How to Run a Stable, Secure and Successful WooCommerce Website


WooCommerce has become the de facto solution for running an ecommerce website with WordPress. This is especially so since Automattic (the company of WordPress co-founder Matt Mullenweg) took over the wildly popular plugin in 2015.

The fact that WooCommerce is free (with the option to use free extensions or buy commercial ones) and fairly easy to set up is very attractive to those looking to sell online without breaking their budget.  It’s possible to build an online shop that looks and functions similarly to the upper echelon of online retailers.

But this particular path of eCommerce has its own requirements and challenges. WooCommerce is a different animal than the likes of Shopify, Miva, or other SaaS providers. There are things you need to be aware of to make the most out of your site and maintain security and stability.

Let’s take a look at some of the hidden secrets to winning with Woo:

Test Updates on a Development Site First

Because your WooCommerce shop could also be running alongside different WordPress plugins, updates aren’t always a smooth process. Bugs not only show up in new releases of Woo, but conflicts can arise with any plugin or theme you have installed. It can be a hot mess if not handled properly.

That’s why I always recommend running a development (aka staging) version of your site. Some WordPress specialty hosting companies will provide this for you. If yours doesn’t offer this service, there are plugins that can help. Or you can install a MAMP or WAMP server on your own system.

A staging environment allows you to test out the latest plugin updates without fear of breaking your live site. Install any available updates, click around your site and put through a test order or two. If everything works as expected, you can run the updates on your live site (or push them if you’re running some sort of version control).  If something isn’t working right, you’ll be able to safely troubleshoot without disrupting customers.

This may take you more time, but it gives you some peace of mind. Watching an update break your site is no fun. Take that possibility out of the equation with this extra step.

Don’t Touch Templates (Unless You Have To)

Don’t Touch Templates (Unless You Have To)

Yes, WooCommerce lets you override specific plugin templates in your own theme. This can be very useful for changing around layout or simply adding some information to a particular area.

The problem is that Woo occasionally updates these templates when new versions of the plugin are released. You’ll often receive a message within the WordPress Dashboard that states that you have one or more outdated templates. You can then see which ones are out of date by visiting WooCommerce > Status.

Running outdated versions of templates may very well work – or not. Your site’s layout can go a bit wacky, or critical functionality may prevent customers from completing orders. To fix an outdated template, you’ll have to grab the latest copy of WooCommerce and re-customize the latest version of the template in question to match what you previously did. If you customize several templates, it can become a real pain.

The best way to prevent all of this trouble is to avoid customizing template files – even if they are in your theme. Instead, take advantage of WooCommerce hooks. These little snippets of code can accomplish the same results as custom templates without worrying about plugin updates breaking something.

Take Security Seriously

Take Security Seriously

Security is one of the top concerns for any site – especially when selling online. If you’re running WooCommerce in particular, take care to:

Run Your Site in SSL

The barriers of price, identity verification, and technical knowledge required to run your site in SSL have been broken down. With providers like Let’s Encrypt offering free certificates, along with hosts that have near-free offerings – there’s no excuse not to use SSL. For these free or cheap certificates, you don’t even need to go through any drawn-out verification process. SSL increases security and consumer confidence – so use it!

Lock Non-Administrators out of the Dashboard

If you’re allowing customers to have their own accounts on your site, it’s a good idea to ensure that they can’t access the WordPress Dashboard.  Even though a customer’s role means that can’t do any damage, it’s still good practice to keep them out. You can accomplish this through a plugin like Remove Dashboard Access or through some simple code.

Assign Shopkeeper Roles Accordingly

It’s always a good idea to provide users with only the level of access they need and nothing more. If one or more non-administrator staff members need to access orders and customer information, assign them the Woo-specific Shop Manager role. This will provide users with the permissions they need to process orders, etc., without giving them full administrator access.

Run Other Plugins Sparingly

While there are currently over 50,000 plugins in the WordPress plugin repository, you should be extra careful about which ones you choose. Each new plugin you install adds another opportunity for something to break or (worse yet) a security hole. Therefore, only run plugins from trusted developers. And only run what you need.

Building a Wonderful Site with WooCommerce

Building a Woonderful Site

My terrible pun aside, WooCommerce allows you to build an online store that looks and functions beautifully. You can use it as a vehicle to make quite a good living – whether you’re running a shop or building them for others. But its general ease of setup belies the fact that there is a whole lot of responsibility in running the plugin.

Things can and do break. That’s just the nature of running a store on an open-source platform that allows for a nearly infinite amount of plugin, theme, and customization combinations (not to mention hosting environments). Neither WooCommerce nor anyone using it can predict that something will go awry with anyone specific setup.

So that puts it upon designers, developers, and store owners to know what they’re getting into. Build processes for testing updates before they go onto your live site. Do what you can to secure the site and don’t run any unnecessary plugins.

Putting a solid strategy in place from the beginning will help you keep WooCommerce (and sales) humming along.

This page may contain affiliate links. At no extra cost to you, we may earn a commission from any purchase via the links on our site. You can read our Disclosure Policy at any time.