WooCommerce has become the de facto solution for running an ecommerce website with WordPress. This is especially so since Automattic (the company of WordPress co-founder Matt Mullenweg) took over the wildly popular plugin in 2015.
The fact that WooCommerce is free (with the option to use free extensions or buy commercial ones) and fairly easy to set up is very attractive to those looking to sell online without breaking their budget. It’s possible to build an online shop that looks and functions similarly to the upper echelon of online retailers.
Book Your SmashingConf New York Tickets Now!
Get $100 discount off SmashingConf New York tickets with promo code SmashinglovesSpeckyboy
But this particular path of ecommerce has its own requirements and challenges. WooCommerce is a different animal than the likes of Shopify, Miva or other SaaS providers. There are things you need to be aware of in order to make the most out of your site, along with maintaining security and stability.
Let’s take a look at some of the hidden secrets to winning with Woo:
Test Updates on a Development Site First
Because your WooCommerce shop could also be running alongside any number of different WordPress plugins, updates aren’t always a smooth process. Bugs not only show up in new releases of Woo, but conflicts can arise with any plugin or theme you have installed. It can be a hot mess if not handled properly.
That’s why I always recommend running a development (aka staging) version of your site. Some WordPress specialty hosting companies will provide this for you. If yours doesn’t offer this service, there are plugins that can help. Or you can install a MAMP or WAMP server on your own system.
A staging environment gives you the opportunity to test out the latest plugin updates without fear of breaking your live site. Install any available updates, click around your site and put through a test order or two. If everything works as expected, you can run the updates on your live site (or push them if you’re running some sort of version control). If something isn’t working right, you’ll be able to safely troubleshoot without disrupting customers.
This may take you more time, but it gives you some peace of mind. Watching an update break your site is no fun. Take that possibility out of the equation with this extra step.
Don’t Touch Templates (Unless You Have To)
Yes, WooCommerce lets you override specific plugin templates in your own theme. This can be very useful for changing around layout or simply adding some information to a particular area.
The problem is that Woo occasionally updates these templates when new versions of the plugin are released. You’ll often receive a message within the WordPress Dashboard that states that you have one or more outdated templates. You can then see which ones are out of date by visiting
WooCommerce > Status.
Running outdated versions of templates may very well work – or not. Your site’s layout can go a bit wacky, or critical functionality may prevent customers from completing orders. To fix an outdated template, you’ll have to grab the latest copy of WooCommerce and re-customize the latest version of the template in question to match what you previously did. If you customize several templates, it can become a real pain.
The best way to prevent all of this trouble is to avoid customizing template files – even if they are in your theme. Instead, take advantage of WooCommerce hooks. These little snippets of code can accomplish the same results as custom templates without the worry of plugin updates breaking something.
Take Security Seriously
Security is one of the top concerns for any site – especially when selling online. If you’re running WooCommerce in particular, take care to:
Run Your Site in SSL
The barriers of price, identity verification and technical knowledge required to run your site in SSL have been broken down. With providers like Let’s Encrypt offering free certificates, along with hosts that have near-free offerings – there’s no excuse not to use SSL. For these free or cheap certificates, you don’t even need to go through any drawn out verification process. SSL increases security and consumer confidence – so use it!
Lock Non-Administrators out of the Dashboard
If you’re allowing customers to have their own accounts on your site, it’s a good idea to ensure that they can’t access the WordPress Dashboard. Even though a customer’s role means that can’t do any damage, it’s still good practice to keep them out. You can accomplish this through a plugin like Remove Dashboard Access or through some simple code.
Assign Shopkeeper Roles Accordingly
It’s always a good idea to provide a user with only the level of access they need and nothing more. If one or more non-administrator staff members need to access orders and customer information, assign them the Woo-specific Shop Manager role. This will provide a user with the permissions they need to process orders, etc. without giving them full administrator access.
Run Other Plugins Sparingly
While there are currently over 50,000 plugins in the WordPress plugin repository, you should be extra careful about which ones you choose. Each new plugin you install adds another opportunity for something to break or (worse yet) a security hole. Therefore, only run plugins from trusted developers. And only run what you need.
Building a Woonderful Site
My terrible pun aside, WooCommerce allows you to build an online store that looks and functions beautifully. You can use it as a vehicle to make quite a good living – whether you’re running a shop or building them for others. But its general ease of setup belies the fact that there is a whole lot of responsibility in running the plugin.
Things can and do break. That’s just the nature of running a store on an open source platform that allows for a nearly infinite amount of plugin, theme and customization combinations (not to mention hosting environments). Neither WooCommerce nor anyone using it can predict that something will go awry with any one specific setup.
So that puts it upon designers, developers and store owners to know what they’re getting into. Build processes for testing updates before they go onto your live site. Do what you can to secure the site and don’t run any unnecessary plugins.
Putting a solid strategy in place from the beginning will help you keep WooCommerce (and sales) humming along.