Spree Commerce

Try It Now

Turn your Customers into a Community

Posted on August 25, 2015 by Alexander Diegel

Customer retention is one of the keys to ecommerce success. In fact, one report states that increasing customer retention rates by just 5% can increase profits anywhere from 25% to 95%. But how do you keep your current customers buying again and again? Nothing’s fail safe, but one proven strategy is to use your social media profiles to create a rich and vibrant community.

Creating an active and engaging social presence will turn your customers into true fans, brand ambassadors that are eager to see your new product/company news and share it with their friends and family. Competitors can offer similar products, but creating a community gives you an advantage over the other retailers. Some of the fastest-growing names in ecommerce have put this theory to the test and have reaped the rewards.

While getting customers excited to buy your hot new item sounds simple enough, best practices include more than just posting about new products. Take surf and beach retailer Surfdome, for example. Surfdome, recently sold to Surfstitch for $16M, has nearly 50K Twitter followers.

How did they get there? Not by merely posting photos of new surfboards and wetsuits, but turning its Twitter account into a great follow for all fans of surfing. Scroll the feed, and you’ll see GoPro videos from surfers mid-action, photos of surfers making their way through ridiculously huge waves, and yes, the occasional link to a new product. They also make an effort to tie in a trending hashtag of the day with surfing/beach fun, like this one for #RelationshipGoalsin3Words:

What Surfdome has created is a “one-stop shop” for surf fans. They’ll get news, cool pictures and videos, and associate Surfdome as an awesome place to buy surfing and beach gear. Personally, I’m a little top heavy for surfing, but if it were my thing Surfdome would be a must follow for me, and I’d quickly become a fan of the brand, not thinking of going anywhere else for a new board or wetsuit.

Stumptown Coffee, generators of approximately $40 million in annual revenue, follows a similar path. While a GoPro video of someone sipping a Stumptown brew might not be quite as exciting as surfing a big wave, Stumptown’s Twitter feed is filled with fans tagging their favorite coffee brand, as well as retweets of satisfied customers.

While you can’t get much different than a coffee and surfing retailer, you’ll notice a similar strategy between Stumptown and Surfdome. They create the community first, and plug the products second. One guaranteed way to lose a Twitter and/or Facebook follower is to shamelessly share your products again and again.

Instead, whatever industry you’re selling to, post and retweet fun and interesting news relevant to that industry. If you’re a sports retailer, get in on the Little League World Series action. If you’re in the beauty and makeup industry, post about fashion. Creating an active blog doesn’t hurt, either, as it will provide you with another outlet to funnel brand fans to your site.

However you do it, they key to gaining customer retention is staying industrially patient and not over-posting about your own products. To paraphrase “The Voice” from Field of Dreams, if you build the community, the sales will come.

PrestaShop vs. Spree Commerce: Dueling Online Storefronts

Posted on August 20, 2015 by 3llideas

About the Author

Ivan is a content and marketing manager for 3llideas. 3llideas is a development agency with years of experience in ecommerce. 3llideas has launched Spree Commerce stores for businesses around the world, spanning a range of industries.

There’s a new dual amongst platforms that can bring any business online: PrestaShop vs. Spree Commerce. Sure, if you’re thinking of developing an online store, PrestaShop is one of the names you’ve heard before, along with Magento, another competitor to Spree Commerce.

What does PrestaShop have to offer that Spree doesn’t? Today, we’ll do a quick comparison between the two, focusing on each storefront’s key features, respectively. Whether you’re looking for a new online store altogether or you’re just looking for alternatives to PrestaShop, this article’s for you.

Price:

Both storefronts are free to download, both upon installation and use, thanks to both options being open source. So, both can be modified without much issue, in order to adapt to business requirements.

PrestaShop has a large amount of pre-built modules and themes, and can be installed within the PrestaShop store the same way as a WordPress plugin; upload, activate and configure. Spree Commerce involves a technical level of understanding because, despite a wide variety of modules and adaptations already built, you still need to be an expert in Ruby installation and development.

In PrestaShop, there’s a great volume of modules and themes, though most cost extra, while all of Spree’s extensions are free. Spree is cheaper, and provides the assurance that your store will be easily adapted for any future needs thanks to one of its key features: greater scalability.

Development and Expansion of Software:

We’ve already touched on this in the previous point, but let’s expand on it: the main difference between the two ecommerce platforms are the maintenance and development costs. Developments in PHP (PrestaShop’s programming language) require countless lines of code, which increase complexity, thus being less effective than Ruby on Rails (Spree’s.)

Obviously, your shop may already have enough with the extensions provided from PrestaShop, but you won’t be receiving a customized solution. And we know the importance of brand awareness for retailers: a store must always distinguish themselves from the competition.

Ruby on Rails provides greater power and flexibility with fewer lines of code, resulting in improved performance. Thanks to another point we mentioned earlier, the scalability of Spree, you can deal with traffic spikes without the risk that the system crashes due to the unexpected customer volume. Think of a Christmas rush to your site, for example, and know that Spree will be with you during your busiest—and most lucrative—time of year.

Community:

Both user communities are active and provide great support for troubleshooting. PrestaShop’s community is bigger, due to the CMS’ poularity, and the fact that it’s been on the market longer. Spree, however, has 635 contributors, more than double that of its rival. This results in faster resolution for bugs, with software updates being published more frequently for Spree.

Necessary Hardware Resources:

We’ve already mentioned that the initial investment in the software for either one of these platforms is zero, as they’re both free and open sourced. But what about the hardware resources?

Naturally, what will make the difference is the volume of the store itself, and the traffic it receives, so both will need more resources as your company’s popularity increases. Now, PHP needs more power on the server and more memory to run in comparable situations, so it will take a higher hosting plan if you want to be safe for the future. Spree Commerce, on the other hand, is fantastic in this regard, being remarkably scalable and ensuring the performance will be optimal throughout your company’s growth.

Startup:

When starting out with these platforms, we found that PrestaShop is quite similar to the installation of WordPress: you only need to upload the files to the server and run them. With Spree installation, the method is similar to running an environment for Ruby on Rails. At first you may face a challenge regarding programming knowledge.

But is this really a disadvantage? Not really, as you can be sure that your storefront’s ready to roll know matter how much change your shop requires in the future, because you can handle it without any problems.

You must have one point clear: both options are valid for an online shop, and you know you can sell on them both domestically and internationally. However, through personal experience and customer reviews we feel secure in making Spree Commerce our recommendation.

It’s a platform that allows further customization, is more scalable (thus mitigating future problems that you’d have with other storefronts), has extremely powerful features, and you don’t have to install anything other than its basic software. In short, Spree offers a solution that you’ll own completely.

Don’t have enough information about Spree Commerce? No problem, contact us today.

To view this blog in its original format, visit the blog of the blog of 3llideas.

Security Fix for all Spree Versions

Posted on August 19, 2015 by Jeff Dutil

We have just issued several new versions of Spree that address a security vulnerability present in all versions of Spree 1.1.x+.

Through specially crafted search parameters, an attacker is able to bypass authorization checks and determine the contents of database records. This may be used to expose customer details, and other sensitive information. This vulnerability exposes itself through the API (a key is not required). All users are advised to patch or upgrade their stores immediately.

This is a non-backwards compatible upgrade if you use custom ransack searches, as we are changing the allowed ransack searches to be whitelisted.

If you have custom ransack search associations, and/or attributes you may whitelist them following this example in:

config/initializers/spree.rb

Spree::Product.whitelisted_ransackable_associations |= ['reservation']
Spree::Product.whitelisted_ransackable_attributes |= ['presale']

Workaround

This initializer changes the ransack’s default to not allowing searching across associations. It is less complete than the patches which also require attributes to be whitelisted.

# Any custom ransack searches in your store will have to be added to this list.
#
# config/initializers/security_20150817.rb

Rails.application.config.to_prepare do
  raise "Spree.user_class must be defined first" unless Spree.user_class

  whitelisted_associations = {
    # Revoke the ability to search across associations via ransack
    ActiveRecord::Base => [],

    # Put back the ability to search across associations that we know are used
    Spree::LineItem => ['variant'],
    Spree::Order => ['shipments', 'user', 'promotions', 'bill_address', 'ship_address', 'line_items', 'inventory_units'],
    Spree::Product => ['stores', 'variants_including_master', 'master', 'variants'],
    Spree::Promotion => ['codes'],
    Spree::Variant => ['option_values', 'product', 'prices', 'default_price'],

    Spree.user_class => ['bill_address', 'ship_address']
  }

  whitelisted_associations.each do |klazz, associations|
    klazz.define_singleton_method(:ransackable_associations) { |auth_object=nil| associations }
  end
end

Credit

Thanks to Andrew Thal from Bonobos for reporting the issue privately. This allowed us to verify the problem and prepare the necessary security patches for public release.

If you find any security issues please notify us privately via the security@spreecommerce.com email address.

Full Changes

To see a complete list of changes please view the compare pages:

Solidus 1.0.0

Posted on August 12, 2015 by John Hawthorn

Editor’s Note

This is a guest blog post from someone who is an active contributor to the open source project. This blog post has nothing to do with official Spree policy, nor does it represent any type of endrosement by Spree Commerce. There are a small number of Spree developers who want to concentrate on providing a limited set of security and performance enhancements to their existing Spree codebase without introducing new features, new Rails functionality, etc. This is a perfectly reasonable approach to take and we have no problem with it. It does not, however, relate to any actual or planned change in the direction of the Spree open source project.

About the Author

John is a programmer for FreeRunning Technologies, a team of fullstack developers based out of Victoria, BC. FreeRunning Tech builds scalable web and ecommerce software applications, leveraging Ruby on Rails and Spree Commerce.

We’re happy to announce Solidus 1.0.0, an updated fork of Spree 2.4 spearheaded by the developers at Bonobos and FreeRunning Technologies.

These changes mostly came from the needs of running a large store like Bonobos and AYR. Changes include refund and cancellation overhaul, performance fixes, customer service enhancements, changes for fulfilment, and many fixes. The downside is that this is a large set of changes. We didn’t release 1.0 early but we hope for our future versions to be released often.

We intend this to be a direct upgrade for Spree 2.4 (or earlier) users. We’ve also tweaked the Spree 2.2 → 2.3 → 2.4 migrations to be faster and more correct. A future version, likely 1.1.0, will provide an upgrade path for users on spree 3.0.

Major Changes

Rails 4.2

We’ve upgraded to rails 4.2. Notably this includes ActiveJob, asynchronous emails, and ActiveRecord performance improvements.

See the rails 4.2 release notes.

Solidus

Gems have all been renamed solidus: solidus, solidus_api, solidus_backend, solidus_core, solidus_frontend. Branding and some sample data has been changed. We will continue using the Spree:: namespace.

SSL Configuration Removed

Previously SSL was enforced by Spree at the controller level by declaring either ssl_required or ssl_allowed, which checked several Spree::Config options to determine if SSL should be used in this environment and if the HTTPS request should be redirected to plain HTTP.

It is now expected that the entire store has SSL enforced. This is to be handled either by Rails, the web server, or the load balancer.

This can be done by setting config.force_ssl = true in config/environments/production.rb

Order Mutex for the API

Previously, concurrent requests to the API could put the order into an inconsistent state. Now, concurrent requests to the API will return HTTP 409 “Conflict”.

Explicit Order Complete + Confirmation Always Required

Previously order.next was used to advance an order through the order checkout states and to ultimately complete the order. This made it easy to complete the order unintentionally through the admin or when using the API. This is now changed so that an explicit call to order.complete is required to complete the order. To facilitate this the confirm state is now always required.

The API’s advance route will now move the order to the ‘confirm’ state. The next action will continue to move orders from confirm to complete, but issues a deprecation warning when doing so.

The frontend checkout continues to act as before, but will always have the confirm state.

Store Credit

We wanted to be able to include store credits with Solidus. This integrated the existing spree_store_credit_payment_method extension.

This allows assigning an amount of store credit to a user and allow them to pay using those funds.

Cartons

When physically shipping items to a customer, multiple orders to the same customer may be combined into one package. A single shipment (as seen and paid for by customer) may end up split into multiple packages with different tracking numbers (due to sizing restrictions, for example). To better represent this, we’ve created the cartons model, which is intended to accurately represent the physical shipment (likely with a tracking number) which was sent out.

This should allow more robust integration with some third party logistics providers and help stores with complex shipping needs. In simple stores this addition will be transparent. For most stores, this change should be transparent. Shipping a shipment will create a 1:1 carton.

Stock Transfer Improvements

We added a whole lot of improvements to the stock transfer feature set, including improved admin for which stock locations the inventory is being transferred between, automatic stock quantity handling, better product search, more data capture, and blind receiving of stock transfers at the warehouse to promote assurance of correct product received.

New stock Management Interface

Stock can now be managed at a per-stock-location level in addition to a per-product level. Additionally, it is far easier to search for and filter products, as well as change stock quantities at specific stock locations. Restrictions can also be put in place to only allow certain users to access or manage certain stock locations.

Multiple Codes on a Promotion

A single promotion can now have many unique codes. Previous versions only allowed a single code per promotion. This allows reusing promotion rules and actions without having to duplicate the promotion. Each individual code has it’s own usage limit and is dynamically generated with a user specified prefix. (e.g. base_owgklx)

Adjustment Reasons

Adjustment Reasons are categorizations of why an adjustment occurred. This can help with data reporting, accounting, and business intelligence around why adjustments are occurring to orders.

Return reasons

Similar to Adjustment Reasons, Return Reasons provide an extra level of information around why returns occur.

Item Cancellations

There are times when orders are unable to be completely fulfilled, or where the customer changes their mind about receiving a product. For this purpose, Item Cancellations were introduced, which can adjust order totals before a shipment occurs, and even change the amount that you use to calculate tax or to charge with your payment provider if you capture payment at dispatch.

Order Promotions

A new OrderPromotion model records that a promotion has been applied to an order, allowing item-level promotions to apply to line items or shipments added later to the order.

spree_cmd/solidus_cmd removed

Removes the spree command, which was an alternative way to add Spree to a new Rails app. We’ve removed this in favour of the normal installation generator.

Configuration

To view this blog in its full format, including the key configurations, visit the blog of solidus.