What is WordPress?
WordPress is the most popular content management system (CMS) in the world. It is used by as many as 33% of all websites and 60% of websites that have a CMS engine.1 WordPress was created in 2003 and its original purpose was to support blogs.
Today, more than 15 years after its launch, the WordPress engine is used to design small and large company websites, news sites, social networking sites, and online shops. The most famous websites using WordPress include The New Yorker, BBC America, the official Sony Music website, and Microsoft News Centre.
You can learn more about WordPress from our video, created on the occasion of the system’s 15th birthday (2018).
Record-breaking popularity
WP’s popularity is growing month by month. Customers who contact creative agencies first ask about the possibility of designing a website based on WordPress. The advantages of this system are undeniable: it is open source, i.e. free, and constantly supported by a huge local and international community. It also has tens of thousands of free and paid plugins that extend its functionality.
Unfortunately, there are also disadvantages: increasingly frequent cybersecurity incidents force regular maintenance of CMS-based websites, which increases their maintenance costs. Failure to keep the system up to date poses a risk of hacking, data leaks or uncontrolled spam. All it takes is a moment of inattention to fall victim to a malicious attack.
Popularity attracts cybercriminals
One of the most recent and spectacular attacks of this type was the vulnerability of the WP GDPR Compliance plugin (November 2018). A vulnerability in this popular “GDPR plugin” allowed unauthorised creation of an account with administrator privileges, followed by arbitrary actions. Most often, this involved adding malicious scripts to the database or WordPress core files. Some administrators lost access to their websites. Mass exploitation of the vulnerability was made possible by automated scripts – cybercriminals did not have to search and “click through” each site separately.
WordPress conquers eCommerce
In September 2011, a WordPress plugin was released that allowed websites to add online store functionality for free. Of course, we are talking about WooCommerce, which currently powers over 5% of all CMS websites and about 30% of online stores.
In the official WordPress repository, on the WooCommerce subpage, there are 4+ million active installations and a rating of 4.6*. The actual use of the plugin is probably much lower, with Similar Tech statistics showing 618,000 unique domains on which Woo is installed.
The next places are taken by such eCommerce solutions as Shopify (2.7% of all CMS), Magento (1.8%) and PrestaShop (1.4%). These are autonomous solutions not related to WordPress.
Apart from WooCommerce, the WP repository contains other eCommerce plugins, but they should be considered marginal (e.g. Easy Digital Downloads with 60,000 installations and WP eCommerce with 20,000).
The above statistics show how significant the role of WordPress is, not only in website development, but also in eCommerce.
Is WooCommerce the ideal solution?
Despite the popularity of WooCommerce, it is worth considering whether it is really a universal solution for online shops. A shop is not just a regular company website or blog – we process much more personal data and handle payments. Any downtime, failures, and especially data leaks or spam sent to customers can effectively scare users away and even cause a business to fail.
This article is not intended to discourage you from using WooCommerce. We are only describing the potential risks for e-commerce websites, especially larger ones with many products and features. When choosing a solution for your shop, it is a good idea to consider the task it is supposed to perform. The most popular option is not always the best for everyone.
Free – are you sure?
WooCommerce is an open source plugin for WordPress. It is free and easy to configure. After installation, you can immediately start adding products and selling.
For small shops selling a dozen or so products or, for example, subscriptions or e-books, the basic functionality of WooCommerce should be sufficient. Problems arise when we need additional quick payment options (WooCommerce has only two built-in options: bank transfer and PayPal), combined shipping options or parcel locker support.
If we want our shop to stand out visually, we will not be satisfied with the standard, free themes that support WooCommerce.
To get a complete picture of the expenses, we must not forget about the maintenance of WordPress-based shops. Due to the increased processing of customers’ personal data (emails, mailing addresses, telephone numbers, and often clothing and shoe sizes or dietary supplement preferences), shops should be even better maintained than “regular” WordPress websites.
Regular maintenance can also protect our shop from database “bloat”, which occurs when the shop has several hundred/thousands of products and the database starts to store customer sessions. At ADream, we have had cases where the WooCommerce database increased in size to 3098 MB, while the data actually needed only took up 70 MB. With such a large database, problems with backups arise and the website does not function optimally.
As part of maintenance, the following minimum should be carried out:
- making regular backups of the entire website and database,
- updating plugins, themes, and WordPress core files,
- regular scanning for malware.
While for a small project, maintenance can be carried out by the owner or their employees, for larger shops, this may prove insufficient or even give a false sense of security.
License issues
The most common problem that arises when servicing websites is the owners’ lack of awareness that licences for some plugins or themes may expire. Such plugins will continue to work, but cannot be updated, which can lead to problems such as incompatibility with the rest of the system or even malicious exploitation of vulnerabilities in outdated software.
It is often the case that a company or freelancer creating a shop based on WooCommerce does not think about what might happen when the website starts to grow or when the licences expire. The unaware owner does not maintain the website and does not look into the matter as long as the website is working. When it stops, it is an unpleasant and often costly surprise.
