Home About

 September 18th, 2012

Protecting your Magento images with htaccess - 2

How to protect my images ? This is probably a question every Magento shop owner has asked him or herself at some point. Having spend a small fortune in money, time and/or effort in getting the right pictures for your web-shop it can be quite disheartening to see your product images appear on a competitors site.

The first line of defence is to protect your images with Magento’s dynamic watermarks which can be found in the configuration.

But what use is a watermark if the original image is still available ?

A look at the URL of a watermarked image will allow your image thief to quickly work its original location:




I made a few tries coding a .htaccess file that would deny all access. This however blocks access to the image editor in the admin panel as well. I found a solution in an answer by Farrukh on StackOverflow.

Modify and place the following .htaccess file in the /var/media/catalog directory to restrict access to the original images:

Options +FollowSymLinks  
RewriteEngine on  
#Following line allows the actual images to be accessed by admin end directly  
RewriteCond %{HTTP_REFERER} !^http://www.yourwebsite.com/.*$ [NC]  
#Following line allows the watermarked images to be accessed directly. Rule says that if URL does not contain cache  
RewriteCond %{REQUEST_URI} !(/cache/) [NC]  
#This is the page where visitor will be redirected if tries to access images directly.  
RewriteRule \.(gif|jpg)$ http://en.wikipedia.org/wiki/You_shall_not_steal [R,L]

 September 17th, 2012

Review: PostCode.NL Magento plugin - 0

afrekenen Review: PostCode.NL Magento pluginA scene all too familiar : a customer buys a gift for his girlfriend, about to depart to a far, far away country and it needs to be there by Wednesday. So you ship as quick as possible; and just after the parcel disappeared into the delivery van the customer calls again. “Oops, I have made a mistake in the address”

The parcel company does not take a change of address, despite your best efforts. Ten days later the parcel returns to your doorstep. You need to refund the customer, service is everything, and take a penalty charge for sending it to the wrong address.

Time for a technical solution — no more wrong addresses. In Holland several companies offer software to validate a Dutch postal code + house number combination to a full address. Most cost money, but one of them is actually free of charge and that is the one we will look at here.

PostCode.NL offers a Magento 1.5+ plugin that validates Dutch postal codes. You can sign up for a free API key that comes advertised with 10,000 free validations a year. After I asked for detailed pricing PostCode.NL confirmed that there currently is no limit. As long as your use stays within their fair-use policy.


Installation is straightforward. You can either download the plugin and copy it into your (test) environment by untarring the .tar.gz or download it and install it through the Magento Connect Manager. Then go to the PostCode.NL website and sign up for an API key. After this just enter the keys into the configuration panel.

At this point I expected things to go wrong but instead I was pleasantly surprised. We use the CheckItOut plugin to provide a one page checkout experience. Amazingly enough the plugins did not clash and as I entered new test orders I only had to enter postal codes & house numbers to get full address completion. For overseas addresses the module disables itself.

Not 100%

As I moved the plugin from the test environment to the production environment I hit a snag: the module stopped working. A quick check showed a Javascript error. This was caused by the module using HTTP to verify the postal codes while the checkout page is secured using HTTPS. The fix was simple, but not elegant, I modified two source files and hardcoded the HTTPS url. To do this modify the baseUrl variable in:

  1. /app/design/frontend/default/default/template/postcodenl/api/jsinit.phtml
  2. /app/design/adminhtml/default/default/template/postcodenl/api/jsinit.phtml

I have reported this as a bug, so hopefully it gets solved soon.

The second minor point was that some of the translations are missing. The module is written in English and it provides a translation file. However some texts and error messages are not properly translated giving English messages and errors in what is otherwise a fully Dutch checkout page. You can add missing translations to the following file:


Help! End user confusion

Address completion is now as simple as entering the postal code and a house number. But it might too much friendliness for our customers. Within an hour after we had enabled the module a customer called. She complained that she could not enter her address as the address lines are now grayed out. She could not work out that she had to enter the postal codes first and then the house number but instead tried to click directly on the address.


Technically the module works, the module’s free pricing is better than fair and so far it works without fail. However, we will evaluate the use of automatic address completion further as even a small amount of user confusion might result in lost sales. Whether this is this better or worse than the occasional returned parcel is the question we need to answer next.


After this post, and a discussion on WebWinkelForum (Dutch) I was contacted by PostCode.NL. They have made several changes to their module that should solve the problems I have mentioned. When I have a moment I will put it through its paces and blog about it.

 March 7th, 2012

Review: Embedded ERP for Magento - 0

embedded erp Review: Embedded ERP for Magento
When a small web shop grows beyond that what was manageable by one person it is important to put down standard procedures and a structure of where everything is stored. How much inventory to keep and what is available. ERP or Enterprise Resource Planning, a big word for a small operation, becomes essential. There are plenty of open source packages available that provide inventory management and a whole range of other features. Most of these are overkill and require extensive staff training. Several do provide ; typically expensive ; bridges to Magento. But with Magento you already have an admin system you know how to use and a website, so why add another one?

Read the rest of this entry »

 March 6th, 2012

Review: EComDev CheckItOut 1.3.0 - 0

checkout Review: EComDev CheckItOut 1.3.0If you make your checkout procedure clearer and simpler you will convert more visitors into customers. This is the mantra behind the now numerous one page checkout modules for Magento. The standard Magento Checkout page is anything but simple. I have heard it described it as “the work of an accountant”. It works and it is pretty solid, but it does not look inviting. After reading about the cons and pro’s of a single checkout page we decided to test this for ourselves. Read the rest of this entry »

 March 2nd, 2012

Magento University – “Fundamentals of Magento Development” - 0

mag Magento University   Fundamentals of Magento Development

A couple of weeks ago I came across the Magento U Online Course “Fundamentals of Magento Development” and signed up at the spot. Given that its currently free it is extremely good value. Read the rest of this entry »

 February 24th, 2012

Automatically export Magento products to Beslist.NL - 0

images 150x150 Automatically export Magento products to Beslist.NLThe following code is usefull if you would like to make an export of your Magento webstore products to the Dutch Beslist.NL website. It creates a text file in the format accepted by the Beslist.NL website.

The code is designed to be called from a nightly cron job. Execution can take little while, depending on how many products your store has. The script exports all enabled products. Read the rest of this entry »

 February 21st, 2012

Magento Module : Free Shipping for Admin Users Only - 10

freeshipping 150x150 Magento Module : Free Shipping for Admin Users OnlyI build this mini module for a webshop that needed a “free shipment” option for orders that are entered through the Magento Admin panel. Occasionally someone will pickup an order directly from the store, or a delivery is made “on the house”. It is however not an option offered to regular visitors to the website. Read the rest of this entry »

 June 21st, 2011

Securing the Magento Shopping Cart with HTTPS - 7

If you install an SSL certificate for your Magento website the checkout procedure is secure. The website will jump to a HTTPS page as soon as you click the “Order” button in the cart. However, the cart itself is not secure.

The little lock symbol on the webbrowser is not displayed. This is the correct behavior as the customer will not enter any confidential information until he or she enters the order form itself.

But your customer likely expects the website to enter secure mode as soon as they enter the shopping cart. This is a key reflection point for your visitors — do I trust this website with my confidential information? The SSL lock inside the address bar gives that extra bit of comfort that this is a proper website. Read the rest of this entry »

 June 16th, 2011

Fixing the product order in a Magento category - 0

lego 580x386 Fixing the product order in a Magento category
What do you have to do to make sure that one particular product is always on top in your Magento category ? This product is a key item and your marketing people want to make sure when someone visits the category they see it immediately.
Read the rest of this entry »

 June 6th, 2011

Tuning eAccelerator for Magento on Linux - 7

motor 580x386 Tuning eAccelerator for Magento on Linux
Beauty farm by Vincent Luigi Molino

This article descripes how to modify a default eAcellerator configuration for use with Magento. This is an advanced level topic. You have installed Magento on your own dedicated server and want to squeeze some more juice out of it. Because installing eACellerator requires you to install software on the server this cannot be done on a shared hosting server. Here your hosting provider will already have installed a similar solution. But as you will read below — this is likely a subobtimal boost to overal performance.

With so many PHP files to parse for each page Magento will be slow unless you are using a PHP accelerator & optimizer. As each PHP script is compiled it is stored in memory and on disk by the accelerator. On a subsequent load PHP no longer needs to compile the script, it can just load the already compiled version and start executing immediately.
Read the rest of this entry »

Most popular

    Sorry. No data so far.

Recent Comments
  • martijn: Google does not see / nor need your original (high resolution) images. It will only index the ones you...
  • Christian: What is Googles behaviour when using this technique? Will Google still be able to index the images?
  • Glenn: Thanks, great job I was looking for this. Just one question I also want to secure the page were people add the...
  • Jerry: Thanks for a very useful post Martijn. Fixed a dreaded ‘insecure items’ error I was getting on my...
  • Zsham: Is there a setting in the admin panel that I am missing? I tried both 2 and 3 and I do not see the padlock or...