We are excited to share with you a sneak preview of the latest expansion to our New York Data Center.

Today we begin construction on our newest POD as we expand to meet the high demand for Cloud Hosting and colocation services.

We’d love to share more with you however there are still multiple tractor-trailers full of equipment, and unfortunately they won’t unload themselves.

However please stay tuned… there will be more information, photos, and even videos to come!

Follow Us :
Share :

Unfortunately, despite the trend, the bugs I’m referring to are not Pokemon.

Instead, they’re easily exploitable security bugs, discovered 15 years ago, that have reemerged, leaving your website or server potentially open to hijackers.

It’s being called the “httpoxy flaw” and it exists in a variety of server software, including PHP, Go, Apache HTTP server, Apache TomCat, and Python. If exploited, it can potentially be used to seize control of your website and access sensitive data.

Httpoxy is a set of vulnerabilities that affect applications running in CGI, or CGI-like environments. Essentially it comes down to a simple namespace conflict. This, in turn, can be exploited to configure outgoing proxies, allowing attackers to remotely execute malicious code.

Red Hat, Microsoft, The Apache Software Foundation, Ngnix, CloudFlare and others have released security advisories in an attempt to warn users of the httpoxy flaw.

Based on the affected software, specific CVE (Common Vulnerabilities and Exposures) numbers have been assigned: CVE-2016-5385 in PHP; CVE-2016-5386 in Go; CVE-2016-5387 in Apache HTTP server; CVE-2016-5388 in Apache TomCat; CVE-2016-1000109 in PHP-engine HHVM; and CVE-2016-1000110 in Python. Researches expect more CVEs coming for httpoxy as less common software is inspected.

Luckily if your website is hosted on TurnKey Internet’s cloud hosting platform (https://turnkeyinternet.net/linux-cpanel-web-hosting/) you are already protected. If you have any questions or additional concerns, feel free to email our support team (helpdesk@turnkeyinternet.net) and we would be more than happy to assist you.

Follow Us :
Share :

WordPress is one of the most popular, third party scripts used on websites.  Each and every time WordPress releases an update or a patch, the reasoning behind the update is publicly released but often its security related.  This is for all developers to be aware and update their code accordingly.  This factor alone, makes your site targeted.  Not to scare anyone reading this, however in a recent study WP White Security reported 70% of WordPress sites are vulnerable to attacks!

The majority of hacked sites are compromised for the sole purpose of sending spam.  TurnKey Internet and other web hosting services cannot guarantee your site will not become compromised due mainly to third party scripted plugins and modules that often modify or alter WordPress in ways that even the main security aspects of WordPress can’t anticipate.   TurnKey Internet makes sure your site is secured against a large scale of attacks and has a restoration plan if needed utilizing our multiple online cloud backup services we offer  with our hosting services .  The last thing a hacker wants to do is spend a large amount of time accessing your site.  The more road blocks, the faster the malicious user will lose interest and move on.

Before I get too far ahead of myself, let me first explain how your site becomes compromised.  I believe this is important when securing your site.  Understanding how malicious users are gaining access and what the user is doing.  While there is a vast scale of techniques a hacker can use, the main way a malicious user will gain entry to your WordPress site was grouped in the following categories by WP White Security:

41% – Security vulnerability on the hosting platform.  Nothing to worry about on TurnKey Internet’s web hosting server platforms, as we are constantly updating the servers with the latest security releases and patches.  As well as keeping all services on the server up to date in addition to having the most advanced firewalls and intrusion detection systems in place.  If you have a dedicated or VPS server and would like to TurnKey to review your server, shoot us a support ticket we’d be more than happy to investigate.

29% – Outdated WordPress Theme which can open security holes

22% – Outdated WordPress Plugins which can open security holes

51% of reported compromised sites are due to an outdated theme or plugin.  This is completely preventable!  When your plugin or theme is compromised, this makes it possible for a hacker to inject an eval base 64 decode code.  This allows the hacker to run a PHP function from the site.  These are PHP mailers the malicious user users to send spam from your account.

8% – Due to a weak password.  This is where brute force attacks are successful.  Hackers use a script to continuously generating random passwords, until they have gained access to your dashboard.

First and foremost, make sure everything is updated to the latest version.  Each time WordPress releases an update, the update is addressing a security threat.  This is why keeping the script updated is important.  As mentioned previously, due to the popularity of WordPress the exploits patched are publicly released.  This allows developers to adjust their coding accordingly.

In version 3.7, WordPress added in the feature to allow automatic updates.  This sounds wonderful, except by default it only applies to minor updates.  The WordPress team did this to prevent sites from automatically breaking when updated.  (Typically this happens if your plugins are not continually updated by the developer.)  You can add the following lines of code to the wp-config.php file and all updates will be automatic.

# Enable all core updates, including minor and major:

define( ‘WP_AUTO_UPDATE_CORE’, true );

Alternatively, if you would like to take control and complete all the updates yourself, you can add these lines instead.

# Disable all core updates:

define( ‘WP_AUTO_UPDATE_CORE’, false );

Since more than half of WordPress sites are hacked due to outdated themes or plugins, be picky as can be with the ones you activate.  Pay attention and investigate the themes and plugins you are using.

Not all plugins and themes are actively maintained by their developers.  Only use plugins that are updated regularly.  If the plugin or theme hasn’t been updated in 6-9 months, there is a good chance the developer is no longer maintaining their theme or plugin.  Stick with WordPress developers.  You can download tons of plugins and themes directly from WordPress.org.

Do you honestly need that plugin?  If it is not necessary for your site, deactivate it and remove it.  Not only does it take your site longer to load, you’re providing more chances for a malicious user to find a backdoor.

Lock down who has access to your WordPress dashboard.  The easiest way to complete this is by adding a few lines of code into your .htaccess file.  As with all aspects of web hosting case sensitivity is important.  Please note where the capitalization is when implementing this code into your .htaccess file.

<Files wp-login.php>

order deny,allow

Deny from all

Allow from 111.111.111.111

</Files>

You will want to exchange 111.111.111.111 with the IP address of the machine you are connecting from.  If you are unsure of the IP, Google “what is my IP” from the device you would like the IP of.

Hey, that’s great but what if I need to access the dashboard from the office and from home?  No worries, you can add additional ‘Allow from’ statements.

<Files wp-login.php>

order deny,allow

Deny from all

Allow from 111.111.111.111

Allow from 222.222.222.222

</Files>

Limit the number of login attempts an IP address can have before your server blocks the IP.  If this is a new install, using Softacoulous, there is an option ‘enable the number of login attempts’ listed in the preinstall screen.  If you have already installed WordPress, I recommend using the Limit Login Attempts plugin.

Do not use the default “admin” username.  On new installs you are given the ability to make the username.  If you already have WordPress installed you can change the username in the dashboard.  Once logged in, access account setting, and click the “change” link next to your username.  From there you can follow along with WordPress to change the username.

Change your passwords often and make sure you are using a strong password.  I know this can sometimes be overwhelming and often hard for some uses to remember.  However, it is extremely important to use.  A good way to remember the password is to use a short sentence or phrase.  Make sure to do something like replace vowels with number or make them capital.

W3bh05t1ngK1ng

1R0ckth3w3B

The above are far more secure than using:

password

123456

Johnny

Change the WordPress default table prefix.  If you’ve noticed all your core WordPress files start with ‘wp’.  wp-config, wp-login, wp-admin, ect.  Changing the prefix can help prevent against SQL injections.

The table prefix is defined in the wp-config file.

$table_prefix = ‘wp_’;

PLEASE NOTE – Changing the table prefix in the wp-config file will not change the tables in the database.

In a fresh install you have the ability to set the table prefix to something other than wp.  If you have already installed WordPress, I have found the iThemes Security plugin to be the quickest way to compete this task.  If you prefer to not have a plugin complete this task, you can do so manually.  It is a bit time consuming and you will need to make sure to rename each WordPress table, update the usermeta table and update the options table.  Of course you will want to backup the database, before making any changes.

Make sure your file permissions are correct.  WordPress states only the following permissions should be used;

Directories should be 755 or 750

Files should be 644 or 640

Your wp-config.php should be set to 600

Your wp-config file is extremely important.  I recommend protecting this file in the .htaccess as well.  To do so place the following lines of code inside your .htaccess file:

<files wp-config.php>

order allow,deny

deny from all

</files>

Speaking of protecting important files.  The wp-includes directory contains the majority of files needed to run WordPress.  There is absolutely nothing in this directory a user will need.  With that being said, I recommend adding the following lines of code to the .htaccess file to protect these files as well.

# Block the include-only files

<IfModule mod_rewrite.c>

RewriteEngine On

RewriteBase /

RewriteRule ^wp-admin/includes/ – [F,L]

RewriteRule !^wp-includes/ – [S=3]

RewriteRule ^wp-includes/[^/]+.php$ – [F,L]

RewriteRule ^wp-includes/js/tinymce/langs/.+.php – [F,L]

RewriteRule ^wp-includes/theme-compat/ – [F,L]

</IfModule>

Block out access to the xmlrcp.php file as well.

<Files xmlrcp.php>

order allow,deny

deny from all

</Files>

xmlrcp.php, this file is the worst!  While the features of using this file sound neat.  (Connect to your blog via text or email, sends tracebacks or pings.) This file has been used to take down a large number of server by implementing DDOS attacks with this file.  You can read more on these attacks here – https://blog.sucuri.net/2014/07/new-brute-force-attacks-exploiting-xmlrpc-in-wordpress.html

Since we are already protecting our files in .htaccess, might want to protect .htaccess as well.  To do use this code.

<Files .htaccess>

order allow,deny

deny from all

</Files>

Great, now my site is secured.  What about that restoration plan you mentioned earlier?

Backup, backup, backup!  I cannot stress this enough! If by chance a hacker is able to break through all these security measures we have put in place, the fastest way to get your site backup is by restoring a backup.

Depending on what service you have with TurnKey, we do provide backups.  However, it is not the responsibility of TurnKey to maintain your backups.  You should not rely on our backups and keep your own backups as well.  Our terms of service allows for you to keep one (1) full account backup stored on the server.  TurnKey recommends taking backups of your account weekly or even daily.  Connecting with an FTP client and storing the backup in a secure location.

While WordPress does off automatic updating services, we have disabled some of the PHP features required for this service to work on our shared hosting platforms.  The reasoning on this, we do not allow for the use of PHP execute.  This is for security purposes.

Inside your control panel you have the ability to take full account backups and database backups.  I strongly recommend doing so.

TurnKey also offers a backup add on service called TurnKey Vault which we highly recommend for anyone with a dedicated or cloud-based server, so you can protect your data If you need any assistance with competing any of the tasks listed in this blog, email our support team (helpdesk@turnkeyinternet.net) and we would be happy to assist you.

Happy blogging!

Follow Us :
Share :

Encryption fills the headlines with stories of APPLE and decoding iPhones – but with all the security challenges and cyber threats today – its getting hard pressed to have a web site, computer, or mobile device and not realize your data is as private as you once thought.  Encryption is what protects (hides) the details of what we do online certain web sites – keeping your private banking or purchasing data (or online traffic hidden) from prying eyes.  But last month a new threat called DROWN was publicized that essentially made it so many web sites you shop, visit or utilize that you thought were secure and private via their https SSL encrypted access turned out to not be so private.

DROWN, standing for Decrypting RSA with Obsolete and Weakened eNcryption, is an xample of a cross-protocol attack that exploits weaknesses in the widely used online encryption protocol, SSLv2.  Using weaknesses in the SSLv2 implementations against TLS (transport layer security) hackers can “decrypt passively collected TLS sessions from up to date clients.” Or in simpler terms, hackers and anyone can see what you are doing, your personal details, and more when you thought you may of been protected by that SSL ‘lock’ protected symbol next to the web site you were shopping or visiting.

TLS is probably the most important security protocol on the internet.  Almost every action you take on the internet relies on the use of a TLS version.  Not just you accessing a web site, but a lot of the back behind the scenes things like email transmission, to database connections, to sending files between servers for backups.

Fortunately, the latest versions of OpenSSL do not utilize SSLv2 connections by default.  However, if your certificate or key is being used in another location on a server that supports SSLv2, you could be at risk.  For example, the mail service (POP, IMAP, SMTP connections).

A DRWON attack would be able to decrypt HTTPS connections, sending specifically designed packets to another server.  If the certificate is on more than one server, it is possible a MitM (man in the middle) attack can be successful.

Isn’t SSLv2 depreciated?  Why is this still a threat?  In the early 2000’s SSLv2 was still supported by browsers, to be used as a fallback protocol.  An attacker could easily trick the browser into using an older protocol.  Thankfully, this is no longer an issue if you are using a recent version of your web browser.

While browsers are no longer supporting SSLv2, most servers still do.  Most servers are configured to use both TLS and SSLv2.  This means both protocols would use the same RSA private key.  Therefore, any bugs in the SSLv2 protocol that use the private key, potentially could affect the security of TLS.

While this all may sound a little scary, as most security vulnerabilities are.  TurnKey Internet takes all security avenues very seriously.  Our web hosting servers and software are always kept up to date.  If your account is on any of our shared hosting packages, you have nothing to worry about.  Just in case, you want to test your sites security against DROWN or the server your account is hosted on.  Please feel free to do so here – https://drownattack.com/#check  You will need to use the IP address your site is living on and not your domain name – which you can easily find by using a DNS lookup service such as http://www.getip.com/.

If you need assistance finding your web sites IP, or reviewing your security  please send us a support ticket (helpdesk@turnkeyinternet.net) and we would be happy to tell you.

 

 

 

 

Follow Us :
Share :

  LATHAM, NEW YORK (November 23, 2015) – Sustainable IT solutions provider TurnKey Internet, Inc. announced today the launch of their 2015 Black Friday Deals offering some of the best cloud services, datacenter facility services, and web hosting offers for 2015.

TurnKey Internet is known for running its eagerly-awaited, industry-leading Black Friday specials, and this year is no different. TurnKey Internet is offering 80% off for the life on nearly every product they offer – cloud servers, disaster recovery backup services, cloud storage, dedicated servers, virtual private servers, cPanel web hosting, Microsoft Windows web hosting, enterprise colocation services, SEO optimized web hosting, and much more. More information can be found at https://www.turnkeyinternet.net/blackfriday/ .

In a bold move in contrast to other companies that exclude or limit their best seasonal deals from existing clients – TurnKey is rewarding existing clients with a loyalty bonus. The loyalty bonus is applied as a free month of service for every previous year of loyalty when purchasing any new services during this Black Friday promotional period. This gives existing clients access to deals greater than 80% off when factoring in the free loyalty bonus months of service included.

“We love our loyal clients and I’m truly excited to expand our loyalty bonus during our Black Friday promotion.” Remarked Adam Wills, CEO of TurnKey Internet. “While most companies offer only their best deals to new customers, we shake up that model and put the customer first. TurnKey is focused on giving back to our loyal clients with added bonuses on top of access to the very best cloud hosted services. Last year exceeded all expectations- and I am happy we are offering deals like these to our valued clients and potential new clients across the globe. “

About Turnkey Internet

Founded in 1999, TurnKey Internet, Inc. is a full-service green data center and leading provider of sustainable web hosting and IT solutions. From its SSAE 16 Type 2 and ENERGY STAR^® certified facility in Latham, NY— New York’s Tech Valley Region —. TurnKey offers cloud-based hosted services, web hosting, communication services, web-based IT systems, software as a service (SaaS), enterprise colocation services, and computing as a service to clients in more than 150 countries. For more information, please call (518) 618-0999 or visit www.turnkeyinternet.net/media.

 

 

Follow Us :
Share :

While you may have been urged by Drupal to update your software late in 2014 due to SQL injection attacks in compromised Drupal 7 sites. Drupal has released version 6.35 and 7.35 to address a few newly discovered vulnerabilities within their software.

Listed in an advisory by Drupal’s security team, Drupal stated one of the vulnerabilities they are addressing has allowed password reset URLs to be forged. This allows malicious users to gain access without knowing the password.
In Drupal 7 this vulnerability is segragated to sites where accounts have been imported or edited in ways that will result in the password hash, in the database being the same for multiple user accounts.

In Drupal 6 this vunlnerability can be exploited on sites where administrators have created multiple user accounts with the same password. As well as where accounts have been imported or edited in ways that will result in the password hash, in the database being empty for at least one user account. Drupal 6 sites having an empty password hash, or a password with an easily compromised string in the database are extreamly prone to this vulnerability.

The second vulnerability Drupal’s team has patched is the ability for malicous users to devise a URL, sending visitors to a 3rd party website.

Drupal modules use a destination query to redirect users to a new destination after completing an action. Malicious users can use this destination parameter to construct a URL that will fool users by redirected them to a 3rd party website. Several URL related API functions in Drupal 6 and 7 can be fooled into passing through external URLs when that was not the intention, leading to open redirect vulnerabilities.

This vulnerability is has been down played as a large amount of the destination parameter are not vulnerable to the attack. Although, all confirmation forms built using Drupal 7’s form API are vulnerable! Drupal has also stated some Drupal 6 confirmation forms are vulnerable too.

Drupal versions affected:

Drupal core 6.x versions prior to 6.35

Drupal core 7.x versions prior to 7.35

How to rectify these vulnerabilities? Update to the latest versions.

If you use the Drupal 6.x upgrade to Drupal core 6.35

If you use the Drupal 7.x upgrade to Drupal core 7.35

For those using TurnKey Internet’s Web Hosting with Drupal can simply login to your cPanel control panel, click on the Softaculous icon, and update your drupal version from there as well as from the Drupal Control panel of your installated copy on your web site.  If any questions contact our customer service team, or keep posted on our help desk at http://helpdesk.turnkeyinternet.net/

Follow Us :
Share :

Did you know in August 2014, Google announced that HTTPS would become a ranking credential? This is news worthy of mention and note as Google rarely reveals ranking criteria – and more so confirms that the SEO optimized hosting at TurnKey in fact  does raise your rankings for SEO systems (at least with google, now confirmed).

You can read more about Google’s comments here:  HTTPS as a ranking signal here. [PDF ] 

HTTPS is an added layer of encryption that Secure Socket Layers on top of HTTP or web traffic. This adds additional security to standard HTTP communications or web communications. SSL certificates are required for
e-commerce sites especially if you’re desiring your site to be PCI compliant. You can see my post on PCI compliance here: https://blog.turnkeyinternet.net/web_hosting/pci-dss-compliance-in-the-cloud-for-web-sites-servers-and-colocation/ .   Having an SSL certificate  is essential on an ecommerce site because of the secure transmission of sensitive information like credit card numbers, personal information, and login accounts.

If your website or blog begins with https://, you have likely received an uptick in Google’s rankings. This is currently a lightweight signal meaning that it doesn’t affect your site rankings greatly, but experts believe it will become stronger in the near future.

To turbo charge your web site’s rankings, be sure to use SSL certificates with a dedicated ip address on your web site, TurnKey offers an all-in one ‘turnkey’ solution to this to help you increase your search engine ranking with our Turbo SEO cPanel Web Hosting that bundles in multiple dedicated class-c ip’s and ssl certificates for one low cost in a simple to use interface.

Do You Need an SSL Certificate for Your Website?

REQUIRED: All websites should have some form of protection on them. This form of protection can come in many forms, however, if you’re going to be taking any type of data from your customers such as credit cards, phone
numbers, emails, or any personal information, you need to ensure that the data is transferred securely. SSL’s remain one of the most robust ways to do this.

As an online merchant, it’s your responsibility to make your customers’ private information is secure. If you are storing credit card information in a database on your website so you can manually charge it later, then you need an SSL certificate to secure the credit card data stored on your server. If you have any sort of log-in form where customers enter a username and password, on top of sanitizing the input from the user, a SSL certificate is highly recommended.

NOT REQUIRED: An SSL certificate is optional if you don’t gather personal information and instead forward your customers to a 3rd party payment processor like PayPal. This can be done as simply as embedding a PayPal button to your website. PayPal uses their own certificate to encrypt customers transactions.  HOWEVER, you can still benefit with SSL for search engine rankings, so it’s worth the investment but not REQUIRED for this category.

What Webmasters Should Do Now?

Decide the kind of certificate you need: single, multi-domain, or wildcard certificate. (More on this in a minute.)
Use 2048-bit key certificates. Use relative URLs for resources that reside on the same secure domain. Use protocol relative URLs for all other domains. Don’t block your HTTPS site from crawling using robots.txt. Allow indexing of your pages by search engines where possible by avoid the noindex robots meta tag.

Purchase an SSL Certificate from TurnkeySSL.com

Turnkey Internet is a trusted reseller of GlobalSign SSLs. The GlobalSign SSL certificates includes domain validation, quick issuance, re-issues among many other options such as adding a full trusted bar in your browser that allows visitors to see your SSL is trusted across the web.

Turnkey Internet has multiple types of SSL certificates for secure communication with business, system, portals, mail and more.

Our TurnKeySSL alpha certificate  is ideal for small business, blogs, and personal websites which costs $29 per year.

The TurnkeySSL Professional certificate is  ideal if you wish to have multiple subdomains covered (example: corp.yourdomain.com and web.yourdomain.com). This Pro level SSL certificate has full organization vetting which provides higher levels of trust and includes a malware site scan service. This is also preferred for service providers and SEO companies. $150 per year.

Lastly, TurnKeySSL Extended Validation (EV) Certificates are the most secure and offer visitors the green bar and enhanced sales. It also includes malware site scan service. The green address bar that comes with a TurnkeySSL Extended certificate prominently displays your company name, providing immediate trust and improving customer conversions. This certificate is $899 per year.

Keeping your certificate always up to date is recommended as you never want your clients receiving any SSL warnings when purchasing a product from you. Ideally,you would set the certificate to auto-renew annually. You can always check the expiration date by clicking the padlock symbol and then “View Certificate”. Test your entire checkout process in Firefox, Google Chrome, and yes, even Internet Explorer.

Once again, you can go directly to turnkeyssl.com to purchase any of the mentioned SSL types above

To turbo charge your web site’s rankings, be sure to use SSL certificates with a dedicated ip address on your web site, TurnKey offers an all-in one ‘turnkey’ solution to this to help you increase your search engine ranking with our Turbo SEO cPanel Web Hosting that bundles in multiple dedicated class-c ip’s and ssl certificates for one low cost in a simple to use interface.  Learn more
Until next time…

Follow Us :
Share :

LATHAM, NEW YORK (November 17^th, 2014) – Sustainable IT solutions provider TurnKey Internet, Inc. announced that it has launched their all new high-performance enterprise-class SEO Optimized cPanel Web Hosting platform.  The newly launched cPanel based Search Engine Optimized Web Hosting platform takes performance, speed, and efficiency to a new level, and combines up to 80 Unique Class-C IP Addresses and Secure Socket Layer (SSL) Certificate Technology to give SEO minded web masters and web professionals the greatest possible advantage to high rankings within Google’s search engine system.

 

TurnKey’s SEO Optimized cPanel Web Hosting leverages the combination of ultra fast servers with unique and diverse IPv4 and IPv6 addresses utilizing Secure Socket Layer (SSL) Certificates to provide what Google announced August 6^th, 2014 as a key ranking signal for higher search engine results.  Google’s announcement of web sites that utilize this technology and methodology to receive preferential rankings within the Google Search Engine system has been leveraged by TurnKey to provide a one-stop complete SEO solution to help web masters and web professionals succeed online.

 

At the core of the cPanel based Search Engine Optimized Web Hosting are TurnKey’s lightning fast servers powered by Intel’s Multi-Core Xeon CPU technology providing up to 32 CPU cores combined with ultra-fast Samsung SSD solid state drives attached via Raid-10 redundant connections.  Each cPanel SEO Hosting Server produces over 600,000 DISK IOPS (input/output operations per second) and accesses Gigabit Bandwidth (1000 up x 1000 down)  throughput with direct connections into TurnKey’s Juniper powered BGP4 redundant network infrastructure housed within TurnKey Internet’s SSAE 16 Type 2 Certified and ENERGY STAR^® designated datacenter in New York.

 

 

“This new SEO hosting service provides the most innovative technologies in today’s market combined with enhanced performance over traditionally hosted web sites.  This all adds up to give our web hosting clients the absolute best advantage in the competitive search engine ranking market place.” Said David Conboy, TurnKey Internet’s Director of Client Services. “This is the most innovative, highest-performing SEO hosting configuration on the market, and a ground-breaking alternative to the other hosting options out there.”

 

The TurnKey cPanel SEO Optimized Web Hosting platform is a top-of-the-line hosting solution for webmasters, businesses, and individuals alike that want blazing fast response times from busy web sites and applications like WordPress, Drupal, Joomla, high-traffic blogs, and any expansive database drive web site.  For more information on TurnKey’s new high performance SEO web hosting service visit:

 

https://turnkeyinternet.net/turbo-seo-hosting/

 

 

About Turnkey Internet

Founded in 1999, TurnKey Internet, Inc. is a full-service green data center and leading provider of sustainable web hosting and IT solutions. From its SSAE 16 Type 2 and ENERGY STAR^® certified facility in Latham, NY—New York’s Tech Valley Region—TurnKey offers web hosting, communication services, web-based IT systems, software as a service (SaaS), enterprise colocation services, and computing as a service to clients in more than 150 countries. For more information, please call (518) 618-0999 or visit www.turnkeyinternet.net/media.

Follow Us :
Share :

Follow Us :
Share :

  If you are asking today if your business is ready for a Black Friday Rush, it may already be a bit late to change your preparations for this year – but it’s still good to take a look.  Online businesses and brick and mortar businesses have a lot in common, they both are trying to capture that surge of traffic around the busiest shopping season of the year.

Black Friday got to this place of massive discounts and big glitzy promotions over the last 25+ years due to the basic supply and demand equation.   Since the early 1980’s the amount of brick and mortar retail floor space across the United States has increased on average 4% year over year, yet the population has only increased roughly 1% each year.  In short, there are more stores and items to shop than 25+ years ago on a per person basis (more supply and less demand).

 

According to Gallup, consumers estimate they will spend just $704 this holiday shopping season, on average. This is down from 2012, when the average consumer said they would spend $770.  All this is leading to more businesses competing for customer attention by using glitz, glamor and of course massive discount promotions to lure you in.  Black Friday is the big event of the year for many of these retailers – online, and brick, and mortar alike.

 

Online businesses are of course more recent to the ball game than the brick and mortar retail stores – but similarly compete for the attention of online buyers, and often have similar showcased promotions this time of year. Similar to brick and mortar retail stores, the online businesses have to fight that same supply and demand concept to get as many potential clients eye-balling their products and services versus their competitors – and its common to see deep discounts, promotions and low pricing to lure your attention.

Planned promotional strategy is the official term in business speak, but the reality for healthy well run businesses is wisely used discounting to bring new and existing clients to the store or web site.  It could be that $100 TV door-buster to get you in the store which in turn leads you to spend extra money on accessories and other high profit products (say special audio visual cables that have massive mark ups that help balance out the profit of selling that $100 TV door-buster).  Buy 1 get 1 free, 75% off black Friday discounts, super-sized upgrades, etc are all part of a well run business utilizing discounts to grab market attention.

Retail stores run into problems during the big rush for black Friday because literally there are more people than their stores can handle waiting at the doors, too busy a show-room floor for people to browse, and too few discount items (say that $100 TV at the door) to go to everyone who wants one – which can lead to customer dis-satisfaction and even hinder the overall goal which is for the business to make a profit by having the client browse all those high-mark up accessories next to the discounted items.

 

It’s crucial any business be ready for the potential rush.  Online businesses are no different, and online businesses have the extra ability to handle larger sudden volumes of transactions as long as their ecommerce system, web site and back end servers can handle the traffic spike during the busy season.  The last thing you want to do is be selling buy 1 get 1 free offers, and have your web site so slow that the consumer won’t stay in the shopping cart check out process to browse the profitable add-on items you are using to make up the profit margin.  It’s essential to plan ahead, have a fast and reliable web site, good back end cloud-based servers that can scale on demand and provide reliability when you need it most.  You don’t want to be caught with all your clients trapped outside the store with no way for them to get in and shop when it counts most, online or in-person at your retail location.

So if you are an online store, brick and mortar, or selling via online auction sites – plan ahead and be prepared for the Black Friday Rush.

 

 

Follow Us :
Share :