Tragic Media has been working professionally with WordPress for over a decade. Unlike other agencies that specialize in a single platform, our philosophy has always been to have several in-house experts for the different platforms that we work with. This allows us to always recommend the best solution for our clients; rather than simply trying to sell them on the system that we are most familiar with. Over the many years of working with WordPress we have become big fans of the platform, when it is used for its intended purpose. WordPress was developed to be, and remains focused on, being an easy to use blogging system. While the platform has evolved tremendously through the years, it still continues to focus solely on blogging.
However, the WordPress community has taken it upon themselves to push the platform to new heights, trying to have it compete with larger, enterprise-level content management systems, and even e-commerce platforms. The e-commerce plugins for WordPress overextend the platform and create massive issues of security and scalability, but the bigger issues lie in the false perception that this creates for clients that custom e-commerce should be fast and easy to implement.
The problem with E-commerce in Wordpress
Let's face it, WordPress is the worst when it comes to security. Recently, WordPress started introducing automatic core updates to help the platform become more secure. Unfortunately, this does not actually solve the core issue of WordPress security. The WordPress platform itself is actually rather secure, most of the security issues are introduced by community plugins. WordPress is known for its low level of entry for novice developers and its plugins are created by that novice community, but the real issue is that WordPress has no form of plugin oversight such as a security team to review and approve plugins before allowing them to be published on WordPress.org. So really anybody can make their own plugin without having any background in web engineering or security best practices. So unless you are using well supported (and constantly updated) plugins from experienced development teams with their own security standards it is highly likely that your website contains a vulnerability that can be exploited by a hacker.
When we build e-commerce websites using Magento or Shopify we often leverage WordPress for all non-product content management. When using this approach, we always recommend that our clients host WordPress on a separate server instance as an extra layer of security so that if the platform is hacked it will not infect the e-commerce portion of the site. We definitely never recommend leveraging the blogging system for e-commerce due to its high risk for security vulnerabilities.
As mentioned previously, WordPress was created for, and remains focused on, blogging. One of the biggest issues that we hear from owners of larger WordPress sites, is the lack of scalability. This goes for both the development as well as the administration. If your site has several post types, some forms, and a handful of plugins (let alone full blown e-commerce) the back-end quickly becomes overwhelming and unintuitive for administers. Additionally, the site theme will quickly become bloated and difficult to work with which causes development tasks to take longer than they should. The platforms that we use for our larger websites and stores were built specifically for building and managing large amounts of data. Their code was built to scale and the administrative interfaces were built to make management of complex data intuitive and easy to use.
This once again goes back to our philosophy of choosing the right tool for each project not only for front-end functionality but also for back-end administration and integration management.
3. Improper Expectations
One of the bigger concerns with WordPress becoming an e-commerce platform, is the improper expectations that this is setting for both developers and site owners. Junior developers that are new to web development have suddenly started taking on e-commerce projects, which require a deeper knowledge of security and web best practices to be built properly. Additionally, WordPress site owners think that adding custom e-commerce to their site should be as easy as adding their favorite social plugin. There are many great tools out there that make e-commerce cheap and easy for both store owners and developers: Shopify, Big Commerce, and Etsy are all e-commerce focused platforms which were built to make e-commerce easy and secure for store owners. They also have easy-to-use themes for junior developers to take on e-commerce without having to take on the risks of building a custom e-commerce website. WordPress e-commerce plugins cross the line of those easy to use solutions as they require more advanced setups and try to piggyback e-commerce onto a system that was not inherently built for it.
The improper expectations set by these WordPress e-commerce plugins lead to poorly built or incompleted projects, unforeseen costs, security and PCI compliance issues, and ultimately in ruined client/developer relationships.
If you are currently stuck in a WordPress e-commerce nightmare, or are considering using WordPress for e-commerce and would like more information about better alternatives; email or call us today! Or, read our article covering the best e-commerce platforms of 2016 for more information on alternative solutions.