The documentation is provided for a general audience of the platform. However there are differences in implementation and nuances unique to every project. This page is simply a check list for the admin, to ensure they have knowlege specific to their system.

Essential Details for access

  1. Admin Link + Credentials
  2. FTP Details
  3. Which folder to upload product images to
  4. Which folder to upload CMS files to. Like Home page banners etc.
    On website updates, some folders are refreshed and replaced. Hence it is important to know which folders you can upload to, to avoid losing data. These folders are used by the developer(s) to supply some base images etc for the website that will always be there on any install. Ideally these can be marked READ-ONLY on the file system by admin to prevent the user from uploading files to them in the first place, but that may not always be the case.
  5. Understand Dynamic URL parameters for landing pages
  6. Documentation link
  7. Link to CPanel (if any)
  8. Check email address used by ETL process
  9. Check email address for System generated emails
  10. Check email address on any emails sent to customer. Check by doing a test order
  11. Ensure Payment gateway works on all Payment Gateway providers
  12. Know Image sizes for all content and product pages
  13. Check images from URL's in Facebook (login via your FB account and use tool) See this
  14. Check how to use and put UTM codes for campigns See this
  15. Access to your CDN (if any)

Run through check list

  1. Run thorugh the ETL process flow to update products and their images
  2. Run thorugh the ETL process flow to only update product information
  3. Run thorugh the ETL process flow to only update images
  4. Update details via Catlog
  5. Check Catalog Inventory
  6. If the project uses a CDN learn how to operate and update it + check CDN Admin panel

Project specific Checklist

  1. Special URL's like International Payment Link, Collections Link etc.
  2. Special folders where files go and their purpose. Like Catalog, collection banner images, home banner images etc.
  3. Restrictions when naming files. Example avoid hyphen or delimiter characters in file names that maybe mentioned in the URL itself.
  4. Know where your organization stores all the product images. You should have a local backup/copy of all your content images and specially product shoot original files. Whats maintained on the web is only optimized version that too for current products on display, older ones maybe deleted to save server Disk Space. Server disk space is more premium and you need to rely on local organizational backups.

Business owners Checklist

When going online, a business owner must be careful about security. We go beyond normal protocol to ensure your site is safe.
Security is not just technical (we do out best technically); but also on your behalf as a business owner. Its like you can have the best security systems, but if you forget to switch the alarm on or leave the door open then you are always vulnerable. The following should help you avoid common mistakes:
  1. Ensure your corporate identity is not using any particular employee email address but generic ones like, This impacts customer perception and also prevents security faults where an employees account maybe lost, locked or compromized.
  2. When registering for third party services, avoide using employee specific accounts and names. Use a generic one but not one of your corporate identity. This is because the third party service may spam your email address with their own news letters and marketing material.
  3. Whenever an employee is leaving, please ensure proper handover and training. We have provided documentation but there are other check-lists mentioned in this document that your employee should maintain and hand over. You should check such check-lists exist in your organization. See the check-lists in previous sections.
  4. When sharing passwords with vendors or employees of sensitive accounts like DOMAIN, please be sure to change the password once the access is used by them.
  5. Always ensure you know where all your data and images are. In the event of a disaster, one can always recover very quickly if these are known and up to date.
  6. Any admin access to website, each user and employee should use their own account handle. Furthermore everyone should change their password first time afer login. This way there is more accountability on anyone making changes.

Finding out what went wrong with a customer

Sometimes, the customer may report a problem that you may not be able to solve and need to escalate. Proper communication of the problem is essential. Please keep the following in mind while escalating an issue:
  1. Ask or note the date and time the customer experienced the issue. Note, when the customer reports it is not as important as when the customer experienced the issue. Simply based on the time we maybe able to look into our logs and find the exact problem.
  2. Send a screenshot (if possible), of the issue. Its is preferable to do a COPY/PASTE of the content on the screen rtaher than jsut a screenshot. If its an admin problem you can do this.
  3. Send the URL / Link of the page with the issue. Copy paste this in TEXT format.
  4. Ask the client what device and browser they were using at the time the problem occured.

Authorization & Security

The Admin should not share their username or password with anyone. If someone requires access, we can create another account for them with proper defined roles & autohrizatons. This is impostant because all admin logins and changes are audited. The person logged in is accountable for the changes they make to the system and hence identification of the individual who is logged in should be mapped to the real person and not a proxy.
When a person leaves the organization, the persons account should be deleted.

Beyond site Admin Accounts

The rules above should extend beyond the site admin and in general be practiced through an organization (in general). This also implies any email accounts should be in the name of the organization and not an individual.
For example: is acceptable, but is a bad practice.
You can always setup mail forwards from a particular account to other accounts. For example if all customercare mails have to goto Tanya, then setup a mail forward from customercare to tanya. This also has several other technical and businss advantages, like the email address put in the users address and avoid being marked as SPAM etc.

Similarly, Analytics like Google Analytics accounts should be in the name of the company gogle account. If anyone needs access, then the company can add them via the Google Admin.

Periodic Security Review

The organization should ensure the following:

Periodic Support Tasks (performed by Hosting & Developer)

The people maintaining the site for you perform the following activities from a daily to monthly level, depending on type of project and support plan:

Admin Access for non SSL sites

To ensure basic security of admin, even if your website does not use SSL, we *may* ensure admin pages work on an https protocol.
SSL costs money if one was to procure a genuine certificate from an issuing authority. Which makes sense if real customers or visitors were sharing personal infromation on yoru website. However for websites that do not have such a need, the admin still needs to be secured. So we employ SSL but we create a self signed certificate. Meaning, the certificate is not authorized by any 3rd party. In our case thats OK, since for admin internal purpose only you do not need that added verification.

If your site is using a self signed certificate, you maybe prompted with the following type of browser confirmation. Proceed and add the certificate to your browser in the process, so that your browser will not annoy you with the same next time.

The reason why the following screen appears, is because the SSL is telling the browser this is meant to be a secure connection and it technically is. However it lacks the validation from a third party attesting it is genuinely secure. For practical purposes, in this case your data transmission is secure.

Admin Handover

When the admin is changing or handing out, the organization should keep in mind the following:

  1. All items on this page (check list) are handed to the new person
  2. Handover training should start atleast 1 week before last day of work
  3. Inform the developers atleast 1 week before last day of work
  4. Ensure the list of users who should not have access to the system, is communicated to developer or orgnaization, so their access can be revoked

Miscellaneous Topics

Google Analytics Setup

Setup an Account : Always use an official ID and not a personal ID to login into
Setup a Tracking Code : ; share this code with us along with the tracking script (in text format).
Add us as a observer, so we can help (Optional) : Our account id to add is

Google Maps Standard API access

Some projects may use Google Maps. Their maps may need a key to run on the server. Please obtain a ket using your google account by following these instructions.

Site Email and SPAM issues

Sometimes you may feel or your customers may complain that they have not got an email. Please follow this check list to determine the problem:

  1. Do a bogus or test transaction to check if you or the admin gets an email. Be sure to also check your SPAM folders.
  2. If no one gets an email then report the issue to the developer.
  3. If some people get an email and some dont, be sure that the mail is not going in SPAM.
  4. If the email is going to SPAM folder, then you may want to advise your customers to add your sending email address to their address book. You could display this as a message soon after a user completes some activity that sends an email. Like on a Thank you page after registration or payment.
  5. If your email is going as spam, additionally you can contact your IT or ask the Hosting company or Admin to add an SPF record to the DNS. An example of an SPF record is   TXT     "v=spf1 ~all"
    or   TXT     "v=spf1 +a +mx ~all"
    ...where is the IPv4 address of the server you want to ensure is recognized as a legit source for emails, in this case
    You can learn more from here.
    There is more on SPF records here and
  6. Ensure no one else knows any system account information to your mail server. It is important the mail server be protected by a username/password.

Naming best practices

If a name is used to uniquely identify a document or some content or artifact then some special consideration should be given to avoid potential problems.
The reason is that computers use some special symbols that mean special things to them. For example in a URL (link), #, &, ?, =, / have special meanings. A simpler analogy is a file on your computer where "." implies an extension. Example some_file.jpg. One can always call a file some.file.jpg but then this name is prone to hazard as now the computer does not know if the file extension is .file.jpg or just .jpg. Similarly there are other scenarios that we will not get into for now.
Try to follow the below check list when dealing with resource names or names used to identify system content.

Data practices

When filling in data please be aware of the following:

Wierd symbols

If you notice some funny looking characters aka symbols, appearing on your screen as part of the name of a product, or title or anywhere in content. For example: ? appearing, where it should be a currency sign like . This is an encoding issue.

Typically an encoding issue creeps in when there is a mismatch or use of characters or letters in the Data/Content from another system that is not web friendly or compatible with the device viewing the characters. The following scenarios will help illustrate how this happens in reality:

Example Scenario Web Page

Lets assume you are using some foreign language symbols in your content. Even if the server is displaying it correctly on your browser. Once published, another computer may not support the required character set. This is similar to using a font that is not safe.
Solution: Ensure the page encoding or the site encoding, supports the required character set you are using or avoid using the characters. For emails one can see this article.

Example Scenario Systemn Update

Lets assume, you are importing data via Excel in an ETL process. The excel or file, contains some system specific symbols, that are legible on your computer but on loading it into the server. Via the admin panel on your browser you can already see the symbol is getting corrupted. This scenario suggests there is an encoding problem between the File and the Web/System format. This is in other words a data or system encoding issue. Solution: Ensure the file is saved in UTF-8 format. (default system supported format). If there is a need for another format then that needs to be communicated to development and tested thoroughly.

Example Scenario Email

Unfortunately emails are very restrictive (restricted by the mail client), in how much control we have on rendering them. A good email needs to be safe for all the clients that render it. Here the only real way of ensuring there is no problem is to ensure you use Web Safe characters. Solution: Use escaped symbols to represent content rather than the symbol.

Page encoding

Page encoding refers to ensuring the page supports characters that are outside the system defined encoding standards. This ideally should not be required as it can result in other inconsistencies across a site, but its more a HACK measure than a solution. In this one ensures the following:

(needs HTML knowledge)
You can apply the encoding via the CMS in the page headers. Put the meta tags or any CSS imports in that section.
Page Headers

Site encoding

Similar to page encoding in the way it works, but this applies to the entire website. This is a better way as it ensures consistent handling of characters throughout the website. This should be performed by the developer or you can make these changes in the website template via the Template Editor or raw HTML template files.

System encoding

You need to fix the data in your file/input to use UTF-8 encoding (whatever the system default character set and encoding is). Or talk to your developer if this will be more prevalent across your data.

Host level control

Here is how you have a deeper level of access to the core website files and structure. Before you access or modify any file or setting please be sure to read the following disclaimers also.
Any fault due to changes via CPanel, SSH or any software that operate at a host or an operating system level are not covered under AMC.
Any fault due to changes in core website files which have not been provided by us, are not covered under AMC. To also maintain proper process it is advised (but not mandatory) that changes be uploaded with developers consent.

You can also access files via FTP or File manager, if you have CPanel purchased with your Host plan.

Back to Top