5 Reasons Why WordPress Is a Fantastic E-Commerce Solution

[Ruan @ Webluno]

(Original Post)
Before we start, TeraHost now offers cPanel SSD Web Hosting with LiteSpeed & Imunify360 starting only R15 per month! Check out our hosting plans.




If you don’t know this yet, you can start an online e-commerce business using WordPress and the WooCommerce plugin. While there are a variety of options to choose from, WordPress is a flexible and powerful Content Management System (CMS) for your website and online store.


Here are a few reasons why you should use WordPress for your online store.

1. WordPress has a lot of plugin solutions

Out of the box, WordPress is already an elaborate piece of software that comes ready with most of what you need to build a great website. However, many people find they want to add specific features that aren’t available in the core product. That’s where plugins come in – smaller bits of software that can be uploaded to WordPress to expand its functionality.


There are a few e-Commerce plugins that you can use but the most popular is WooCommerce


2. WooCommerce lets you set up your shop quickly

One of the most important steps in running an online store is choosing an easy to use/maintain e-Commerce solution like WooCommerce. WooCommerce is rapidly growing and has over 39 million downloads as a plugin and is currently active on more than 3 million websites. WooCommerce currently powers more than 30% of all online stores globally.


WooCommerce has attracted significant popularity because the base product, in addition to many extensions and plugins, is free and open-source. Once you have installed WooCommerce it lets you create, organize, and manage your online store. WooCommerce is also well-maintained and has a strong community at your fingertips.

3. Security Options are easy to find

Since WooCommerce runs on WordPress there are thousands of resources on how to effectively secure your WordPress website, did you know that TeraHost currently makes use of Imunify360 & Daily backups? Check out our hosting plans.

4. Affordable to maintain


WordPress can almost run on any hosting platform and is very easy to migrate from one hosting provider to another. Once your site starts to attract a lot more visitors you can upgrade to a cloud or VPS hosting solution. Most hosting providers will provide you with a free SSL certificate from Let’s Encrypt that will make sure that personal information stays encrypted.


WooCommerce also comes with a free IOS & Android app that will show you your overall site performance & analytics right in your pocket.


5. Highly customizable

As we’ve previously said, there are thousands of free WordPress plugins & themes that you can use to make your WooCommerce website look more unique and professional. We found that with the Pro version of Elementor you can basically edit every single element of your website using this page builder.

What do you think?

Will you be using WordPress & WooCommerce to design your new e-Commerce store?

 

[Progenix Oj101]

A lot of those reasons are also why WooCommerce is a BAD idea. Outdated plugins, poorly written plugins, vulnerable plugins, redundant plugins, etc. Unless you really know what you’re doing you’re most likely going to end up with a slow, vulnerable store. The average person will more than likely end up with 20 plugins that they don’t need/open them up to vulnerabilities, a bloated theme, nothing in the form of optimization, and possibility security vulnerabilities from trying to patch security vulnerabilities without actually knowing what they’re doing.

Save yourself a headache and use something such as OpenCart, PrestaShop, Magneto (if you have a large budget and know what you’re doing), or even Shopify provided you don’t have any strange requirements.

 

[rustypup]

Shopify provided you don’t have any strange requirements

Shopify presents some issue with POPIA/GDPR

 

[Bryn]

@Ruan @ TeraHost

I generally agree with your points. WooCommerce is a fantastic, flexible platform that can be adapted to almost any eCommerce requirements.

My only two counterpoints:

1. Despite the accessibility, a DIY Woo store is almost always crap. I don't think I've come across an impressive implementation yet by someone who doesn't know much about web development. It takes a very considered approach to design, usability, performance, maintenance etc. to produce great results. Unless there is simply no budget to speak of, I would recommend that people hire a professional to get their store done. When spending money on your product mix, employees, marketing, branding, order fulfilment etc. it just seems insane to me to neglect the actual website that your sales will be derived from. A rubbish, slow site will tank conversions into the ground and the owner may not even understand where their business is dropping the ball.
2. Online stores, especially WooCommerce ones, hit the database much harder than brochure sites. They tend to have more taxing plugins installed that add to the general weight. A lean development stack and properly good hosting are critical for good results imo. The hosting packages you've shown above are the cheapest of the cheap shared hosting, whereas I would argue that a small 1-core, 2GB memory VPS is pretty much the minimum you want to be running an online store from. Load times can reduce by 1-3 sec per page from that change alone, and considering that conversion plummets per 100ms of unnecessary loading, that is very, very significant. It also reduces your exposure to oversold servers and noisy neighbours. And 10GB of storage is not ideal as you'll want 30 days of local backups. Last I checked, which wasn't that long ago, cPanel incremental backups were utterly useless and in no way comparable to what they should be (i.e. a large set of backups that can be individually restored, using shared data where applicable). So standalone local backups might still be the only reliable option, which hugely increases disk space requirements. (Obviously off-site backups should be in place as well.)

I'm also curious as to how you've set up one-size-fits-all ModSec policies. From my experience, ModSec is a proper pain in the butt to configure and differs from site to site.

 

[Ruan @ Webluno]

@Bryn

Despite the accessibility, a DIY Woo store is almost always crap

100% agree - but don't let "crap designs" put you off of the actual framework. At my design agency, our websites are designed quite professionally and look stunning as well. WordPress + WooCommerce is a lot cheaper and personally more customizable than other services like Shopify and Squarespace stores. Since its a lot cheaper your average Joe tends to make their own online stores without any design experience.

I personally have a lot of design experience and therefore we are are to make stunning Woo stores.

Online stores, especially WooCommerce ones, hit the database much harder than brochure sites.

This is true to an extent - We are currently hosting online stores for a few of our customers and their sites are performing extremely well when it comes to loading times and actual experience. Our customers are experiencing an average of 100k views a month on a 1core 512MB RAM shared hosting package.

And for backups - full account backups are made every single day and stored remotely, not on the actual user account. They can be restored at any time.

I do agree once your store gets bigger you might want to upgrade to dedicated or VPS

 

[squirrel]

WooCommerce > Shopify

 

[Ruan @ Webluno]

WordPress is a huge target. Unless you plan to put big effort into staying on top of vulnerabilities, be prepared to be pwned.

Classic recent example

High severity vulnerability fixed in Product Input Fields for WooCommerce.

The Product Input Fields for WooCommerce plugin (5,000+ active installations) fixed a high severity vulnerability that could allow an unauthenticated user to download any file from the blog, including the WordPress configuration file.

blog.nintechnet.com

The biggest issue with WordPress is the illusion of a working site. Non-tech folk get satisfaction from seeing it work and assume it's easier than it actually is when their setup is likely riddled with issues. Add to that the fact that it's inefficient...

Anything is a target really. Thats why you pay companies like us (Webluno) for monthly website maintenance and 24/7 site security monitoring and vulnerability checks & optimizations.

If you have just started out using WordPress then you might be a lot more liable to get “attacked”

There are thousands of online tutorials on how to completely secure your site. Most attacks happen because people use pirated themes & plugins and cheap hosts.

Once you know what you are doing WordPress is a very awesome and powerful CMS

 

[Ruan @ Webluno]

No offense, but don't do the snake oil salesman thing. There is no such thing as a completely secure site. Companies with way bigger budgets than Terahost or their clients have failed. It's all about the attraction of the data you hold or the resources you manage.

I never tried to sell you anything, so you can calm down lol .I was giving you an example. We never said we will 100% secure your site but we will make sure that your site has a 99.9% uptime. To be honest, there's no reason why you would want to hack a WooCommerce site since all personal information is securely stored with third party payment gateways anyways.

The only reason why you would want to "attack" a WooCommerce store is to cause downtime. You will never be able to 100% secure your website but you can do everything in your power to make it difficult for the attacker.

The only personal information that you will be able to see with WordPress is usernames and passwords <-- if you can decrypt them (which is easy since you can decrypt them online) and their address of residence. To be honest I can go on your Facebook page and find out where you live anyway.

At the end of the day, if someone wants to hack your website they will most probably achieve it if they really wanted to, the best thing you can do is make it as difficult as possible for the "hacker" with the hopes that they lose interest and move to a next target.

 

[Finpers]

This is a really convenient and versatile platform, and at the same time very easy to use, but I hope that the modules of the site itself will expand more as extensions of the main engine.

 

[Ruan @ Webluno]

It's absolutely always about effort vs reward, but don't count on it not happening because you can't see the reward. The reward may be little more than bragging rights on the local BBS. Why people hack is a very broad question to answer. That's why, as a client, I'd be more interested in your security incident management policy? What are the steps you would take in the event of a data breach. If you don't have one, it's a really good idea to create one..

It's absolutely always about effort vs reward, but don't count on it not happening because you can't see the reward.

100% agree - site owners should always have some sort of site security to make it as difficult as possible for the attacker to gain access to the site.

Hmm... no. The individual user passwords are not stored encrypted, they are one-way hashed (although Wordpress' implementation is not the best). I could attempt a brute force using a list of commonly used / weak passwords, but I can't reasonably get individual logins for accounts that use secure passwords.

Once website owners make use of our maintenance plan we make sure to salt all user passwords - passwords might not be encrypted but its 100% better than just having a simple hashed password. Once a user enters a password incorrectly after a few attempts their IP's are automatically banned and all site administrators are notified. We also make use of Network Brute Force Protection automatically banning IP's that have been reported by other sites.

There are a few things we do as well but these are protected for obvious reasons

Lastly, having backups of your site is mandatory - this will not keep the attackers out but once we identify the cause of the attack they are fixed upon site restoration, I'll send you our DPO policy containing all of the steps.

 

[rustypup]

There are thousands of online tutorials on how to completely secure your site

BS. There are thousands of "top 10 things to" tutorials that completely fail to cover the essential items. Feeling secure is not the same as *being* secure.

Most attacks happen because people use pirated themes & plugins and cheap hosts.

Complete BS. Most attacks happen because the Wordpress code base is carp and every expansion patch adds a horde more that will only get fixed in another 8 months time.

Add to this the fact that the myriad cruddy plugins, even the paid for rubbish, out there *never* undergo independent code review and are poorly maintained and you can pretty much ensure your online store is going to lift its skirt for pretty much anyone who asks nicely.

For the record I am forced to support some legacy Wordpress deployments and these have failed *every* independent pentest we have ever conducted with zero effort despite being "secured". The product is carp. Extensible, accessible, popular carp.

 

[Crumbl0x]

lol this advertising campaign really went south, WordPress and its associated plugins is such an absolute rubble of steaming garbage both from a usability and especially security aspect and I really feel sorry for people that have to deal with this honestly on the daily.

 

[Ruan @ Webluno]

Anyway with everyone’s opinions aside.

This post was 5 reasons why to use Woocommerce for your online store. This post was specially for WordPress + WooCommerce users and not to start a biased hate party for these amazing tools.

WordPress is a amazing tool and will always be. If you have a problem with this then why not create your own post and talk about it there? Any tools/software you use will have a lot of pros and cons, at the end of the day it is about what works for you as the user and your customers.

To put WordPress into perspective why not look at these massive companies using WordPress: https://www.isitwp.com/popular-big-name-brands-using-wordpress/

Enjoy your evening gents.

 

[Bryn]

@Bryn

100% agree - but don't let "crap designs" put you off of the actual framework. At my design agency, our websites are designed quite professionally and look stunning as well. WordPress + WooCommerce is a lot cheaper and personally more customizable than other services like Shopify and Squarespace stores. Since its a lot cheaper your average Joe tends to make their own online stores without any design experience.

I personally have a lot of design experience and therefore we are are to make stunning Woo stores.


This is true to an extent - We are currently hosting online stores for a few of our customers and their sites are performing extremely well when it comes to loading times and actual experience. Our customers are experiencing an average of 100k views a month on a 1core 512MB RAM shared hosting package.

And for backups - full account backups are made every single day and stored remotely, not on the actual user account. They can be restored at any time.

I do agree once your store gets bigger you might want to upgrade to dedicated or VPS

I was too busy at the time to reply and then I forgot about this thread. Sorry about that.

You're rephrasing my statement with the beginning there. Most Woo stores look like junk, I agree. It takes a carefully considered approach to avoid the 'theme' look, provide a visually memorable experience and as frictionless a shopping experience as possible.

That said, given how critical every 100ms is to conversion rates, I don't think hosting even a moderately busy online store on such meagre specs is justified. Your total memory allocation is only double the typical PHP memory limit.

I take security particularly seriously, so we share enthusiasm in that area. But I don't think that your sites are secure, which makes me doubt the security afforded to your clients.

1. Your codebase is unprotected. All plugins are easily scanned. This is by far the biggest security risk to WP sites, as bad actors actively seek out known vulnerabilities. If they cannot detect WP or any of your plugins, that goes a long way in staying under the radar.
2. You seem to favour Elementor for building sites. That is a permanent red flag for security. The prominence of Elementor and its vast assortment of equally-dubious quality addons make it a constant security risk. It's impossible to hide its presence due to the insane div-ception code output that mentions Elementor a million times, and it also negatively impacts performance.
3. I'm also detecting plugins for really basic aspects of web development, such as logos, headers, scripts, menus etc. This adds tremendous liability as you're arbitrarily ballooning your exposure to potentially risky plugins.
4. A gazillion other domains appear when doing a reverse IP lookup on both of your sites. That's not good security, or hosting.
5. LiteSpeed Cache is used by approximately 0% of enterprise websites. I have yet to see a LSC site withstand even a moderate LoadStorm test. A properly configured Nginx stack offers serious security and scalability. A site doesn't just need to be fast for one basic and misleading benchmark - it needs to remain fast if it trends on Reddit.

WordPress is a huge target. Unless you plan to put big effort into staying on top of vulnerabilities, be prepared to be pwned.

Classic recent example

High severity vulnerability fixed in Product Input Fields for WooCommerce.

The Product Input Fields for WooCommerce plugin (5,000+ active installations) fixed a high severity vulnerability that could allow an unauthenticated user to download any file from the blog, including the WordPress configuration file.

blog.nintechnet.com

The biggest issue with WordPress is the illusion of a working site. Non-tech folk get satisfaction from seeing it work and assume it's easier than it actually is when their setup is likely riddled with issues. Add to that the fact that it's inefficient...

It is not that difficult to have top-notch security for WordPress sites.

• A good WAF like ModSec
• Regular malware scanning
• DDoS mitigation, incl. automatic failover
• Fail2ban provides exceptional brute-force and spam protection
• ModSec configuration to protect against SQL injection, script injection, cross-site scripting, clickjacking, local file inclusion, PHP injection, Java injection, Shell injection, httpoxy, Shellshock, session fixation, bot detection, metadata leakage and stuff like that.
• Cut-off the usual entry points by changing admin URLs like wp-admin and wp-login.
• On-site and off-site backups, standalone and incremental for both.
• Enforce 2FA for admin users, consider passwordless login for all other users.
• Proxy all IP addresses in the DNS
• Use a premium CDN and block countries that have no plausible reason to visit or scan your site.

BS. There are thousands of "top 10 things to" tutorials that completely fail to cover the essential items. Feeling secure is not the same as *being* secure.

Complete BS. Most attacks happen because the Wordpress code base is carp and every expansion patch adds a horde more that will only get fixed in another 8 months time.

Add to this the fact that the myriad cruddy plugins, even the paid for rubbish, out there *never* undergo independent code review and are poorly maintained and you can pretty much ensure your online store is going to lift its skirt for pretty much anyone who asks nicely.

For the record I am forced to support some legacy Wordpress deployments and these have failed *every* independent pentest we have ever conducted with zero effort despite being "secured". The product is carp. Extensible, accessible, popular carp.

lol this advertising campaign really went south, WordPress and its associated plugins is such an absolute rubble of steaming garbage both from a usability and especially security aspect and I really feel sorry for people that have to deal with this honestly on the daily.

Claiming that the WP codebase sucks is nonsense. Avoid the page builder/bloated to the eyeballs life and take an interest in only using well-made plugins and you'll probably be fine. There are loads of amazing WP tools available - they're just harder to use than bloated junk like Divi, Elementor, Thrive Architect, WPBakery etc. And just because 99% of themes are trash doesn't mean you can't use brilliantly coded ones like GeneratePress or Genesis.

 

[Crumbl0x]

Anyway with everyone’s opinions aside.

This post was 5 reasons why to use Woocommerce for your online store. This post was specially for WordPress + WooCommerce users and not to start a biased hate party for these amazing tools.

WordPress is a amazing tool and will always be. If you have a problem with this then why not create your own post and talk about it there? Any tools/software you use will have a lot of pros and cons, at the end of the day it is about what works for you as the user and your customers.

To put WordPress into perspective why not look at these massive companies using WordPress: https://www.isitwp.com/popular-big-name-brands-using-wordpress/

Enjoy your evening gents.

My issue along with a few others here is specifically because a claim was made with your headline, and your opinion on WP aside, can be factually incorrect when taking into account how major a lot of these vulnerabilities are, especially with something as recent as the x-redirect-by exploit. Also, that's not a good argument in the slightest, just because something is popular doesn't mean it's good or secure, you of all people should know that. When making claims like these while attempting to advertise a service on the side, of course there will be rebuttals from experienced individuals so there's no need to get upset over it

 

[Crumbl0x]

Claiming that the WP codebase sucks is nonsense. Avoid the page builder/bloated to the eyeballs life and take an interest in only using well-made plugins and you'll probably be fine. There are loads of amazing WP tools available - they're just harder to use than bloated junk like Divi, Elementor, Thrive Architect, WPBakery etc. And just because 99% of themes are trash doesn't mean you can't use brilliantly coded ones like GeneratePress or Genesis.

I really appreciate the long and detailed reply, and of course the issue isn't so black and white, and there is truth to the claim that WP's codebase is bad to a certain extent, but the real issue here is how rampant those bad actors have ran over the years and tarnished its reputation further, which is sad. Dealing with clients that ask specifically for WP is something I personally shun from doing but will take on the task at a slightly higher fee where applicable just because of the trouble one has to go through in securing it to a good standard which doesn't cover the holes some of those plugins can introduce.
You're 100% right however on all the other points and I'd be elated if the majority of people followed that.

 

[Ruan @ Webluno]

This is often difficult to explain to clients but we also wont budge on the fact that WP costs more than they expect. We use the opportunities to explain our standards for securing their data and why WP means more maintenance to that end... If they don't have a lot to lose - e.g. they just want an info site that's easy for them to maintain and easy to lock down or is relatively static, no worries.

And for the record, I wouldn't say no to WP for a small retail site where I'm punting something unique but I would absolutely consider the alternatives, possibly even seperating the general CMS and e-commerce pieces using independent containers for each.

Might be off-topic here, what would you recommend a client if they want to sell products online? Your client want's to be able to add and remove products themselves. They also want a unique design with 100% custom carts & checkout pages. They also want to start a small blog to help them promote their products. Take note that the customer wants the site to be 100% custom.

The are selling products in the US and in ZA with multiple currencies and they are using a bunch of payment gateways. They also make use of DHL, UPS & South African courier companies, once a customer purchases a product they want the selected courier to automatically receive a notification of the order. They want the customer to receive an SMS once a order has been processed.

They also want to sell gift cards that can be used for in-store currency.

They currently have a VPS with 16GB of ram and a 3/GBs connection.

Client
Budget: R20k
Monthly maintenance budget: R2k

What will you use to achieve this?

 

[Ruan @ Webluno]

I' point them to you. I don't fish in those ponds.

 

[yogidabear]

Maybe I should start a new thread but we want to build a directory site and are contemplating using wordpress and I thought now with 5.5 a lot of the issues were being addressed. There seems to be a lot of debate over wordpress for ecommerce and the security but would you recommend it for a directory and if not what would you use?

 

[Bryn]

Might be off-topic here, what would you recommend a client if they want to sell products online? Your client want's to be able to add and remove products themselves. They also want a unique design with 100% custom carts & checkout pages. They also want to start a small blog to help them promote their products. Take note that the customer wants the site to be 100% custom.

The are selling products in the US and in ZA with multiple currencies and they are using a bunch of payment gateways. They also make use of DHL, UPS & South African courier companies, once a customer purchases a product they want the selected courier to automatically receive a notification of the order. They want the customer to receive an SMS once a order has been processed.

They also want to sell gift cards that can be used for in-store currency.

They currently have a VPS with 16GB of ram and a 3/GBs connection.

Client
Budget: R20k
Monthly maintenance budget: R2k

What will you use to achieve this?

I would engage constructively to try to realign their expectations or their budget. Failing that, I would decline the engagement. And anyone else who accepted it would be staring down fool's gold. There is a minimum quantity of hours something like that would require, so either the developer is earning minimum wage or less, or the client isn't getting the hours. It's one or the other, and in both scenarios, the end result is most likely going to suck.

And I'm saying this from the perspective of someone who builds cost-effective Woo stores. I've done the multi-region sales channels thing and it takes a huge amount of effort. Also, you don't want to be using a single VPS for this. A load-balanced setup spanning the markets being served would be far better, especially with such distances involved.

Even the maintenance involved is inadequate, at a little over $100 a month. Hosting alone would cost more than that if they happened to have a competent system administrator in their company who could DIY it. And they also expect an external agency to monitor performance, ensure integrity, perform maintenance tasks and be available at their beck and call? Again, fool's gold.

A big part of having a profitable development firm is knowing when to say no to prospective clients who have delusional ideas about costs. The only alternative is rolling around with the bottom-feeders, accepting peanuts for work and being restricted to themes, bloated page builders and dozens of plugins. Those guys are all miserable and never end up making real money. If you value yourself so little, your clients will as well, and you also get to enjoy the worst clients.