress? At Total Server Solutions, we’re different. Here’s why.

Hajime Versus Mirai

Posted by & filed under List Posts.

A malware strain called Mirai is created that amasses a botnet through exploitation of unsecured Internet of Things devices. As the number of zombie devices continues to build, the people behind the malware start to use it in distributed denial of service (DDoS) attacks. Eventually, Mirai really puts itself on the map by launching an attack on security researcher Brian Krebs that measures an incredible 665 Gigabits of traffic per second. Mirai’s author open-sources its code in a hacker forum. Krebs identifies (well, suspects, with extensive evidence) Rutgers University student and DDoS protection firm owner Paras Jha as the malware’s creator.


Fast-forward to today: That piece by Krebs (linked above) made a lot of headlines, and Jha was questioned by the FBI; but Mirai didn’t go away. If anything, what appeared to some like an epic battle between good and evil between Krebs and Mirai was actually a small skirmish in a lengthy and developing war. Krebs wanted to unmask a person whom he believed to be responsible for the spread of the botnet, but its code had already been made publicly available. What could be done about Mirai itself? Who could step up to save the rest of the Web from the unprotected segment of the Internet of Things? Someone must have thought that the best bet was to force-secure vulnerable devices and decided that they would be the person to make it happen.


Is Hajime Mirai’s Archnemesis?


One would imagine that there would be competition among black hat hackers to create the most dominant IoT malware so that they could have as many devices as possible to use as a more effective digital weapon. However, you might not have previously considered that someone might go up against the malware with a completely opposite agenda – sharing the desire to inject code for their own different purposes. Nonetheless, that is exactly what has happened – with a general consensus in the security industry that a white hat hacker is responsible for the Hajime IoT botnet.


In fact, after Dan Goodin of Ars Technica noted that it took a great amount of computing knowledge to design and deploy the white hat network, he concluded that it “just may be the Internet’s most advanced IoT botnet.”


Hajime is designed to parallel Mirai in certain ways, so it uses the same username and password combination list. The malware infects the IoT device and then blocks four ports that are most widely used for infection. Additionally, it presents a message on the terminal of the infected device, with an encrypted signature, that says the author is “just a white hat, securing some systems.”


Since the goals of Mirai and Hajime are directly opposed (to enslave and to protect the devices), Tom Spring of Kaspersky Labs’ Threatpost believes that the Hajime vigilante white hat and Mirai black hats will be locked in an ongoing head-to-head rivalry for control of routers, DVRs, CCTV cameras, thermostats, etc.


It’s unclear at this point whom the author of Hajime is. It was first detected by Boulder-based Internet service provider Rapidity Networks in October 2016. Since then, it has grown at breakneck pace, infecting any IoT devices that are using default passwords and have open Telnet ports (i.e., the targets of Mirai).


Hajime and Mirai are essentially using the same means – mass self-propagation and infection of the IoT – to achieve very different objectives. Although Mirai is made up of a huge number of devices (estimated at 493,000 in October 2016), it functions as a unified tool that allows cybercriminals to hammer targets.On the other hand, Hajime does not appear to have a purposeful dark side (although intention isn’t everything – see below). Instead, it seems that the only reason it was created is to self-propagate and to seal off any unsecured Telnet ports so that they aren’t taken hostage by Mirai and used to do the bidding of malicious actors, at the expense of whatever victims they choose.


Symantec analysts have placed the number of Hajime-infected home routers, webcams, and other devices at 10,000. However, Rapidity Networks had previously estimated that it had spread much more wildly, spreading to 130,000-185,000 devices.


Hajime: The Full-Featured IoT Botnet


While Mirai has a stripped-down functionality, Hajime has a much more sophisticated feature set. One of the best examples is the manner in which Hajime tries username-password pairs. Mirai just tries a bunch of common possibilities; instead, Hajime parses the information on the login screen to determine what manufacturer is behind it and uses that manufacturer’s default logins. For example, Hajime attempts to attack a MikroTik router with the username “admin” and no password. The Mikrotik documentation shows that combination to be the factory-default. By minimizing incorrect password submissions, Hajime is less likely to get blacklisted or blocked from the device.


Plus, another major differentiator between Hajime and its blackhat botnet foes is that it is maintained in a slicker manner. It encrypts communications between nodes and utilizes a peer-to-peer network, via BitTorrent, to send updates and commands. That use of encryption and distribution give it a better defensive posture to Internet backbone companies or ISPs wanting to root it out. When Rapidity Networks found a flaw in a previous version of Hajime, the author updated it to correct the problem.


What Else Does Hajime Do?


Beyond being able to change the brute force telnet credentials it uses based on its identification of the device, here are some other Hajime capabilities:


  • It can infect ARRIS modems using a known remote backdoor, password-of-the-day.
  • While it is infecting, it is able to determine the platform and can sidestep the absence of download commands (wget, etc.) via the loader stub (.s).
  • Hex encoded strings are used to dynamically produce the loader stub through assembly programs that are custom-designed to fit the platform. The port number and IP address of the loader are patched in the code once the loader stub is created.
  • Hajime can determine if an infecting node is currently accessible; if it isn’t, the malware will switch to another device to download the initial code.


Temporary Hardening of IoT Devices


Hajime does not permanently protect the devices it infiltrates. Just like Mirai, when the device is rebooted, Hajime is gone, and the ports are again vulnerable to Mirai infection. Since both types of infection are short-lived, experts think that Mirai and Hajime will be competing against one another for control indefinitely.


There has been vigilante, white-hat malware in the past. The most obvious example in this case is Wifatch, which invaded IoT devices, changed default passwords, shut off ports, and posted warning messages.


The issue with any type of malware, even one that has good intentions, is that there can be collateral damage to the device. If the exploit is performed incorrectly or if a port is blocked that is in use, the true owner won’t be able to use it. The malware could infect key infrastructure and push it offline. In other words, we should be careful about thinking Hajime won’t come with a downside.




Leaving Web safety up to a duel between Mirai and Hajime doesn’t work when it comes to your business. Are you concerned about whether your company can defend itself against DDoS attacks? At Total Server Solutions, our mitigation & protection solutions help you stay ahead of attackers. See our DDoS Mitigation Solutions.

Mobile Mistakes for eCommerce Sites

Posted by & filed under List Posts.

Many of us operate within the business world with a desktop or laptop computer as our primary tool with which we access the web. However, the growth of mobile computing over the last few years has really been astounding. It would be an easy argument that the real face of the internet now is not a PC but a smartphone or tablet:


  • According to internet usage tracker Statcounter, which analyzes access to 2.5 million sites, October 2016 marked the first month that mobile traffic exceeded desktop/laptop traffic, at 3% (46.5% smartphone & 4.7% tablet). In 2013, 1 in 4 users (25%) were accessing from mobile; in 2010, 1 in 20 people (5%) were.
  • The number of mobile web users globally (not to be confused with mobile phone users) was expected to exceed 2 billion in 2016 (IDC). Look back just 9 years prior to that in 2007, and desktop had 1.1 billion users vs. 400 million on mobile (comScore). In other words, the mobile web grew roughly 400% during that period.


Mobile is clearly a much more important part of business than it was in the past. Many will buy on mobile. Others will conduct research on their phone or tablet before switching to a PC to make their purchase. Either way, an e-commerce company wants to create a strong presence on mobile to beat out their competition.


Top Mistakes E-Commerce Companies Make on Mobile


Here are thoughts from entrepreneurs on what kinds of missteps e-commerce companies tend to make when aiming to make the most of the mobile web:


#1 – Challenging to check out


E-commerce companies have generally gotten the idea that you have to focus on showing people exactly how the product looks if you want them to buy. However, for many companies, mobile is simply a reflection of the desktop setup.


Be sure that your checkout is optimized specifically for mobile. Optimizing mobile involves “taking advantage of mobile-specific features (like using specific keyboards for different fields), dividing up forms into many more pages and getting rid of unnecessary fields,” notes Shop It To Me founder Charlie Graham.


#2 – Frustrating form overload


Smartphones and tablets are certainly convenient for internet access, but typing can be a pain. For that reason, Nicolas Gremion of echoes Graham’s point about minimizing fields and forms; plus, he suggests integrating other services that might already contain user information. Allow them to register using their Facebook or Google account. Allow them to pay via Amazon Checkout, Fortumo, or PayPal. Have a checkbox that allows them to automatically transfer their billing info into the shipping section (i.e., without having to re-type it). Test the process carefully for any snags.


One key aspect to keep in mind is that users of mobile are not clicking with their mouse but manipulating the screen with their fingers — particularly the thumb. Crazy Egg‘s analysis of this topic suggests there are three main ways that people interact with their smartphones: one-handed (49%), cradled (39%), and two-handed (15%). In all these scenarios, the thumb is critical. Because of that, there is a concept called the Thumb Zone — the area of the screen that is comfortably accessible to the thumb. Roughly speaking, the Thumb Zone is the bottom left-hand corner of the screen. Be aware of that when designing checkout.


#3 – Not easy to navigate between products


Studies show that more consumers will now purchase from a mobile device, but the process can easily become confusing if you have a broad catalog with numerous categories in your shop. Jonathan Long of Market Domination Media recommends checking out the Best Buy site on mobile to get a sense of a user-friendly mobile experience for a store with a huge range of products. Especially when people are ready to buy (and that describes your ideal traffic), they want to be able to navigate to what they want quickly. Make sure that they can.


#4 – Pestering pop-ups


You don’t want to ever drill your e-commerce customers with too many pop-ups – and that’s especially critical on mobile. If the average desktop/laptop shopper already seems a bit obsessed with how quickly and intuitively they can get what they need on your site, any sense of patience is gone when that person picks up a mobile device. co-founder David Nevogt notes that he will typically abandon a mobile shopping cart if he gets more than 2 pop-ups. “The only exception to this rule is if I’m given the opportunity to sign in via my social accounts,” he clarifies, “because that’s a pop-up that helps me versus a pop-up that asks for my email, which serves the e-commerce company more.”


#5 – Really poor responsiveness


No one wants to go to your mobile e-commerce shop so that they can wait. A consumer wants to be able to jump around and explore your products rapidly so they can compare options and buy. That requires your site to be strongly responsive. Similarly, user-friendliness is a necessity for mobile, as indicated previously. EVENTup cofounder Jayna Cooke advises to carefully and methodically develop your mobile shop prior to release. Related to responsiveness, it’s critical that you are hosting your site on high-performance infrastructure if you want it to perform at the pace of e-commerce.


#6 – Social sharing not set up


If you can think of the two most prominent areas of growth on the web, they would probably be mobile and social. Consider these YOY changes in social and mobile social use:


  • Between January 2016 and January 2017, the number of active social media users grew 21%, representing an additional 482 million users globally.
  • During that same period, active mobile social use grew 30% — an addition of 581 million people.


How can you integrate social prior to checkout? Make it possible for the shopper to ask their friends if they’re undecided on a product, says Allied Business Network co-founder Brooke Bergman. It’s free publicity even if they don’t end up buying.


Related: 11 Primary Mistakes Ecommerce Companies Make on Social Media


#7 – Relegation of remarketing


Don’t be shy about asking for a name and email address early. Once you have that contact info, you can shoot them an email with a coupon code so that they can get a discounted price if they return. As an alternative or supplement to that tactic, you can also use Adwords for remarketing, explains Andesign’s Andrew Namminga, which “will prioritize the delivery of ads to people who have recently visited your website.”


#8 – Denial of mobile diversity


It’s important to be compatible with every type of mobile device. Any phone or tablet should get impeccably great ease-of-use, notes True Film Production CEO Stanley Meytin. Be sure to test each one.


#9 – Absence of an 800 number


Of course you want everyone to just buy through the site, but your mobile site should also give the user a fast way to speak with someone at your company directly: a phone number. On a desktop or laptop, people will often check out your FAQ pages or go elsewhere on your site to get their answers. Mobile users desire a straightforward navigation. When they get confused, it makes sense (especially since many are already on their phone) that they would want to simply click to call and get help problem-solving. That phone number is especially important, says LSEO’s Kristopher Jones, because mobile users will often need “a higher level of touch” than their desktop counterparts.




Do you want your e-commerce company to excel on mobile? At Total Server Solutions, all of our high-performance hosting plans include Unlimited Bandwidth. Learn more.

Best Practices to Improve Magento SEO

Posted by & filed under List Posts.

Kyle is managing a webstore that specializes in refurbished components for mountain and road bikes. The company is planning to “shift gears” with its web store to Magento. Kyle is taking an initial foray into the new web store’s search engine optimization. Although Joe and his team understand that Magento is well-built for the search engines, he wants to fine-tune it immediately so that the site is working at its best.


What can Kyle do? Below, we go through several standard best-practice recommendations. First we address immediate, out-of-the-box technical optimization tips to improve search engine friendliness of your site’s URL structure (e.g. metadata, robots.txt, XML sitemap, ALT tags). Then we look at two broader topics: content marketing, with an infographic of pointers from 24 executives, and speed.


How to optimize Magento “out-of-the-box” for better SEO


Well, you probably did not pull Magento out of a box… Nonetheless, you do need to immediately tweak some of the technical specifications within Magento “out-of-the-box” – to customize it – in order to make its SEO as powerful as possible.


The good news from the outset is that Magento is initially well-tuned for SEO, according to Netherlands-based search-engine optimization firm Yoast (which is reponsible for 10.6% of core commits to the WordPress code base, per WP core developer Aaron Jorbin).


Before we get into these technical tweaks, note that you want to download the latest release. Here is the official download page for the free open source community version of Magento; here is where you can look at the paid version, Magento Enterprise (which offers improved performance over the Community edition, among other upgrades).


Yoast then recommends going into the settings so that you can allow server URL rewrites. Enter System > Configuration > Web > Search Engines Optimization. Within the same panel, click into URL Options and switch “Add store code to URLs” to No.


www vs. non-www


You will see the base URL for Magento under “Unsecure”/“Secure.” That’s where you can establish your preferred domain name, i.e. the decision between the versions with and without www.


Take Kyle. Kyle needs to decide whether his restored cycling component store should be listed as or Joe chooses, thinking that the shortened version is long enough at 23 characters. Simply adjusting this setting does not redirect from to though, or vice versa; it only establishes preference. Hence, Joe creates a 301 redirect via .htaccess with mod rewrite, so that traffic goes through the latter version. In addition to better defining how the site is organized, it means that Magento won’t add the SID query to URLs (e.g. ?SID=h7i38596y3t34s3u22sk293484wpd49i). Finally, he verifies that the Base URL matches the redirect.


Kyle adds this code to the .htaccess file to redirect index.php to root, at about line 119:

1 RewriteBase / RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /index.php HTTP/

2 RewriteRule ^index.php$ [R=301,L]


Note that if Kyle’s Magento installation had been in the sub-directory instead of the root, he would have used this code:


1 RewriteBase /magento/ RewriteCond %{THE_REQUEST} ^[A-Z]{3,9} /magento/index.php HTTP/

2 RewriteRule ^index.php$ http:// [R=301,L]




When you download Magento, it will have the title “Magento Commerce” – which is obviously not the title of your store. To improve your rankings with the search engines, note that you should prioritize the early words: your keywords should come early because people are likelier to see them in that position when scanning a page, and because search engines focus hugely on the first few words.


Kyle goes into Configuration > Design > HTML Head and changes the title from “Magento Commerce” to “Sustainable Mountain & Road Bike Parts | Refurbished Cycling Components,” preparing this title that is typically used for generic non-content pages such as the Contact Us page. Then Kyle decides that, for branding, he wants to have the name of his business in all the page titles. He adds “Bike Part Heaven” under “Title Suffix.” However, as advised by Yoast, Kyle leaves the “Title Prefix” empty – since those initial characters are crucially important for SEO keywords. He also avoids adding anything under “Default Description” and “Default Keywords.” Finally, Kyle keeps “Default Robots” at “INDEX, FOLLOW,” because it is not a non-production environment; and he adds the canonical tag. (Here is information on the canonical meta tag within Magento.)


You want to optimize your entire store, not just the main pages. Internet marketing blog The Next Scoop recommends a minimum of five keywords per page, used in both the meta title and description. The metadata you use to describe each of your product pages should be both highly relevant and compelling, since the end goal is getting people to click for a better CTR and more leads.


Standardly, the meta title should be 40-60 characters, the meta description should be 150-180 characters, and commas should be placed between keywords.


XML sitemap


You want to serve your site up to the search engines in a manner that makes their job simple. An XML sitemap allows the search engines to more easily search and index your site. The sitemap needs to be submitted directly through the webmaster tools of Google, Bing, etc.


Here’s how to create one:


  • Go to System > Configuration > Google Sitemap > Add New.
  • For Filename, type “sitemap.XML.”
  • For the path, that is the server directory where you want the sitemap to be stored.
  • Choose the store that the sitemap covers.
  • Save to create the sitemap.

ALT tags for images


Product images are incredibly key for ecommerce effectiveness. Just as images are central to captivating shoppers, these images are also fundamental to search engines. Make sure you have ALT tags for all the images.


To implement ALT tags systematically, Kyle uses a script that auto-generates them to be the file name (omitting any hyphens).




The search engines are checking the web for new and helpful thoughts to best answer a user’s request. Plus, there is essentially no way to fake content, because unreadable, poor-value “keyword-stuffed” or duplicate content (via license, plagiarism, or internal reuse) will sink you in search. In this environment, it’s necessary to embrace content marketing. Here is an infographic from customer referral firm ReferralCandy, featuring advice on the topic from two dozen major-brand executives:

24 Juicy Tips for Ecommerce Content Marketing from Inbound Marketing Pros [Infographic]




The speed of your Magento store will have an impact on how it gets ranked in the search engines. Performance is also fundamental to strong user experience. To improve your speed, here is some basic advice:


  • Use the most recent version of Magento (as indicated above)
  • Tweak your MySQL configuration
  • Enable flat catalog
  • Optimize the images
  • Compress CSS and JS files
  • Optimize logs and database
  • Implement caching
  • Use a content delivery network
  • Choose a high-quality web host.


Kyle understands that the infrastructure that backs his site will have a deep impact on the speed he achieves. He decides to lay a strong foundation by switching to a more powerful hosting service and adding a CDN plan before working his way through other improvements.




Are you like Kyle? If you’re using Magento and building sales, chances are that you are laser-focused on fine-tuning your SEO; and speed is one way to do that. At Total Server Solutions, we offer high performance web hosting for e-commerce. Learn more.

IOT Botnet Persirai

Posted by & filed under List Posts.

Is your CCTV camera staying with the fashionable DDoS trends, switching out its botnet malware like it’s changing its outfit? The rise of more sophisticated and malicious IoT botnet malware is certainly not a laughing matter when these powerful criminal technologies are used to take down websites and online services. However, the rise of other malware strains that are in the same basic category as Mirai (botnet-creation tools leveraging unsecured devices within the Internet of things) does echo the way in which tweaks to established classic clothing staples are released each season, grabbing the real-time headspace of the fashion-conscious.


After all, as we head into the warmer summer months, probably every CCTV camera, and even many DVRs, like to try on new malware. One of the most popular choices this season is Persirai – detected targeting more than 1000 different Internet protocol (IP) camera models, an estimated 122,069 total IP cameras. While cameras that should be considered “under-siege” by this malware are spread across the globe, the United States has the third-most potential targets (8.8%), below only China (20.3%) and Thailand (11.6%).


Mirai’s More Diabolical Cousin Still Under the Radar


Now to be clear, Persirai has not spread nearly as widely as Mirai, which had invaded at least 300,000 devices in 164 countries by October 2016 (and with some reports estimating more than half a million); it’s important to confirm that these more than 100,000 IT devices are at-risk rather than currently under control of the botnet.


The news still isn’t great. Using data gathered via the IoT search engine Shodan, researchers revealed that these 120,000+ IP cameras were configured in such a manner that they could fall victim to ELF_PERSIRAI.A.


Again, Persirai is part of a bigger and growing problem with the Internet of things: the lack of security within it is being used against the Web at large (well, whatever targets are chosen by the botnet’s master).


The reveal of the scope of Persirai is part of a continuing story that really is made for Hollywood. In 2016, the Mirai malware was busy rapidly recruiting (or enslaving, really) hundreds of thousands of CCTV cameras, DVRs, and other IoT devices – forming a massive botnet to be used in delivering a staggering volume of garbage requests for distributed denial of service (DDoS) attacks. Eventually, security researcher Brian Krebs was hit with one of the largest DDoS assaults of all time (September), the source code was released on a hacker forum by its author, and Krebs pointed to the specific individual whom his research concluded had programmed Mirai.


How Does it Work? Are the Device Owners Complicit?


Botnets are fundamentally about people not having control of their devices, and they succeed in large part because users don’t know that their device is being used for illicit purposes. Once the malware enters the device, the master is able to access the web interface of the camera through TCP Port 81, using universal play and play (UPnP).


IP cameras often use UPnP, a set of standards and protocols that allow devices such as intelligent appliances, PCs, and peripherals to be incorporated into a network and recognize each other. Through UPnP, a device can act as a server by opening a port on the router. This technology was widely praised as a functional tool in the past; however, more recently, it has become the increasing topic of security concerns since it presents a clear point of attack.


If a hacker logs into the visible interface, they can direct the camera to a site through which a shell script will download and execute on it. From that point forward, a remote master can transmit commands to the device – and to all devices in its botnet – to invade and inject other vulnerable IP cameras through a zero-day vulnerability uncovered in March. The way that the malware is exploiting the cameras allows it to withdraw password files so that they can perform a command injection no matter how complex your password is.


In this manner, Persirai creates a greater threat than Mirai does. The central goal of Persira and Mirai is the same though: in response to commands from the master server, the IoT devices are used to DDoS target systems via user datagram protocol (UDP) floods. The remote server that is controlling this botnet is a .IR machine (Iran-based), and Persian characters are used in the code.


Persirai is understood in the security community as a spinoff of Mirai since it uses a lot of the code that was open-sourced by Mirai’s author last October. Although Persirai seems to come from a different author, it is also possible that Persirai was created by the original coder to include additional features and make the code more confusing.


The zero-day vulnerability mentioned above – which allows access of the password – is the primary “upgrade” from Mirai to Persirai. While the former takes a brute-force approach to break into devices, this one leverages a security loophole to grab the login details directly.


This new malware is also important because it signals to security researchers that the people behind this particular version of IoT botnet malware have the acumen to understand the use of exploits to gather passwords. Since that’s the case, device users are wise to immediately patch their devices when new vulnerabilities are discovered.


With the rise of the Internet of things among consumers, industry thought-leaders have projected that the perpetrators of DDoS attacks will shift from NTP and DNS servers to unprotected devices. That’s a particular concern because so many everyday users don’t adhere to strong security practices.


To make Internet of things devices safe, users should go beyond simply protecting against Persirai by disabling UPnP (so devices can’t suddenly open ports to the internet) and also change their passwords from the default – after all, those default passwords are the only way Mirai can get access.


Other general and immediate tips for IP camera and IoT security include:


  • Prioritize updating and patching devices.
  • Make your passwords complex and outlaw defaults.
  • Use two-factor authentication if that feature is an option.
  • If 2FA is not available, consider recommending to your device manufacturer that they include it in their next update.


Why is the Internet of Things so Prone to Insecurity?


IP cameras, routers, thermostats, and other IoT devices are often gluttons for punishment when it comes to cyberattack because the original equipment manufacturer (OEM) of the device is focused on reducing time-to-market at the expense of properly protecting their products. The consumers and even businesses who use them may not understand how critical it is to nix default credentials.


The real downside is that we are not headed in the right direction with the Internet of things, even though more devices are coming online all the time. All these additional nodes can potentially be exploited by bad actors. The devices aren’t only footsoldiers for DDoS attacks but can serve as gateways into the network, leading to additional issues such as espionage.




The rise of the Internet of things is a reminder to owners of devices to keep their systems protected, and for all of us to defend ourselves against DDoS attacks from IoT botnets and others. At Total Server Solutions, we help you prevent attacks before they impact your business! See our DDoS Mitigation Solutions.

How to Choose a Server Provider

Posted by & filed under List Posts.

Meredith is the owner of a niche site that sells clothing and accessories to charter boat captains and other mariners. She sells dozens of products – from shirts, pants, and jackets to jewelry, knives, bags and belts. Sales are strong and continuing to grow. Customer service is fast, personal, and conscientious. Marketing has been fine-tuned to deliver a predictably good ROI for every dollar spent.


All those pieces of online success are helpful, but they aren’t enough to keep Meredith’s business growing. She has become more aware over the years that people expect impeccable user experience from her site – and that starts with her infrastructure. After unscheduled downtime that left her feeling that she had put her trust in the wrong outfit, she became more thoughtful about her choice of web host. She switched to a server provider that she felt had the knowledge, experience, security, and support that she needed.


In fact, anyone can have difficulties with their website’s performance that can be extraordinarily costly; when Target’s site crashed on Cyber Monday in 2015, they both missed out on a huge influx of sales and paid for the gaffe heavily on social media.


Online retail sales will hit almost $2.5 trillion by 2018, so having a comprehensive plan for web growth is increasingly critical. To properly address e-commerce, you need a server provider that has the stability and scalability to impress everyone who visits your website.


Here are a few of the criteria that you can use to compare different web hosting companies and find the one that’s the best fit for your business:


Help On-Hand


You hosting service should allow you to get a fast resolution of any support problem. However, there is a huge range of response time between different companies. The difference between a 3-minute response and a 3-hour response can be, in certain scenarios, a difference of 2 hours and 57 minutes of hair-pulling stress, along with thousands in lost revenue.


The fact is, it can be a bit difficult to determine how quickly a hosting service will respond until you test them. When Web Hosting Talk user tnedator first switched to a new hosting company to manage his servers, they started by hardening and optimizing them. An issue with one of his sites resulted in load spikes that made his server unresponsive. The team at the server provider would attempt to connect, ask for a reboot (through a third-party datacenter), make sure the server was live again, and try to determine what was causing the load issue. The “fast and thorough” ticket response, already evident in the first 30 days, gave him confidence that he had made the right choice.


To better understand this kind of ticketing response time in context, tnedator signed on with the new hosting provider specifically for their server management. Unmanaged service can be difficult, as he experienced; although you can still get configuration information from your vendor, you can’t get direct, case-by-case answers from your systems manager.


In other words, tnedator was benefiting, in part, from transitioning to a server company classified as a managed services provider. These hosting companies check that your configuration settings match what is needed for your load; monitor for potential vulnerabilities and breaches; backup your system; conduct patching; and handle similar ongoing responsibilities.


Regular Backup


You need all your information to be backed up periodically if you want your site to be secure. That’s a fundamental business continuity concern: if your site gets hacked or your data otherwise becomes lost or corrupted, that backup gets you back online rapidly. Know that your hosting company is as concerned with backups as you are.




As the CFO of a small Chicago manufacturing business, Pamela was well-versed on proper security practices. Nonetheless, at some point, malware was introduced to her computer, and it represented a very real danger to her company. Whenever Pamela put the web address of a financial institution into her browser, the malware automatically redirected her to a fake site mimicking the bank. A bogus message prompted her to call customer service. After speaking with the agent, $300,000 was immediately transferred out of her account. Acting quickly, they recovered the money. Disaster was averted.


These stories, of course, don’t always end happily, which is why security is critical for your firm. Intrusions can knock your site offline and cause compromise of sensitive user data – an impossibly expensive incident for many businesses and the reason why 60% of small businesses that get hacked are bankrupt within 6 months.


When you look at server providers, select a company that is compliant with internationally respected protocols regarding control of information handling. The gold standard is Statement on Standards for Attestation Engagements (SSAE) No. 16, a set of parameters for hosting companies and similar services developed by the American Institute of Certified Public Accountants (AICPA).


Beyond SSAE 16 compliance, one simple question to ask web hosts relates to password storage. Make sure they are not stored in plain text. Also avoid shared hosting, which can mean that your site gets taken down because of the misbehavior of other users.


Positive limitations


No one wants to see limitations to their ability to grow, but any hosting plan will include them – either transparently or otherwise. For example, a hosting company might try to attract your business by giving away “unlimited” bandwidth or storage for a surprisingly reasonable monthly rate. In these cases, read the fine print. For cheap hosting with “unlimited” promises, expect your server provider to either shut down your site or throttle it once you hit a certain level.




The web hosting company you choose needs to offer the software and equipment that allows it to run and serve your site and content management system installation (WordPress, etc.). You should know that certain features are available through your server provider, by asking these questions:


  • Do they offer the programs and services you need for your site? What are the main pieces of software you need? What are the system requirements for your CMS?
  • Does the web host offer additional services? For instance, do they provide database management, email hosting, and transfers (so you know you won’t have to go out and shop other companies for related services)?
  • Do you have access to cPanel or a similar control panel? Is installation of WordPress or any other CMS straightforward?
  • Does the company help with migration? What is the cost? What types of terms are involved? Will the company give you free migration to move to their company, or will simply switching providers become an unexpected expense?




You want more customers, but you obviously don’t want that to mean that your site crashes. Find out about your potential server provider’s uptime; third-party services should verify that the service has recorded uptime that’s greater than 99.9%.


Customer reviews


Check carefully online for reviews from real customers, legitimate hosting industry professionals, or IT publications that can give you a glimpse into the quality of service. Many reviews are actually advertisements with links to affiliates of the company; so be skeptical in this analysis.




Are you in need of a reliable, fast, and secure server provider? DeWayne Whitaker described Total Server Solutions on Facebook in October 2016: “No matter the time of day, our ‘average’ response time to support tickets is usually under three minutes,” he said. “Support reps are not Level 1 type support, rather they are highly qualified system admins each and every time.” Explore our platform.

Social Media Mistakes for eCommerce Sites

Posted by & filed under List Posts.

People are using social media more and more all the time. Incredibly, nearly one-third of clicking, scrolling, and typing of online users occurs on social networks. On average, we log 116 minutes every day on Facebook, Twitter, and other social channels. Assuming this behavior remains steady long-term, it adds up to 5 years and 4 months of each of our lives! Put another way, we invest more hours in social media than we do in grooming, meals, and even personal face-to-face interaction.


According to statistics highlighted in Social Media Today, daily time spent per user is as follows:


  • YouTube – 40 minutes
  • Facebook – 35 minutes
  • Snapchat – 25 minutes
  • Instagram – 15 minutes
  • Twitter – 1 minute


Given these astonishing figures, it makes sense that businesses are doing what they can to make the most of their social presence. However, posting and hash-tagging effectively can be surprisingly challenging. Errors are made by well-intentioned businesses every day. For e-commerce companies, that means lost sales and possible damage to brand credibility.


The good news related to these missteps is that your e-commerce business can garner a competitive advantage simply by avoiding them. Let’s look at 12 of the mistakes that are the most prominent among companies that sell their goods and services online.


#1 – Presenting Rather than Conversing


Facebook, Instagram, and other social platforms are ready-made environments for discussion with customers and prospects. It helps enormously to lead the way in fostering back-and-forth communication by listening intently, notes Joseph Yi in Ecommerce Rules. Address the needs of your customers as rapidly as you can by checking often for mentions, comments, and messages. By keeping your ear to the ground, you can create more intelligent content that expresses a desire to meet your customers’ needs and expectations.


#2 – Racking Up Thousands of Low-Quality Followers


If you want to pivot social media into revenue, center yourself on behavior that will help you ultimately get more customers and more sales, rather than just gunning for social signals (likes, comments, etc.). In other words, there is not necessarily any value in buying “followers” (which aren’t really followers if they’re for sale) or casting a broad net that undermines your niche focus.


“A quick [or fake] fan isn’t going to translate into more sales,” advises SocialChorus marketing director Dave Hawley, “which is why brands should focus on building loyal, lifelong fans and followers who will become brand advocates.”


#3 – Putting On Blinders to Industry Rivals


The companies that are in competition with you can be a great source of information on social media, says Reshu Rathi of Betaout. Of course, you want your brand to have its own defined and unique angles, but your competitors’ tactics will certainly give rise to ideas – in terms of what to do, what not to do, how to align yourself with your sector, and how to create differentiation.


#4 – Relevance, Your Honor?


Humor can work well if it’s carefully contained and vetted, but be careful about posting anything that might irritate your customers due to its controversial or trivial nature (politics, religion, memes, cats doing nutty things, etc.). If you come across as insensitive or unprofessional – and of course your industry is key in terms of where that line is – expect your reputation to take a hit.


#5 – Disregarding Trolls and Upset Customers


Sure, block users who are hate-mongering or pulling you into their spammy agenda. However, you don’t want to delete or pay no attention to the issue if someone is upset with your product or service. Instead, try apologizing and offering to email them – even if you think their perspective is impolite or unfair. “A simple acknowledgment of a problem can prevent a potential PR nightmare,” notes social consultant Gloria Rand, “and often makes the customer so happy, the company gets a PR boost instead!”


#6 – Waiting to Respond


Along the same lines, it’s important that you keep nearly constant tabs on your social accounts if you want to meet the increasingly fast response that’s expected by customers. For instance, a Lithium Technologies report shows that 53% of people think that a firm should get a Twitter message back to them within 60 minutes (Rathi).


#7 – Lacking a Lead-Gen Plan


Social media must, of course, be approached from a more interactive, community-minded perspective than an ad or sales brochure; nonetheless, it’s still fertile ground for acquiring leads. Write an occasional opt-in post for your e-mail list, for instance. Also, remember you generally want this traffic to move from social to your site; linking to value-driven blog posts in your social posts is the most common way to achieve that.


#8 – Newsjacking Tactlessly


Trending hashtags are typically aligned with current events that are happening right now; in that way, the momentary nature of the present is a key driver of social media. At any point in time, everyone is trying to grab a piece of that real-time mindshare. The problem is that the pace of social media can become problematic. “Without evaluating the implications,” says Vocus social media manager Stacey Miller, “your company risks looking insensitive or ignorant, which can [harm] your reputation.”


#9 – Posting Too Often


Of course, you want to communicate your brand identity and message by posting (after all, you aren’t only on social media to listen). However, if you unleash too many posts, that could result in losing followers. Part of the reason that’s the case is not just that people are seeing your posts too frequently in their feed but that posting excessively inevitably means lower quality-control. For that reason, you want to post during “prime-time” for your particular target group, advises Saatva Luxury Mattress social media manager Nicolle Hiddleston. When are your followers and others you want to reach active in their accounts? Focus posting on quality rather than quantity to some extent. Posting multiple times daily is good, but posting multiple times hourly can backfire.


#10 – Barraging Your Audience with Hashtags


Related to point #4 above about relevance, including too many hashtags on a single post will often lead you far off-topic from your key focus. Relevance is absolutely critical, especially considering that people might be searching that particular hashtag for content related to it (rather than through a newsfeed or elsewhere); those users likely won’t be attracted to anything that’s off-topic. Think of it this way: you don’t just want to be going through a huge array of streams. Instead, it makes sense to square yourself directly toward your audience and provide information they might want to hear. If you do discuss current events, keep your target in mind at all times – but contribute to the discussion (i.e., it isn’t a good place to sell).


If you avoid “meaningless and shameless promotion of your business,” comments Receptional social media director Sarah Bradley, “you’ll find that your online reputation improves and people will trust what you have to say more.”


#11 – Not Having Strong Site Infrastructure to Back It Up


In light of the various mistakes that e-commerce companies can make, social media can start to seem frustrating and even, at times, foreboding. However, it’s clearly an important place (and a great place, in many ways) to interact with potential customers. It’s important because you can develop relationships, and those relationships will eventually drive more traffic to your site.


Once the traffic gets to your site, you need to meet their needs as quickly as possible, through truly impressive speed and reliability – a site with high performance. At Total Server Solutions, we deliver high-performance web hosting for e-commerce.

How to Choose a Managed Services Provider

Posted by & filed under List Posts.

What is an MSP?


In the interest of information security and staying focused on core competencies, many companies choose to work with managed services providers (MSPs). An MSP is an organization that manages the computing needs of customers. Services are performed at a distance and often funded by a subscription, a fee charged each month, although other billing models (such as hourly rates) are sometimes available.


It is also common for credible managed service providers to supply potential customers with a service-level agreement (SLA), a legal document listing parameters of the business arrangement, such as quality and performance expectations.


7 Tips to Choose the Right MSP


There are plenty of companies in this market, so you’re sure to find many options when you need a managed service; but working with the right partner can impact not only security but also key growth factors such as reliability and scalability. Beyond the prerequisite of an SLA, what other criteria do managed services providers need to meet to earn your business? Here are a few tips for selection:


#1 – SLA should be based on performance.


One main benefit you have with a managed services provider is that you can make demands: the MSP has to live up to the stipulations of the contract (i.e., the SLA). Service providers are used to the fact that businesses want the level of control of knowing that they are protected if the services are not provided at a reasonable level of quality. Service providers that are serious about serving their customers will not flinch at having to reimburse customers if their services fall below the levels stipulated in the contract.


#2 – Thorough range of services


There is by no means a rule that you must get all your IT managed services from one provider. However, with the excessive administrative, communication, and other maintenance needs of additional relationships, and with the growing concern of cloud sprawl, it’s nice to know that you can get a full range of services through one catch-all partnership.


Along similar lines, a provider should be able to manage systems manufactured and developed by a spectrum of vendors. With that breadth of knowledge, a highly qualified MSP will be able to customize what it provides as a trusted advisor to each individual customer – handling each one’s diverse elements and concerns.


#3 – Security


A high-priority concern for businesses, data security is also a primary area of computing investment. What is the scope of that concept of security? Here are five of the main areas that must be monitored to maintain a legitimately secure environment:


  • User security – Involves the end users (customers, employees, etc.) accessing your network; their email use and other actions; and their login details
  • Data security – Involves all your information that is in archives or storage (mapped drives, file shares, emails, etc.)
  • Endpoint security – Involves the company’s smartphones, tablets, laptops, workstations, and servers
  • Infrastructure security – Involves the infrastructure and network components (beyond the servers), ranging from firewalls to switches to routers
  • Physical security – Involves physical access to your grounds, facilities, and data centers or technology areas.


The best indicator that a company has sufficient checks and balances in place to achieve a broad range of data protections is the achievement of compliance with respected third-party standards. The most meaningful form of compliance that you can see in a provider is Statement on Standards for Attestation Engagements No. 16 (SSAE 16) Type 2, “Reporting on Controls at a Service Organization,” a standard developed by the American Institute of CPAs (AICPA).


#4 – Preventive management


A managed services provider should not just be keeping your company safe moment-by-moment but give you a strategic stance so that you’re protected for the future. Beyond simplistic monitoring of your system, an excellent MSP will leverage advanced predictive analysis, scanning failure patterns throughout environments and processes. Seeing that your provider is using cutting-edge methods and technologies, such as combining hands-on monitoring with automated programs to control quality, tells you that you are safeguarded and that the provider is continually refining its systems.


A strong provider will be of more use to you if they have a specialized understanding of their niche that clarifies the market – and may even help point the way to new business for your firm.


#5 – Financial stability


Relying on another company for IT services is common, but it is always scary – because you don’t know if they will be around next year. Check how many years the company has been in business. Similarly, make sure that it is backed by people with strong experience. A transparent presentation of authority through leadership biographical information gives you a sense of who is in charge and what kind of track record they have in making decisions related to managed services.


#6 – Use of best practices & expertise


Just as you can get a sense of controls and security through a third-party SSAE 16 audit, you want to know that the MSP is following standardized procedures and best practices in areas such as problem management, capacity, configuration, and report generation.


The provider should have knowledge that extends beyond conventional operating system maintenance. They should understand and be able to help you with cloud, virtualization, mobility, integration, security, high availability, networking, middleware, and databases.


#7 – Consolidated service portal


The managed services provider should give you paperwork related to policies and procedures. They should also have a library of knowledge based on previous customer issues and solutions so that fixes can be implemented immediately in the event of a crisis. You also want a user interface that shows you all your services through one intuitive admin panel.


Example Security Challenge: Law and Change


Since improved security is a core reason that companies use managed service providers, it helps to look directly at that aspect with a sample scenario.


One industry in which companies tend to take a particularly strong defensive posture toward data breach (for obvious reasons) is law. However, even in that highly confidential field, firms have trouble getting complete sign-on with security protocols.


Fundamentally, security improvement requires operational changes. Safeguards slow down the flow of business, which is why the typical reason someone will argue against a protection is that it is tedious or inconvenient.


One specific change that a law firm might put into place is two-factor authentication (2FA) so that there is an additional step beyond the password to log in. That could be a temporary, unique token, or a short numerical code from your smartphone. 2FA is a perfect example of security steps slowing down the process just a bit – which it why it’s important for users to understand why the decrease in speed is worth it.




Given the concern with security and general ease of doing business, many companies decide that they want to work with a managed services provider. Does that describe your organization? Hopefully, the above advice smooths this transition.


If you want to look at a potential MSP partnership now, you can review our offerings. At Total Server Solutions, with an entire platform of ready-built and custom-engineered services that are powerful, innovative, and responsive, you can trust that all our decisions are driven by our relentless desire to help you succeed. See our individual managed services.