Contact WooCommerce for Myths, strengths, and weaknesses of open eCommerce support

WooCommerce is ready to help you get the answers you need.

Be as specific as possible - let us know what you expected, what's happening instead, and when you noticed this. The more detail you, provide the faster we can help.

Replies will be sent to you at

Thanks for contacting WooCommerce

WooCommerce will reply to your questions about Get extension name shortly.

While you wait, check out these handy resources:

MailChimp for WooCommerce

The new and improved MailChimp for WooCommerce extension opens up a world of smart, automated marketing - and it's free!

Myths, strengths, and weaknesses of open eCommerce

Written by bekarice on November 29, 2017 Blog.

This is part of a series of posts highlighting talks from WooConf. Watch the video or read the points below.

 

 

It can be daunting to know where to get started, if you’ve not worked with or used open source software before: “Where do I turn when I have questions? How do I go about setting up this software? Who is building it?” When you’re looking to build a business on top of this software, you want to have confidence that the tools you’re choosing will last, and will be the right fit for your store.

While it may seem like the path towards using open eCommerce platforms is less transparent for a new merchant, open platforms like WooCommerce give merchants unparalleled flexibility, freedom, and sustainability while powering their business.

Let’s take a look at some of the myths of open eCommerce, and its strengths and weaknesses, to learn more about how it can be a huge win for merchants.

But first, a story: In a world…okay, so I don’t have a great movie voiceover impersonation, but I hope the one you heard in your head was good! Let’s start with a story, imagining your very own movie trailer: In a world where you’re an entrepreneur, you’ve built your own successful business selling laptop stands. It’s taken four years to get here, much of which was spent:

  • Designing your laptop stands and building prototypes of the product
  • Sourcing production materials and determining manufacturing cost per unit
  • Figuring out where and how you’d manufacture your product
  • Determining how much inventory you need on hand and replenishment strategies

…all before you could even think about how you’d sell this product and make money from it. Only then you could talk about sales and distribution strategies. You decided to sell via your own online store and Amazon, and now you’ve finally passed a milestone after a year and a half of sales: your company generated $1.5 million in revenue this year.

You’re a model seller on Amazon, with 98% positive feedback, 99% on-time delivery for all orders, and a 0.11% defective product rate. Amazon now generates 80% of your revenue.

However, since you sell laptop stands, your customers are a bit more tech-savvy than most. They know that if they want to try out a different stand, there are two ways to get free return shipping on Amazon: say the product was defective or “not as advertised”, and the seller pays for return shipping. Despite your wonderful track record, it only takes a small amount of negative feedback like this (5-10 instances) to be completely removed from Amazon.

That means that, overnight, your business of nine people must lay off four employees or more, and you have over $350,000 in inventory you can’t sell and are paying to store. Your effective business has been effectively squashed. And by the way, this really happened — you can read about it (different product, same situation).

Based on a True Story

While we could look at this as a cautionary tale about selling in a marketplace, I see this more as a larger concern: Merchants should evaluate their reliance on a platform that can shut down or remove them at any time in terms of acceptable risk factors for their business.

The beauty of open source eCommerce and WooCommerce is they can empower merchants to start their own businesses without relying on the whims of their platform.

Open Source Myths

There are a lot of misconceptions about open source software (OSS) in terms of its price, when it can be used, and whether it’s a good fit for businesses. Let’s break down some of the top myths about OSS.

Are open source solutions for small stores?

In other words, can open source solutions like WooCommerce scale for large businesses? Of course — “scaling” software doesn’t matter whether the software is open or not.

Open 24 Hours

And in fact, if you do run into areas that need optimization, at least you’ll have control over the source code to make potential improvements with an open platform vs. one where you don’t have access to the code that runs it.

In fact, here are some benchmarks that WooCommerce can hit:

  • Up to 5 orders per second
  • That’s 20,000 orders per hour, and about half a million per day, if your store can sustain that rate for more than a flash sale
  • 4,000 – 6,000 concurrent shoppers on the site

More importantly, WooCommerce 3.0 has already made some improvements to these metrics, and WooCommerce 4.0 will expand them much further!

Scaling is much more a function of hardware, intelligent caching, and other smart performance enhancements. You’ll certainly pay to scale up an open eCommerce site as you buy more server resources, but the software likely won’t be your limiting factor.

Is open source software free or cheaper to use?

Open source software is often referred to as “free” software. This term means free as in freedom, not price — open source software gives users maximum freedom in terms of usage and flexibility. While WooCommerce is free in terms of price as well, open software does not have to be free. For example, WooCommerce extensions are sold for a fee, but they are all open source since they carry an open source usage license.

While open source software is often lower cost than proprietary software, there are other costs to using it, such as hosting or developer time. When using open eCommerce platforms, you may pay for other “responsibilities” that a proprietary platform would absorb, such as hosting or support services.

In short, open platforms can be cheaper to use, but not as a rule.

Is OSS harder to use than proprietary software?

Nothing about software being “open” makes it inherently harder to use. Rather, most difficulty related to OSS comes from self-hosting that software – using or renting your own hosting service vs. using one the software author provides.

When you self-host, you’re running your own “instance” of the eCommerce software. This allows you to benefit from the flexibility OSS affords, since no one else has control over shutting off or modifying your store. However, this means that higher-than-average technical skills are required. At some point, store owners who self-host will need to know things like:

  • How to register a domain name and source DNS hosting
  • How to set up the site with a hosting provider
  • How to use or provide FTP access

These are difficult asks of many merchants, who want to focus on running their business, not their websites, so to leverage the benefits of open eCommerce, it will be more difficult for merchants to get started. This why the WooExperts program is so helpful 😃 .

Open Source Strengths

Where do open platforms like WooCommerce really shine? Why do companies choose open software vs proprietary software?

Data Ownership

What happens if you’re on a hosted platform and they go out of business, or choose remove you? Even if you haven’t breached terms of service, the inability to access customer data and orders means that your business could be killed.

Not only that, think about all of the other data you’d lose: Product descriptions, photography, and inventory tracking. Using a proprietary system makes you dependent on that system for this data, and you may not be able to extract it from the system to move elsewhere, or to save your business if, for some reason, you can no longer use the platform. That’s why “Freedom from vendor lock-in” was the #1 reason companies chose OSS in 2016.

Crunching the Numbers

Because your data is your own, you also avoid usage-based or transaction fees sans hosting — you won’t be charged to have more products or more orders because you’re in control of the code that runs your store.

Essentially, you’re renting a service from a proprietary system. You truly own your store with an open system.

Security & Code Quality

“Quality of solutions” is the #2 reason companies choose OSS. Open software is typically higher quality than proprietary systems:

Commercial software typically has 20 to 30 bugs for every 1,000 lines of code…The study identified 0.17 bugs per 1,000 lines of code in the Linux kernel
– Source: Carnegie Mellon + Stanford University studies

Bugs per 100 lines of code

Open means “secure” — there are more eyes on the code and more people contributing and, as a result, vulnerabilities and bugs are surfaced rather than buried.

“Vulnerabilities and bugs are surfaced rather than buried”

Flexibility & Freedom

My favorite part! The freedom and flexibility that open systems provide is the main reason I prefer OSS over closed systems.

Others agree: The “Ability to customize and fix” the software is the #3 reason companies choose OSS. Not only do you have freedom in terms of usage, but you also have freedom in terms of the codebase.

Usage freedom means you won’t have restrictions on number of products, variations, images, orders, or other parts of your store. You also can’t be told what you can or can’t sell. You’re running your own platform, so you’re not restricted by the terms of a proprietary system, and you can’t be removed for violations.

Jumping in the air

Development freedom means that you can build on a platform and customize it to your needs, and that developers can do the same to offer you apps, plugins, or other solutions.

  • With an open platform, your needs dictate your store’s functionality, not what the platform allows you to do or gives you with built-in features. If you want to offer a custom pricing structure or a special tiered discount system and it doesn’t exist yet, it can be built into your platform. This isn’t possible with a proprietary solution because you don’t have access to the codebase.
  • Open eCommerce platforms are more extensible than proprietary systems. Find proprietary software that gets you 90% of the way there? Too bad, it likely won’t work for your project since you can’t modify it for the last 10%. OSS projects can be used as a starting point for custom projects because you can manipulate the codebase rather than only working with available APIs.
  • Find a bug, or need a way to make customizations? You can submit it! With a proprietary system, you can only interact with defined APIs, but open platforms let you contribute.
  • Open platforms like WooCommerce are also developer-independent. If the original author loses interest, sells the business, or doesn’t want to offer the platform, you’re not beholden to them — since your store runs on its own set up, you can keep using it and hire other developers to maintain it or take it in a direction you want. On a larger scale, the project can be adopted and maintained by others.

Using open systems gives you true flexibility in terms of usage — both in the system and within the code.

Interoperability

With WooCommerce and other open solutions, interoperability is unparalleled. Because the source code and access is open, there are often pre-existing integrations with other services, or they can be built. Need to work with a niche payment or shipping provider? A solution may already exist; and if not, it can be built.

With WooCommerce, you also get the WordPress multiplier — there’s an enormous ecosystem of plugins and themes available to modify your site. Need a way to “tag” customers in your system? If you use proprietary software, you may not be able to this. There may not even be a WooCommerce plugin to do so. However, because WooCommerce leverages WordPress, there may be a plugin to work with WordPress users that solves your needs exactly. The large existing developer community and “add-on” ecosystem means you can almost always find a way to meet your site’s needs, or use another project as a starting point.

highway interchange

Interoperability doesn’t only mean connecting your site to other services — it means how your store connects to your overall website, too. Proprietary solutions for eCommerce are focused on eCommerce, not on complete websites. They may not give you flexibility in terms of sharing other content, segmenting customers, or building a community on your site.

Because WooCommerce uses WordPress, your site can be built around content, customer interaction, or whatever you’d like. The business goals of your whole site and your marketing strategies need to be considered before locking yourself into a platform that won’t support your goals.

“Because WooCommerce uses WordPress, your site can be built around content, customer interaction, or whatever you’d like.”

Community

Sustainability is a large concern with OSS projects — you want to be sure that software you’re relying on is going to be maintained for a long time to come so your business can rely on it. Leaning towards projects with (a) an engaged and active community, (b) commercial backing, or (c) contributors backed by commercial entities helps mitigate the risk of abandonware.

On the flipside, OSS projects are not dependent on the company or author that originally created it, so even if a project is abandoned, it can be used for the long term and any developer can work on it.

So what does this sort of “community” mindset do for you as a site owner? What does it mean when a lot of people build or contribute to software? Usually, this results in a lot of resources or groups where you can get information and assistance about the platform to help you learn and grow. With WooCommerce, you can benefit from:

Open Source Weaknesses

Where are open source platforms weak? In terms of responsibility — while they afford users amazing flexibility and freedom, this comes at a price: The user is responsible for the site, maintenance, and setup. To take full advantage of an open source platform requires the user to take ownership of their site instance that runs the platform.

Who is responsible for resolving conflicts? How about ensuring that updates are done? These are all the tradeoffs to flexibility: The site owner is responsible for things that a proprietary platform might include as part of its “service.”

So how can we overcome these weaknesses? It all comes down to knowing where they are, and developing the right partnerships and tools to target these weaknesses.

Setup and Configuration

Open platforms are strongest when the store owner has ownership over where the platform is run — in other words, when self-hosted. However, getting to the point where the store is set up can be difficult. Sourcing a hosting platform, setting up a domain name, and getting the platform installed are all barriers that need to be crossed before the store is ready.

Many hosting companies help with this by pre-installing WordPress and WooCommerce, and many will even register your own domain name for you (though I recommend registering it yourself instead so you don’t get locked in). For developers, ensuring that you go through this process for your clients helps them get up and running with a minimum of hassle.

Optimization

Proprietary systems optimize their own hardware and software stack for merchants — caching configuration and performance tweaks are built into the platform. While open systems do focus on performance, they can’t depend on specific hosting configurations, database optimizations, or caching configurations are in use. As a user, these are questions you should be asking of a developer or hosting company.

Networked Hardware

Hosting companies, developers, and agencies should focus on quality hardware, intelligent caching, and other performance enhancements that aren’t “out of the box” to provide great eCommerce experiences.

Maintenance

When using a proprietary system, “maintenance” is built in and transparent to the user — they don’t have to worry about security patches, compatibility changes, or regular updates. These are scary terms if you’re not sure what those changes are doing, and how to be sure they’re compatible with your own setup.

Store owners can ensure they have a developer on call to assist with these changes, and devs or agencies should be using staging or development environments to ensure that updates and maintenance are a breeze so stores have no downtime.

The Real Power of Open eCommerce

The power of open eCommerce comes from freedom and community:

  • Users have the freedom to use the platform in the way they choose, with the tools that make the most sense for them. They have the freedom to use the platform for as long as they see fit, without being locked in or at risk of being removed against their will.
  • Developers have the freedom to build on and contribute to the platform. They’re not subject to what APIs the platform uses, and can read or modify source code as needed.

For merchants, open platforms give you enormous flexibility and low risk, so partner with a good developer or agency to overcome setup and maintenance weakness of open solutions. If you’re a developer or agency, you’re key to making OSS eCommerce work for your clients — focus on overcoming weaknesses and leveraging strengths to give them the best solution possible. With your help, merchants have no downsides to choosing an open solution 🙂


Beka Rice is the Head of Product, wannabe writer, and a leading gif-sharer at SkyVerge. She works extensively with merchants using WooCommerce via SkyVerge’s set of 50+ WooCommerce extensions, chatting with store owners at Sell with WP, and helping merchants and agencies drive more sales with Jilt.

3 Responses

  1. Patrick Pitman
    December 6, 2017 at 1:28 am #

    Thanks for communicating the important strengths of open source ecommerce.

    I appreciate the power of open source in its ability to free site owners to choose their host, own their data, configure or customize to meet specific business needs, and sustain a platform beyond the support of its original software developer.

    And there are big responsibilities. You encourage the site owner to seek support in meeting them from a developer or hosting company. But the “weaknesses” section of your article doesn’t directly address the Payment Card Industry Data Security Standard (PCI DSS) as I’d expected, so I’m asking here:

    Would you comment on the security responsibilities of the site owner as concerns the PCI DSS when using WooCommerce to collect sensitive cardholder data from their own web host?

    It seems that the expectation among WooCommerce site owners is that by using Stripe, and running HTTPS, and having a relatively low sales volume that qualifies for the simple self-assessment, that they’re covered and compliant.

    I’m curious: is WooCommerce plus Stripe and HTTPS a sufficient way to keep the web host out of scope of the PCI DSS for sensitive card-holder data?

    Stripe documentation seems to defer responsibility to the developer and hosting company with the sole exception of their iFrame hosted payment form. The iFrame method isn’t what WooCommerce is relying upon for secure payment collection, right?

    I understand the ‘token’ concept that Stripe popularized and how that minimizes risk, how there’s no cardholder data stored on web host, etc. Nonetheless, the code base on the wordpress web host, the plugins, containing the callback to Stripe ought be secured to the PCI DSS standard. Or am I missing something?

    The secure code base standard sets protocols around access controls, developer procedures, audit trails, distributed roles, etc. These aren’t even imagined by the small ecommerce site owner nor most wordpress web developers.

    WooCommerce is enormously attractive, as its number of installs and vibrant community attest. So is Stripe.

    But there seems something missing in terms of responsibility, in the sense that there’s a PCI DSS certified infrastructure and internal process that is often absent among WooCommerce sites using Stripe.

    I write this having built wordpress sites, and also as the former founder of a proprietary ecommerce hosted software company that found itself 10 years ago in a sensitive card holder data breach. A forensic audit mandated by Visa, then a certification process that sent me slogging through every detail of the PCI DSS with Rackspace engineers cautions me to not underestimate the responsibility.

    One conclusion I took from that audit and certification process was that the standards of security are applicable to all merchants, but only the very biggest merchants or payment processes have to certify to that standard. The smaller ecommerce site owners self-assess in a perfunctory way, but that doesn’t absolve them of the standard practices and being accountable for them.

    What hosted proprietary software platforms promise is peace of mind from such responsibility.

    Though they make the promise, they don’t always live up to it, as in the case of my mistakes 10 years ago. But that peace of mind promise in a PCI DSS context is something that WooCommerce defers to others. I expect most site owners don’t realize this and so underestimate their responsibility and have an unwarranted sense of security.

    Maybe I’m missing something fundamental, so welcome your reply.

    • Beka Rice
      December 6, 2017 at 3:45 am #

      Heya Patrick! Definitely a lot to unpack here, happy to add my $0.02. I’ve also written a bit about this here.

      In short, PCI compliance can certainly be more difficult to achieve when self-hosting, and relates to your entire “stack” as a merchant. With a hosted platform, they may do more of the work for you, but you’re also relying on them to follow compliance guidelines, and do not have control over whether they do or not.

      So first: do you need to be 100% compliant? Not every gateway requires you to go through a full self-certification process. Some will instead add additional fees to your merchant account if you’ve not gone through this process. I don’t recommend *not* being compliant, but it’s good to be aware of what your payment provider asks for.

      So how are you achieve compliance then, if that is your goal? Using an SSL certificate isn’t the only requirement to achieve lower levels of compliance; in fact, with many gateways, this is insufficient. As you’ve noted, there are also other aspects to this, such as auditing site procedures.

      My recommendation is that merchants go through the self-certification questionnaires to ensure they understand good practices around saving and sharing customers’ non-sensitive data (such as addresses), along with how login info and other site information should be handled.

      Next, they need to be aware of what they payment provider offers. While you’ve focused on Stripe here, it’s not the only option available, and many options meet even higher levels of compliance that Stripe does by using hosted iframes that post directly to the payment processor’s server, hosted fields (like PayPal Powered by Braintree), or redirecting to payment pages.

      For merchants looking to meet the highest levels of compliance, I recommend these gateways instead, since they offload responsibility of handling payment data to the processor rather than the merchant site.

      While options that keep customers on-site like Stripe can be amazing options, and using some sort of client-side tokenization provides a nice balance between usability and security, the beauty of using an open source platform is that you can choose exactly how you’re integrated with your payment processor, and have the ability to use hosted payment options if needed, or to ensure your site enforces other security practices and requirements if you don’t want to use a hosted payment page 🙂

  2. Neha Shukla
    December 12, 2017 at 12:02 pm #

    Thanks for sharing the info. I have worked on the various eCommerce platforms like Prestashop, Magento, Opencart and so on. I just wanted to learn about other open-source eCommerce platforms. So, I decided to start off with WooCommerce for now and you are being a true friend. Nothing can be better than you when it comes to learning about wooCommerce. I really like this post. Thanks, Beka Rice!!!

Leave a Reply

WooCommerce - the most customizable eCommerce platform for building your online business.

  • 30 day money back guarantee
  • Support teams across the world
  • Safe & Secure online payment
%d bloggers like this: