Support » Fixing WordPress » Shopp plugin?

  • At the time of writing I can find no forum for the Shopp plugin. There’s a link, but it goes to a page of tags, not a forum. I was thinking of using this plugin but this has made me think that maybe at critical times – like when WP ugrades – the plugin breaks and the developers disconnect the forums.

    Am I being too cynical?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Shameless bump. Does anyone use Shopp (ecommerce) plugin?

    I support a site that uses Shopp, and I’m having an issue with McAfee PCI compliance with a “Web Application Cross Site Scripting” vulnerability on the account page.

    I found the same page of tags and haven’t been able to find anything to resolve this issue, so I’m not very impressed with Shopp. We’re going to have to redesign the login page (if we can figure out how it works) to resolve the issue and become PCI compliant again.

    There is a forum that is only accessible to those that are verified customers:

    There is also a Help Desk that allows those that are not customers to contact us with pre-sales inquiries or customers that can’t access the forum because of an account issue:

    Regarding robindillard’s assertions that there is a XSS vulnerability on the account page, I replied to the concerns on our blog.

    We’ve come across this a few times where some PCI scanners report vulnerabilities that are in fact not vulnerabilities. In one case we saw a PCI scan of a Shopp site that reported an XSS vulnerability in the Cart via the promo code input. However, we do proper escaping by encoding entities from the input. The re-encoded input is output back to the browser in a “safe” form that prevents it from creating a real problem. However, because the scanner detects parts of the output in the value of the field, it flags a problem despite there being zero chance of an XSS attack being successful.

    On issues like that we’re at a bit of a cross roads as we know we are properly filtering input and escaping output despite these scanners saying there is a problem. We could fix it for that specific scanner, but then there could be problems in other scanners as each scanner may have slightly different assertions about the proper handling of the test case exploits. We have a lot more research to do before we can resolve this issue universally.

    Shopp is a great plugin. I am using it for various sites. Its stable and very sturdy which is the important thing and its template and plugin API is extensive giving you the ability to really customise the hell out of it.

    As if it was not great already Shopp 1.1 (coming out soon) just takes it up another level. Although its in development its taking time cause the release will be very stable and just work, which is why the nitty gritty of everything is being sorted out. Ive seen a preview of the latest release, its awesome and i cannot wait.

    PS. I have tried other ecommerce plugins out there and they just dont match the finesse and stability of shopp

    I’m also interested in using Shopp, but didn’t hear back from the support helpdesk (I think maybe my message didn’t go through? Not sure) but was wondering how many products Shopp can reasonably handle? Like if I wanted to use it for 1,000 products, would it be able to work with that?



    I am sorry to say but after reading many blogs the Shopp seemed the best alternative for a wordpress shop website and the reality was not so perfect. The company building the software is not offering acces to the forum before buying a license, because if you read the stuff in there you will never want to buy the software. I am angry because I have spent money and time to debug the application and the huge bugs are a show stopper.

    The integration with wordpress is not that ok, think that you can not use WordPress search to search inside the wordpress pages and post at the same time to the products inside the shopp. The custom types used in the shopp plugin have noting to do with the ones in wordpress so any special implementation requires core modification.
    Orders are not registered at the submission of a form, but after the response of the payment gateway and many other problems like this.

    The worst part is that the support for this pluggin reassembles more of a hobby for the developers. The forum community is nice but not so helpful, there are a lot of post without answer and some of them describing serious bugs.

    I am using the last version 1.1.5 and we have 2 experienced PHP programmers working on the project.

    I completely agree with Lebada’s comments about Shopp. Their website does a good job selling the product but once you’ve paid and have access to the support and forums sections, it is very disappointing. The help files and documentation are very weak. Unless you’re ready to dive headfirst into PHP code, you may wish to reconsider.

    I’ll add something based on my experience with Shopp. It is not a WordPress plugin the way you might be used to. In fact, very little of it is actually used with WordPress. It’s more like a “bolt on” ecommerce package that just so happens to work with WordPress. If you aren’t comfortable with PHP or know someone who is, you’d be better off looking elsewhere!

    I believe you’re right Sherice. However, the Shopp website says this:

    Shopp is an e-commerce plugin that adds a feature-rich online store to your WordPress-powered website or blog. Get your store up and running in minutes.

    A bit further down on the main page, it says:

    Shopp seamlessly integrates into your WordPress website from administration to your online store’s shopping experience. It looks and works like it was meant to be part of WordPress all along. And Shopp plays well with other plugins by adhering to the WordPress plugin development guidelines.

    Now the easiest publishing platform is also the easiest e-commerce platform for the casual blogger and the most creative developers.

    If they described it like you did, it would be more accurate and give a better idea of what to expect. The silver lining for me is that it is forcing me to study PHP and learn something new!

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Shopp plugin?’ is closed to new replies.