Open source technologies are accessible to anyone — free to download, free to use.
They provide a solid framework for your innovation, creativity, and growth and have outlasted scores of competitors, but they do require a bit of hands-on work. In part three of our eCommerce for WordPress series, we explore three topics key to setting yourself up with open source eCommerce: hosting, updates, and security.
Choosing the right host for your WooCommerce store
Large open source platforms like WooCommerce and Magento — and smaller ones like OpenCart and ZenCart — are flexible enough to work with most hosts. Not all website hosting companies are the best choices for larger eCommerce sites, so it’s worth doing your research.
Site hosts that are used to working with informational websites might see an influx in traffic as a potential DDOS threat — something that does happen to news organizations — so the right action is to limit traffic to the site. But a sudden traffic spike to an eCommerce site might be due to a sale, or a highly anticipated new product release. You want the site to have a busy few hours, and limiting traffic would hurt sales.
Website hosts with eCommerce experience won’t make this mistake with online stores. eCommerce owners should look for specialized hosts, particularly those that can respond to your notice to prepare for a traffic surge.
Hosting options for websites built with open-source software
Working with open source software means securing your own host. There are four basic kinds of hosting: shared, VPS, dedicated, and cloud.
- Shared hosting is a good choice for small businesses that have uncomplicated sites and don’t need a ton of support for video, special effects, etc. With shared hosting, websites share server bandwidth with other, similarly-sized sites. Most shared hosting sites offer a few different plans, with reasonable costs.
- VPS (virtual private server) hosting also puts multiple sites on a shared server, but pieces of the server partitioned off and dedicated to individual websites. VPS hosting can also scale up and down as needed, and can handle demands for faster speed. Often, VPS hosting provides managed services like automatically software updates and patches.
- Dedicated hosting refers to a server dedicated to a single website. This is for very large websites with unique demands for speed, bandwidth, customization, and especially security. Bluehost, which provides shared, VPS, cloud (more on that below), and dedicated hosting, provides up to 15 TB of space for websites using its dedicated hosting services.
- Cloud hosting services are extremely responsive hosts because they pull their strength from networks around the globe. Most cloud hosting is done on what’s called the public cloud, using servers that are available to the general public. A private-cloud host draws from private servers and usually have dedicated, fenced-in resources they don’t share with anyone else.
It’s worth mentioning that a lot of hosts offer both Shared and VPS, so if you’re starting out you can start with shared and grow into a higher tier offering without having to leave your host. Check your host for how they’d migrate your site once it’s time to grow
Five important eCommerce hosting features
Now that you have a sense of your hosting options, take a look at the features you should expect from your host.
- Dedicated IP address: You want your IP address to be your creation, not your host’s. You won’t find this with free hosting services because they attach their name to your IP address. This means you can’t customize URLs, an important part of search engine optimization (SEO). A dedicated IP address is whatever you choose and remains yours for as long as you pay the domain registration piper.
- Free SSL certificate: Hosts used to charge quite a bit — $100 or more! — for a secure socket layer (SSL), AKA the https:// protocol and that little lock icon in a site URL that verifies a site’s communications are encrypted. Now, it’s standard practice thanks to Google’s insistence that all websites have SSL protection; Google feels so strongly about this that its Chrome browser will warn you about visiting insecure sites. Today, most hosts provide SSL certification as part of their services and don’t charge an extra fee. Yours should, too.
- 24/7 uptime monitoring: You don’t want to hear that your site is down. Ask potential site hosts about their uptime monitoring: specifically, whether sites are monitored 24/7 and how quickly any service interruption will be resolved.
- Tech support: How much tech support do you think you’ll need? Many hosts are available 24/7, and that’s built into the price. But if you don’t foresee doing a ton of complex work yourself (in other words, you have a developer who does this for you), why pay for live 3 a.m. support you won’t need? Many questions can be easily resolved via a chatbot or email. Just ask how quickly support will respond to your questions — twenty-four hours is acceptable for most business owners who aren’t doing complicated work themselves.
- Security: Finally, ask about security. Here’s a checklist that lets site hosts know you’re serious about keeping your website visitors safe. Notice how many of these practices you’ve probably been doing on your own computer for years!
- Virus and Malware Protection: How often are antivirus and malware scans performed? Does the host monitor for unusual activity on the site? Can they remove viruses and malware, and how soon after discovery? Is there a way to see reports?
- Firewalls: How strong are their firewalls? Can they deflect a DDOS (distributed denial of service) attack?
- Backups and protection: You should be backing up your data, but you want your host to do this, too. How often do they do backups. where they are stored (preferably off-site)? Can they help you restore your website if it goes down, or repair corrupted files?
- Onsite security: Site hosts are businesses and should use the same security measures as any other business that handles sensitive data. Does the host company run background checks on employees? Are employees with access to clients’ websites required to regularly change their own passwords? How secure is the physical building or remote access used?
There’s an entire industry of hosts that work with open-source platforms like WordPress (which isn’t surprising when you consider that WordPress is behind 30 percent of all websites on the Internet). These hosts go the extra mile for their WordPress clients. They automatically update software and notify you before and after. Many will also let you know if a particular plugin needs to be updated.
If your host doesn’t offer these services, consider Jetpack, a multi-purpose plugin including uptime monitoring, additional security, spam protection, daily backups, auto-updates, and more. Jetpack has a great list of partners they work with as well.
WooCommerce plugin and extension updates
All software updates are critical. They often include security upgrades and patches; ignoring them can leave your site vulnerable or hurt its performance, so when you see an update notice you shouldn’t ignore it!
Read more about how to safely update WooCommerce, and WooCommerce extensions, and learn best practice around making backups.
Open-source security: Driven by the community
Open source software like WooCommerce has a lot of protective eyes on it, as CSO Online’s security reporter Maria Korolov recently wrote. If someone spots a bug, they can fix it immediately. They don’t have to wait for a software owner to notice your email and take action on it.
Given the cooperative nature of the WordPress and WooCommerce communities, news about threats and fixes or patches spread quickly, and there’s a world of developers out there who are creating open source security tools. They build and share tools that check files for secret codes that don’t belong there, use pattern matching tools to root out malware, and find endpoint anomalies.
As a store manager, you can take further steps like changing passwords often, installing firewalls, and making sure you’re scanning for malware as well as viruses.
Tomorrow we look at how much it costs to run a WooCommerce store.