Here is where you will find some great tips and tricks to help optimize your x-cart storefront. From simple code tweaks to advanced modifications, we hope to have quite a collection here before long.

The first tip is actually a recommendation for an add-on module. The module is the Dynamic Search Engine Friendly URLs mod available from John at SafetyNetWeb. We have had great success with this module (you can see it in action on Bella Lucce), as Google in particular really likes the search engine friendly links it creates. The mod is available here, and John will even install it for you! I can't stress how important this add-on is in the world of Search Engine Optimization.

Search Engine Optimization is one of those topics that is covered in detail all over the web (see seochat.com for starters), but I thought it would be handy to have a checklist on how to optimize X-Cart itself. This assumes you have already done your keyword research, analyzed your competition extensively and started an inbound linking campaign. In no particular order:

1. Install X-Cart in the root directory of your site so that www.yourdomain.com goes directly to the front page of X-Cart.

2. When you are uploading new products, make sure the product descriptions have a good keyword density. Also try to use your keywords in the product title.

3. When uploading detailed images, add keyword-rich content to the ALT area. Also, use keywords in the image name, and upload the images to the server first and browse to them from there so that X-Cart does not rename them.

4. Use Category descriptions (under "Categories") as well as the META data for them.

5. Use h1 tags in appropriate places, but don't over-use them as that will defeat the purpose. They are meant to be used to show the element with the most importance on the site, so don't use them around your whole product description. I recommend using it around the dialog title element in dialog.tpl, and the product title in your products.tpl or products_t.tpl. Format the .h1 element in skin1.css so that it fits the design and color scheme of the site.

6. Put a keyword-rich paragraph or two on your home page. To the search engines, this page carries the most weight, so it really needs to have text, not just images.

7. Use the HTML catalog option built into X-Cart, and generate it in the root directory. If you are using the HTML catalog, you MUST block php pages from being indexed or you will be penalized by the search engines for duplicate content. Read through this forum for threads on how to block php pages using robots.txt.

As an alternative to the HTML catalog, I highly recommend this add-on:

http://www.safetynetweb.com/Dynamic-Search-Engine-Friendly-URLs-pr-1.html

This gives you the same benefits of the HTML catalog as far as the Search Engine Friendly URL goes, but you won't have to re-generate the catalog daily. Also, it comes with a nice little robots.txt file that does everything you need it to do.

8. The title tag is one of the most important tags on your site. Ideally, it should have a nice descriptive title for the home page (instead of just company name), and then use only the product name/category name when you navigate to those pages. There are a few mods in the X-Cart forum that will accomplish this. Also, you should replace the :: seperators with - as some search engines do not like non-standard characters.

9. META Tags - some say these are useless, but Google still uses the Description tag for the text that displays under your listing, and they certainly can't hurt. By default, the META tags are filled out with X-Cart junk, so if you don't change them before your site gets indexed, your site could very well be listed with them. Change them in General Settings/SEO options. Don't SPAM these either. The Description tag should be 1-2 sentences, the keyword tag should be 12-15 words/phrases. You may also want to consider this mod that allows you to specify META tags for each product.

10. It is best to have all of your traffic coming to either yourdomain.com or www.yourdomain.com, not both. This will get all of your traffic going to www.yourdomain.com. Put this in your .htaccess file:

Code:
# REWRITE RULES
Options +SymlinksIfOwnerMatch -Indexes

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L]

Just replace example.com with your domain. FYI, your .htaccess file is in the root directory of X-Cart.

NOTE: Only use this if you are using your own SSL certificate. It will not work with a shared certificate!

11. Create a site map on your site, as well as an site map to Google Sitemaps using this site.

12. Upload your products to Froogle/Google Base using the built-in module.

13. Add alt text to the product thumbnails. I use the product title by default. Also name your thumbnails with keywords in them and use the same method for uploading as I mentioned for detailed images.

That's it for now...I'll add/edit this post as things change (they always do) or if I think of anything else. As I mentioned above, this is not a comprehensive guide to SEO, as there are many things you can do to help your site OUTSIDE of X-Cart (pay per click advertising, attaching a forum/blog to your site, linking campaigns, etc).

There has been an awful lot of talk about the new release of X-Cart - 4.1. While it has a number of significant improvements (such as images for each option/variant, wholesale pricing for products with variants and an improved checkout process) we are not recommending that it be used at this time. Essentially it is still in Beta, as there are a number of bugs still present. Typically X-Cart releases their software early and lets the users work out the bugs. Unfortunate, but the way it works.

So, we do not recommend either installing or upgrading to this branch until it is deemed stable, probably a few months out yet. As an example, version 4.0 was not considered 'stable' until 4.0.12, and version 4.1 is currently at 4.1.2. Still a ways to go yet! Plus, we are now on 4.0.19 of version 4.0, so even when a version becomes stable, there are still bugs :)

While X-Cart is a pretty good product right out of the box, there are a number of add-on modules (both free and paid) that make it even better. There are literally hundreds of add-ons available, but below is a list of ones that we think are 'essential'. Some of these link to third party vendors, some link to the X-Cart forum:

The first one without a doubt is the Dynamic Search Engine Friendly URL mod by John at SafetyNetWeb.com. I have mentioned this one before, but I can't emphasize enough what a difference this module makes from an SEO (Search Engine Optimization) standpoint. What it does is take a typical X-Cart url (such as www.yoursite.com/product.php?productid=1) and dynamically rewrites it to be search engine friendly - www.yoursite.com/Product-Name-p-1.html). Search engines love this because it gets the ? out of the url and adds keywords, which is key.

Next is the EZ Upsell module available from Carrie at BCS Engineering. What this module does is add a 'confirmation' screen when you add an item to the cart. The page shows a thumbnail of the product with a 'You have added this product to your cart" along with a 'Continue Shopping' button and 'Proceed to Checkout' button. Below this is an area that will display any upselling items you have linked to the product. A 'You may also like...' kind of thing. This is the candy at the checkout counter theory...people are more likely to buy something if it is presented to them.

From an SEO perspective, the ability to add custom META data for each product and category is very important. X-Cart automatically generates this data for you by default, but it is much more beneficial to have full control over it. These three FREE mods will do just that:

Product META Tags
Category META Titles
Static Page META Tags
Manufacturer META Tags

Another important SEO addition is a local sitemap such as this one from Phil at X-Cart Mods. He also has some nice flyout menus and other misc mods available, many for free!

The way images are displayed in a site is extremely important, as people want to see as much detail as possible, as easy as possible. One of the best ways to display detailed images I have seen is via the Thickbox method. Here is a great integration guide.

One of the keys to a successful e-commerce site is to be in touch with who is visiting your site, where they come from, what they look at while they are there, and where any potential problems are with the checkout process are. The best tool to do this with is Firetank's Marketing Manager Pro. This will give you all of the information you ever wanted about your store's statistics and visitors.

Here's one of the things that should be included in the default X-Cart package, but is instead an add-on - the Advanced Order Management module which allows you to edit/modify orders. More important than you think, especially if a customer calls to change something, or if you have to adjust an order due to a pricing/shipping problem or a stock problem.

These are the modules we typically recommend as 'essential'. There are plenty more add-ons available, most of which can be purchased from Carrie at BCS Engineering.

One of the most common issues I find when working with a new client is that they have no idea what is happening with the credit card data from their customers. This is something that just can't happen in today's world of E-Commerce. As you may have read, there was a major 'hack' of a large company last year, in which hundreds of thousands of credit card numbers and personal information were stolen. This was because the company did not have the appropriate security in place to protect that data. After a long legal battle, the company was ultimately responsible for paying for the reissue of credit cards for all of the customers affected, and for the fraudulent charges made on some of those cards. The Credit Card companies are serious about protecting their customer's cards, and they will now go after you if your data is stolen. For a small business, this can mean the end of your business.

For those of you running X-Cart sites, the best advice I can give is to NOT store credit card data at all on your server, let your payment gateway folks handle that. Unfortunately, X-Cart by default is set to store credit card data in the database, even if you have a payment gateway. To fix this, open up config.php (in your root directory) and change this:

$store_cc = true;

to this:

$store_cc = false;

That will prevent credit card data from being stored in your database.

I have included an article below which was recently published on practicalecommerce.com which outlines the basics of PCI Compliance:

The major credit card issuers created PCI (Payment Card Industry) compliance standards to protect personal information and ensure security when transactions are processed using a payment card. All members of the payment card industry (financial institutions, credit card companies and merchants) must comply with these standards if they want to accept credit cards. Failure to meet compliance standards can result in fines from credit card companies and banks and even the loss of the ability to process credit cards.

There are six categories of PCI standards that must be met in order for a retailer to be deemed compliant.

1. Maintain a secure network.

This standard refers to the actual network that cardholder data is exposed to. In the case of an online business, the most obvious vulnerability for this standard is the web server. Luckily, most hosting companies take responsibility for ensuring the security of their networks. However, there is more to this standard than meets the eye. Do you keep cardholder data (even just names) on a laptop that you use on public networks? Does your office network have a firewall installed and reasonable security measures in place?

In short, whenever any personal information about a cardholder is stored on a computer (which is also connected to a network), that computer is behind a firewall and all reasonable measures have been taken to protect that particular network.

2. Protect Cardholder Data

This category focuses on how cardholder data is stored and transmitted. Business owners that choose to store cardholder information have an obligation to protect that data. Protecting information means that not everyone can access that it. Businesses that store actual credit card numbers will often store them as encrypted data, so that even if someone got access to the database they still could not decipher the information in it.

Ecommerce businesses need to be especially critical of the way that cardholder data is transmitted. When a customer makes a purchase on a website, his/her cardholder information is sent across the Internet. During that transmission, cardholder data must be encrypted with at least a 128 bit SSL certificate in order to meet this standard.

3. Maintain a Vulnerability Management Program

This one is relatively simple, and translates to keeping up to date with your systems. Vulnerability exposure can be minimized by regularly updating computer hardware, operating systems and software. Keeping up to date anti-virus software, as well as running regular virus scans, is another requirement to meet this standard if your systems are susceptible to such vulnerabilities.

4. Implement Strong Access Control Measures

The most exploited breach in security is the human element, which is harder to protect. Part of meeting PCI compliance means limiting access to cardholder data to only those persons that need to use it. In addition to restricting physical access to cardholder information, business owners are also responsible for assigning a unique identification to each person that does have access.

5. Regularly Monitor and Test Networks

Networks that store cardholder data be monitored and tested regularly. Regular scans of security measures and processes, monitoring and tracking of network access to cardholder data are required to satisfy this standard. Consider signing up for a security testing and auditing service, such as ScanAlert's Hacker Safe program, which can help you to identify and fix potential security problems as they arise.
Advertisement

6. Maintain an Information Security Policy

Considering that humans are generally the easiest part of a system to hack, and also that ignorance does not relieve liability, it's important to draft and implement a company-wide information security policy. Make sure that your employees know and understand their responsibilities with regards to cardholder data before it becomes an issue.

The first step in PCI compliance is to meet the above standards. Credit card companies and financial institutions validate that vendors are abiding by the regulations, giving them ratings based on their volume of transactions. The rating that a company receives determines the process that they must go through in order to be validated. Next month, we’ll take a look at the four validation ratings, and what each rating means to a company.