How to Prepare Your eCommerce Website for the Christmas Season What you need to do in terms of speed, scalability, and security to get your website ready for an influx of visitors around the peak shopping season. by section.io
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
How to Prepare Your eCommerceWebsite for the Christmas SeasonWhat you need to do in terms of speed, scalability,and security to get your website ready for an in�uxof visitors around the peak shopping season.
by section.io
INTRO: THE BUSIEST SALES SEASON OF THE YEAR
Lorem ipsum
Website security for ecommerce sites
Each year the end of year period seems to roll around more quickly,
For retailers, end of year sales promotions beginning in mid-October and go all the way through post-season blowouts in January. In the Australia and range of these sales include: Click Frenzy, Black Friday, Cyber Monday, Boxing day, Vogue Online shopping and more.
Is there a downside to this growth in ecommerce during the end of year period? Not if your website is prepared, but each year some stores lose customers, revenue and brand reputation because they haven’t properly prepared their site for the increase in visitors.
Even large websites are not immune to this issue: Just this year Amazon crashed under traffic on its Prime Day, Ticketek had issues through AFL final ticket sales and many more.
Retailers need to be more prepared than ever for mobile and omnichannel shoppers, and several weeks of sustained sales and promotions.
Website security for ecommerce sites
Website security is also even more crucial than usual during the holiday season, when cyber criminals are waiting to take advantage of the increased number of online transactions, and Distributed Denial of Service (DDoS) attacks can be triggered easily due to the high number of visitors already on websites. In September 2018 we saw thousands of Magento sites hacked.
Websites of all sizes see spikes in traffic, consistently higher visitor counts than usual, and increased hacking attempts as more transactions are being processed. While ecommerce sites spend months designing end of year merchandise and coming up with marketing and promotional plans, all of that work is rendered useless if your website goes down in the middle of a traffic surge. Even if your website stays up, a slow down in page load time will result in fewer pages viewed and less revenue.
This guide will go through what you need to know about website speed, scalability, and security as your ecommerce site heads into its busiest season. The preparation you do in the months, weeks, and days leading up to promotions and the month of December will prove its ROI when shoppers come around and are greeted with a fast website and seamless shopping experience.
WHY PERFORMANCE MAT TERS DURING THE HOLIDAYS
Website performance is often talked about in relation to ecommerce websites, but the generic term “performance” could mean different things to different people. After all, you could argue that your website doesn’t perform well if the conversion rate is poor or users are bouncing at a high rate. In this context, when we talk about website performance we’re discussing the speed of your website and the ability for your site to maintain high speeds at any scale. That means your website should stay fast even when experiencing traffic spikes and a higher volume of traffic overall, both of which situations are likely to come around with holiday sales and marketing campaigns.
Why does performance matter? In terms of scalability, it’s pretty simple: If your site goes down due to a higher volume of visitors than it is used to, you’ll immediately lose revenue and trust from customers. Even a short period of downtime in the middle of a key event like Click Frenzy will undoubtedly cost you in both lost transactions and a poor ROI on the marketing dollars you have spent to get visitors to your website.
It can be a bit tricker to quantify the impact of website speed on user experience and your revenue, but several studies have showed a clear effect. Large ecommerce websites have found that speed results in fewer sales: Amazon found that revenue dropped 1% for every 100ms slowdown in page load time, and Walmart found that page speeds of 1-2 seconds were twice as likely to convert as page speeds of 3-4 seconds. Google has also studied the impact of page load time on user experience and found that bounce rate is higher for slower pages. On mobile the numbers are even more stark: over 53% of users will leave a page if it hasn’t loaded on mobile in 3 seconds.
section.io’s own studies of ecommerce sites of all sizes support the findings from larger websites. By running A/B tests with Adore Beauty, the leading online beauty store in Australia, we found that visitors viewed more pages, bounced less, and converted at a rate 16.5% higher when they went through a faster website.
Another section.io study which looked at over 100,000 page views from a number of websites shows clearly that page views are higher and bounce rate is lower for faster loading pages. For users with an average page load time of 2 seconds, the average bounce rate was 9.61%, whereas those visitors with a 4 second page load time have a bounce rate of 17.1% and those with a page load time of 7 seconds have a bounce rate of 32.3%.
The number of pages viewed is also affected by page speed, an important metric to ecommerce sites as more pages viewed means more products viewed. section.io found that the number of pages viewed consistently goes down as page speed increases, and those with an average page load time of 2 seconds view 8.9 pages on average, while those with an average page load time of 7 seconds view only 3.7 pages.
Website security for ecommerce sites
Website security for ecommerce sites
MEASURING YOUR SPEED AND SCAL ABILIT Y
Measuring Website Speed
When your website is doing additional traffic during the busy holiday season, it’s even more important to think about how your page load time will affect number of pages viewed and bounce rate. To start preparing your website for the holidays you should first measure your current website performance and think about which metrics need to be improved. The best way to measure your current page performance is by using a Real User Monitoring tool such as New Relic or section.io’s RUM.
Real User Monitoring uses a JavaScript snippet to measure how your visitors are experiencing page load time under real-world conditions. Data can usually be broken down by device and connection type and will show various metrics including time to first byte, start render time, and front end load time. While Google Analytics includes a small amount of RUM page speed data it is not detailed enough to be very useful when determining what parts of your website to optimize. Google includes only one “page load time” metric and this metric is from a sample of only 1% of visitors, which can heavily skew data.
If you don’t currently have RUM metrics you can get free monitoring for 2 weeks from section.io - just contact us to get set up. Another option is to use synthetic monitoring data, which is less precise because it collects data synthetically rather than from your actual visitors, but has some benefits as you can run a synthetic test anytime. We recommend WebPageTest as a free synthetic measurement service, which will provide a number of metrics along with a waterfall view of how your page loads. The waterfall view shows what elements are blocking the rest of the page from loading and which images or other objects are taking longer to load. Google’s Developer Tools will also show a waterfall view of page load time under the “Network” tab.
Whatever service you use to get a baseline measurement of performance you will want to look at a few different metrics:
Page load time: The time from the start of the initial navigation until the time the page is fully loaded in the web browser. This metric will be the longest since it includes all the steps to load your page, but it’s important to look at the smaller metrics to understand where your page load is getting slowed down the most.
Time to First Byte: Also known as the HTML document load time, is the time in which the HTML document (the key to starting any page drawing in the browser) starts to be delivered to the web browser.
Start Render Time: The initial point in time in which the first non-white content (anything that is different from a blank page) becomes visible and is displayed on the web browser.
Document Complete or Document Content Loaded: When the HTML document has finished loading but other elements such as images referenced in the HTML document are still being delivered.
Website security for ecommerce sites
While all these metrics combined will give you a good picture of how your pages are loading, the most important metrics from the above are Time to First Byte, Start Render Time, SpeedIndex, and Page Load Time. Time to First Byte indicates how long your back end server is taking to deliver the HTML document, and a long TTFB means a visitor is looking at a blank page that hasn’t yet sent any information to the browser. We recommend aiming for a TTFB of 200ms or under, which is achievable when you have the HTML document cached. If your TTFB is over 1 second you should look to improve this metric before the holiday season starts.
Start Render Time indicates when content starts appearing on the page, which is important since the visitor will see that the page has begun to load, and this metric should be as fast as possible - we recommend 1.5 seconds or less given how quickly users will bounce if a page doesn’t load in 3 seconds.
SpeedIndex is a little-understood but very useful metric that looks at how the page loads in the browser and how the user will experience page load time. You can read our full explanation of how SpeedIndex is calculated, but it essentially looks at what content loads on the website and how complete the page “feels.” For example, if your page prioritizes loading images above the fold then your page would appear faster even if the below the fold content is not yet loaded. The lower SpeedIndex score the better - fast sites will have a score of 5,000 or under.
While total Page Load time by itself doesn’t give a great indication of how the user has experienced your page speed, it’s still a useful metric to look at. Given the metrics we presented above, you should aim for a total page load time of 2-3 seconds and look for areas of improvement if it is longer.
Measuring Website Scalability
Measuring scalability of your website is quite difficult, which is why we recommend you use the tools outlined below to prepare for high traffic loads during the holiday season even if you think your website will scale well. No scalability measurement tool can fully predict how many visitors you will get to your website during a peak time. You should look at your peak traffic levels during last year’s holiday season to get an idea of the percent increase you will experience during holiday sales, and then apply that percent to your average traffic this year. However, you could outperform all expectations so should prepare your website and servers for even higher numbers.
If you do choose to measure scalability the best way is using an advanced tool such as New Relic. You can also perform a load test to get a basic view of how your website will perform with higher traffic levels. There are many tools that perform load tests. Similar to synthetic performance measuring, these tools will send high volumes of virtual users to your site all at once.
Fully Loaded Time: The time from the initial navigation until there are 2 seconds of no network activity after Document Complete. This will include any JavaScript activity that is triggered after the main page load.
SpeedIndex: SpeedIndex examines the the progress of how the visible page loads and derives a score for how quickly the content appeared. A lower SpeedIndex score indicates better user experience with how your page is loading.
Website security for ecommerce sites
While load testing will show you if your website will fall over quickly under pressure, it is impossible to predict how your visitors will browse through your website. Variables such as user browser types, bots performing crawls, malicious bots, user locations, user network speeds, number of pages viewed, browser caches, actual checkouts or add to cart actions and more make for a huge number of options to consider when building scripts to generate and run a simulated load from a valid distribution of real browsers.
Load testing can be quite expensive and at best will give you only an indication of some of the areas that need to be improved for peak traffic. At worst load testing can give you misleading results, and either way how your site performs under peak traffic will be quite different from how a synthetic load test reacts.
Website security for ecommerce sites
How to keep your site online under unlimited traffic
KEEPING YOUR WEBSITE FAST AND ONLINE IN PEAK TR AFFIC
A layered approach is key to keeping your site online under unlimited traffic. Simply implementing the first step below will ensure you are always online and transacting, as time permits you can then implement the additional optimisations to further improve concurrent users you can sustain:
1. Implement a Virtual Waiting Room
A virtual waiting room, is a solution that enables you to maintain control of the traffic on your website even during periods of extreme traffic.
The implementation of a virtual waiting room enables you to route a nominated proportion of users to a virtual waiting room where they can remain while other users successfully navigate, engage with and transact with your website.
You are able to adjust the number of users on your website and also deliver a branded experience (which can involve discount codes or other marketing content) to anyone waiting.
The implementation of waiting rooms can be something you build and host yourself or a feature from an Edge platform.
Once you have implemented a virtual waiting room you are now set to handle unlimited volumes of traffic, the focus then moves onto enabling as many users as possible to browse and transact on site at once - Which is where dynamic content caching comes into play!
Website security for ecommerce sites
WEBSITESERVER
Edge Point Of Presence (PoP)
Edge Platforms store dynamic content as close as possible to the user
2. Implement Dynamic Content Caching
The most expensive (In time, server CPU, $$$ and almost any other metric) thing that your website does is generate HTML documents. These are called Dynamic Content objects as the application in your hosting environment builds a unique version for every single web page request.
To enable your website to serve as many users as possible you need to make the delivery of HTML documents as fast (and cost effective) as possible - Enter Dynamic Content Caching!
Dynamic Content Caching is the storing of HTML content in a cache (the cache can be implemented in a range of locations with the ideal scenario being as close as possible to the user requesting the page)
When the HTML document is cached whether your website has 100 or 10,000 concurrent visitors, the number of requests to your back end server will stay the same. This is especially important when holiday sales launch or a marketing email is sent out that can cause a large number of visitors to come to your website at once.
Varnish Cache is an open source caching solution that can be deployed on your servers or in an Edge Platform for maximum performance
Website security for ecommerce sites
HTML Document Requests
Serv
ers
need
ed
Time
12
10
8
6
4
2
0 12am 12pm 12am 12pm 12am 12pm 12am 12pm 12am 12pm
Peak tra�c
Average tra�c
HTML document not cached
HTML document cached
3. Review hosting environment
After you have implemented Dynamic content caching, this is the correct time to review the hosting environment. Reviewing the hosting environment before implementation of dynamic content caching is premature as the offload acheived by effective caching totally changes the server requirements (often making hosting costs much cheaper).
The following diagram demonstrates the difference in server requirements when HTML
With appropriate caching implemented your hosting environment then only needs to focus on uncachable actions - such as add to cart and checkout.
If you are expecting significant add to cart or checkout activity you can review autoscaling the number of servers in your enviornment according to load or simply having some additional resources ready “just in case”.
Website security for ecommerce sites
Once you have made your site highly available no matter how much traffic you receive, it’s time to make things fast!
There are several key areas to work on here:
1. Dynamic Content Caching
Again, Dynamic Content Caching comes to the rescue! The first thing that happens in every pageload is the delivery of the HTML document. If the HTML document is delivered slowly, it doesnt matter how fast the images and other content are downloaded you have already lost the battle for a fast website!
2. Image Optimisation
Image optimization is one of the most important things to do to improve the performance of your website. Ecommerce websites often have very image-heavy pages that can result in slow load times. You should first examine the number of images on your home page and other landing pages. If there is a chance to reduce the number of images you have on each page you should consider removing some images so the total page load time is shorter. If you are unable to reduce the total number of images on each page you can cache images using one of the solutions discussed above, or minimize the size of each image.
When sizing images you should keep in mind the maximum size they will appear on your website, and consider using an adaptive website platform that generates one image size for mobile and another image size for larger desktop resolutions - Gulp is one tool that will do this. Remember if you resize images within HTML (for example
“width=500px”) that will not reduce the size of the image that a user has to download.
Another option for improving page load time if your web pages have a large number of high quality images is to employ lazy loading. Lazy loading will first load the images that are above the fold so that it appears the page is fully loaded before it is actually complete. This feature will load images as a user scrolls down the page, so if you have a long page with many images below the fold the user will not need to load those images unless they actually navigate to the lower portion of the page. This both improves the perceived speed for the user and reduces load on your server as it is not generating images that are never viewed.
Some content delivery solutions will offer image optimization as one of their tools - at section.io we offer Google’s PageSpeed module, kraken.io and Cloudinary which performs a variety of front end optimizations including image resizing, lazy loading, CSS minification, and JavaScript deferral.
Keeping your site fast
Website security for ecommerce sites
3. Static Content Optimisation and Browser Rendering Improvements
There are several other types of files that can be improved in addition to images. An important feature is to minify CSS, JS and HTML: CSS and HTML files need to load before your page is viewable, and many CSS and HTML files have unnecessary code if they have been edited a lot or not properly coded. Every extra space and line will add to the load time of your website. Minifying these files will flatten them so that superfluous code is removed and the file size is reduced. Google’s PageSpeed module will do this for you and there are several other free tools for minifiying HTML, CSS, and JavaScript.
Manage 3rd Party JavaScript: Having many 3rd Party JavaScript snippets is one of the most common ways web pages get slowed down. These snippets can measure user behavior, add recommended item modules, and provide valuable metrics. However, they are also a huge burden for web pages to load - each snippet connects to a different host and if they are
We recommend regularly checking the 3rd Party JavaScript that is installed on your website, as often snippets are kept even if the information they provide is no longer being used. You can also use tools like PageSpeed to defer JavaScript so that it does not delay the loading of critical page components, and use the “async” tag to load JavaScript asynchronously.
Website security for ecommerce sites
PROTECTING YOUR SITE FROM AT TACKS AT PEAK TR AFFIC TIMES
If your servers are already struggling to keep up with high volume traffic during a holiday sale, a
malicious actor could take advantage of that and take your site down more easily due to the organic
There are other security considerations during the holiday season too.
scraping bots from competitors may kick into high gear as products go on sale more often so they can
keep up with your offerings and prices. Bots can also hold or complete a purchase of the in-demand
items that often sell out during the holiday season, keeping your real visitors from getting a fair
chance at the gifts they are looking to buy. If you send a marketing email advertising the launch of a
hotly anticipated item and sell out immediately due to a high number of automated bots, customer
trust will decrease and some shoppers may not return to your website.
A secondary impact of malicious bots is that they can significantly change the marketing analytics
you track, making you think that certain advertisements or keywords are performing well in terms of
click-through rate when they are really only attracting bot traffic. This can cause you to lose
marketing spend if you invest in certain areas due to the bot traffic.
Attackers can also take advantage of the higher number of credit card transactions going through
your website and try to intercept them or attempt to login using the credentials of your real visitors.
Hackers may think fraudulent transactions will go unnoticed during such a busy season and make
in a loss of revenue for your website when the purchase needs to be refunded to the true account
owner.
maliciously
access your website using known vulnerabilities will likely go up during the holiday season. Every
platform out there has a range of vulnerabilities known to attackers, and if you have not kept up to
date with security patches the holidays are a great time for hackers to try to get into your website.
Luckily, there are several steps you can take to protect your website during peak traffic times. The
first section of suggestions are security measures you should absolutely put in place before the
holiday season, and most are quite simple to implement. The second category of security fixes are
recommended for all sites and will more fully block bots, attackers, and DoS attacks, however may
take more time and effort to implement.
but is especially crucial during the holiday season when you are experiencing
higher-than-normal volumes of real traffic. As we mentioned above, your
website can go down due to an influx of real visitors that your servers are
unable to handle, and these extra visitors also make your site more
susceptible to Denial of Service or Distributed Denial of Service attacks. DoS
attacks are just an overload of malicious visitors or requests to your website,
and look the same as a large amount of real visitors. If your servers are
already struggling to keep up with high volume traffic during a holiday sale, a
malicious actor could take advantage of that and take your site down more
Prepare for the Holiday Season
Prepare for the Holiday Season
may not protect your site from particularly large or sophisticated attacks (see the following section for
those solutions), these will ensure you are taking regular steps to protect your site and your customers
during the holiday season and into the rest of the year.
Scan your website for security vulnerabilities: The first thing you should do when examining
your website security is to do an audit of where you currently stand. There are many tools that
will scan your website for malware and known vulnerabilities from platforms including
Sucuri and Quttera.
Once you know what your vulnerabilities are, you can start patching them and evaluating what
additional tools your site needs to block threats.
Another way you can examine your site for potential threats is to look at your logs. If you use a
log management tool or ELK stack logs (a combination of ElasticSearch, LogStash, and
Kibana) you can search logs to see where requests come from and identify if your site is
getting unusual requests. For example, if you sell exclusively in the US and get a lot of
suspicious traffic from other countries, you could see that and try to block that traffic from
accessing your site.
Use SSL/TLS encryption for your entire site:
encryption protocol on their payment pages through the payment gateway they use, however
(which has an 59% market share on desktop) will label your site as insecure in the URL bar if it
also improve SEO.
Qualys SSL Labs tool to evaluate the quality of your SSL
configuration. You should aim for an A+ rating which indicates the certificate itself is valid, and
that the protocol support, key exchange, and cipher strength are also strong. Just having an
are deployed and if your certificate is expired it could also expose you to attacks and harm
your reputation with customers.
Stay on top of security patches: 44% of attacks are because of known vulnerabilities in the
platforms websites use. Some bots will scan your website regularly for vulnerabilities so that
an attacker can take advantage of those found without manually searching. Always stay up to
date on patches for these issues, which will be in a developer or security section on the
risks.
Prepare for the Holiday Season
Use strong passwords and 2-factor authentication for admin accounts: Administrator
accounts are particularly vulnerable to hacking attempts by bots or individual attackers. You
should regularly audit the people who have administrator access to your website or database
a strong, randomly generated password that is unique from any other logins is important.
If you can enable 2-factor authentication for logins that will go a step further in protecting your
administrator accounts. In addition, there may be platform-specific steps you can take to
bots can continue to try login combinations. To protect yourself from this, you can enable
brute-force protection.
Be PCI Compliant:
required to be
security standards to protect your customers when they are submitting payment details online.
There are several levels of verification depending on the number of transactions you process
each year, ranging from a full network-level assessment to a self-assessment for smaller
merchants.
server network, Content Delivery Network, and payment gateway (such as Stripe or
Use trusted platforms, extensions and themes: It is crucial that you stay on top of updates
for the platforms that you are using. In addition, you should use trusted platforms, extensions,
and themes as these can open you up to vulnerabilities: Last year ecommerce platform
Magento found that several third party extensions were at risk of SQL injection attacks.
52% of
and 11% coming from themes.
To find trusted themes and plugins that are less likely to have vulnerabilities, download directly
can also check how many other extensions a company has created, the number of downloads
or reviews each extension has, and the length of time they have been creating extensions as a
good indicator of if they are a trustworthy business.
expect a high growth in traffic over the holiday season should strongly consider getting more
Networks are often thought of as website performance tools, CDNs provide network-layer security
Below we lay out the different types of advanced website security available to ecommerce websites,
and how you should go about choosing between solutions.
Web Application Firewalls:
specific websites, rather than traffic between servers which traditional firewalls inspect.
and acts as a proxy for the website origin server so that it can inspect traffic and either block it
or pass it through to the origin.
websites and apps from unknowingly letting hackers into their system or sharing user data.
ModSecurity and many
others base their initial rulesets off of the
10 list, which has published a list of the top website attacks since 2003. The current list can be
viewed here.
known for a high number of false positives which block your legitimate users - not something
you want during the holiday season.
Prepare for the Holiday Season
set initial rules and continue to adjust them according to traffic patterns they see. This takes
they are not blocking threats.
There is a new batch of security solutions which take away some of the pain of traditional
information such as location, device, time, and on-site behavior. By removing the rulesets that
traditional solutions use, modern systems can stay one step ahead of attackers as they do not
know what rules are being used against them. In addition, legitimate traffic that might set off
one rule in a rules-based traffic is let through.
Bot Blocking:
attacks, some ecommerce sites who are particularly hard hit by bad bots will want to deploy a
amount of effort to manually update blacklists.
to any vulnerable pages on their website which will force
users to prove they are human by solving a problem or typing out a word. Although this is
effective at keeping out bots, it can also lead to a decrease in conversion rate. Newer solutions
like make it easier for legitimate users to pass through a verification
There are other basic bot blocking tools available for specific ecommerce platforms, often
deployed as extensions, which will make it easier to manage bad bots while allowing in the
use rules to determine if a user is real or a bot, which can block legitimate traffic while at the
same time failing to catch newer types of bot attacks.
On example of a more advanced solution is , which blocks bots while protecting
real shoppers by giving each visitor a “Risk Score.” This score is based on behavioral analysis
that includes factors such as mouse and click movement and timing, unusual web application
requests, and hidden clicks. These techniques are able to defend against even the most
sophisticated bots that use real browsers to take over accounts and can slip past older
security methods.
Distil Networks is another popular bot mitigation tool which uses machine learning to defend
against bots without you having to manage rules manually. They look for anomalies in your
Prepare for the Holiday Season
Content Delivery Networks: As mentioned earlier, CDNs are popular tools for both website
performance and security. Reverse proxy software deployed within a CDN can cache content,
the performance and scalability benefits mentioned earlier, by deploying a CDN for your
Network protection: Since Content Delivery Networks intercept traffic before it hits
Depending on the CDN you use, this DDoS protection may be backed by industry
addresses) through their platform even if you have not deployed a specific security
on your origin server which again protects your origin from large-scale attacks.
Because the security of your website is linked to how much content you are able to
cache, we strongly recommend using a solution which caches both static objects like
images and dynamic content like your HTML document. Modern solutions including
section.io make this simpler than older CDNs like Akamai, and section.io has the
added benefit of a local development environment so developers can test their
configuration before pushing to production.
CDN Security Solutions:
are deployed within the CDN as reverse proxies. Using a Content Delivery Network for
network-layer protection along with another security tool can be beneficial as it brings
your performance and security into one platform. This can save you cost compared to
having separate CDN and security solutions, and will also make it easier for your
developers to manage.
Content Delivery Network you choose includes the tools necessary to view traffic and
quickly adjust security settings when needed. To properly manage security for an
ecommerce site, you should have access to detailed, searchable logs, real-time
metrics, and the ability to fully tune your solution without engaging professional
update security rules, and see how your new configurations are impacting traffic to
This will also enable your team to quickly identify, troubleshoot, and resolve any
problems that arise using a DevOps workflow. Unfortunately, many Content Delivery
Networks do not provide this level of detail or integration with DevOps and Agile
logs for all reverse proxies deployed within the network, detailed metrics and
monitoring, code-level configuration control, and a local testing environment.
Although modern CDNs provide some of these features,
is the only solution to provide all of the above including a virtual machine so
developers can tune their security and test configurations before pushing them to
production.
In addition, we recommend using a CDN that is open and flexible in the security
the more appropriate solution for your websites, or decide you want to upgrade from a
and allow you to switch security solutions when necessary. section.io offers a library
of reverse proxies for both security and performance and allows customers to add or
change proxies.
Prepare for the Holiday Season
Network protection: Since Content Delivery Networks intercept traffic before it hits
Depending on the CDN you use, this DDoS protection may be backed by industry
addresses) through their platform even if you have not deployed a specific security
on your origin server which again protects your origin from large-scale attacks.
Because the security of your website is linked to how much content you are able to
cache, we strongly recommend using a solution which caches both static objects like
images and dynamic content like your HTML document. Modern solutions including
section.io make this simpler than older CDNs like Akamai, and section.io has the
added benefit of a local development environment so developers can test their
configuration before pushing to production.
CDN Security Solutions:
are deployed within the CDN as reverse proxies. Using a Content Delivery Network for
network-layer protection along with another security tool can be beneficial as it brings
your performance and security into one platform. This can save you cost compared to
having separate CDN and security solutions, and will also make it easier for your
developers to manage.
Content Delivery Network you choose includes the tools necessary to view traffic and
quickly adjust security settings when needed. To properly manage security for an
ecommerce site, you should have access to detailed, searchable logs, real-time
metrics, and the ability to fully tune your solution without engaging professional
update security rules, and see how your new configurations are impacting traffic to
This will also enable your team to quickly identify, troubleshoot, and resolve any
problems that arise using a DevOps workflow. Unfortunately, many Content Delivery
Networks do not provide this level of detail or integration with DevOps and Agile
logs for all reverse proxies deployed within the network, detailed metrics and
monitoring, code-level configuration control, and a local testing environment.
Although modern CDNs provide some of these features,
is the only solution to provide all of the above including a virtual machine so
developers can tune their security and test configurations before pushing them to
production.
In addition, we recommend using a CDN that is open and flexible in the security
the more appropriate solution for your websites, or decide you want to upgrade from a
and allow you to switch security solutions when necessary. section.io offers a library
of reverse proxies for both security and performance and allows customers to add or
change proxies.
CONCLUSION AND STEPS TO TAKE BEFORE THE HOLIDAYS
of your website you could end up losing shoppers and revenue on what should be the biggest
revenue-generating time of the year. Online shopping for holiday presents is becoming more and more
complete transactions during this time. At the same time ecommerce shoppers are becoming more
impatient when it comes to issues like website speed and overall user experience on a site, and are
likely to leave your site (and perhaps visit a competitor site) if your pages are not loading slow enough.
time can cripple your business, and malicious bots can provide price and product information to other
websites so shoppers looking for a deal buy product elsewhere.
To ensure you are ready for the holiday season, we recommend starting to take some of the actions
outlined in this guide by mid-September. This will give you time to measure your current performance
and scalability, make any needed updates to your back end, front end, and security setup, and test
and deploy your new configurations with plenty of time to go before Black Friday.
If you decide to switch hosting providers or use a content delivery solution to help improve your site
performance and security, this will also give you time to research options and make changes before
have plenty of time to make sure they are acting as expected and positively impacting your speed,
making any major infrastructure changes.
make them, we recommend finding a tool that can help you improve several areas of your website at
picking a content delivery solution, you should think about the tools they offer (do they offer a choice
level of control given to your developers. A fully configurable CDN llike section.io with real time logs,
metrics, and a local testing environment like section.io will give you the best results any time of year,
including during the holiday season.
Prepare for the Holiday Season
Get the best in website security and performance with section.io
Need help implementing the tips above? section.io is an Edge PaaS that works with leading ecommerce brands including Appliances Online, Booktopia, Accent Group, City Beach, and Thrifty Car Rentals to help keep their sites fast and secure during times of peak traffic. Websites on section.io have seen traffic spikes of over 20x their normal levels during sales and Christmas promotions and stayed consistent in terms of website performance.
section.io gives users a choice of website performance and security tools to speed up and protect their website, including Varnish Cache for caching, PageSpeed, for front end optimisations, Threat X for intelligent threat blocking, ShieldSquare for real-time bot mitigation, Signal Sciences for next-generation security, and ModSecurity for a rules-based WAF.
In addition, section.io provides many core features, including a global server network, SSL certificates, HTTP/2 ELK stack logs, real time metrics, real user and synthetic monitoring, and a local development environment, all included at no extra cost.
Contact section.io at section.io/contact us/ to learn more about our Edge PaaS and see a demo of our product.
Related Documents
