Support » Developing with WordPress » Word Press Combined With Ecommerce-Is It Secure?

  • I am considering trying to create an online store but using WordPress along with any possible plugins (besides Eshop) there are not a lot out there I know, but my main concern is security. I have been told that it is secure, and there are ways to make it even moreso. I have also been told A Lot, that WordPress is the last thing to use when building a store. I am considering tossing in the WP towel, and going with an easy to use online store like to just get the products online, and worry about customizing later, but I really love the whole look and feel of WP templates and easy to edit styles etc.

    Any ideas out there?



Viewing 13 replies - 1 through 13 (of 13 total)
  • WordPress IS secure. They constantly stay on top of making it better and correcting any security issues.

    However, it is my personal opinion(as a full-time WP developer) that if the primary purpose for a website is to sell multiple products, I would suggest using software specifically designed for that purpose [as you have already researched it seems].

    If you were only selling a few items, a “store” in WP can be done as easily as making a “Products” category and creating a post for each product with generated PayPal button code.

    BTW – What kind of guitar is in your pic? (I play as well)


    Thanks for the response. I didn’t realize that WP is secure. I have heard so many different opinions about that. I am considering going for an online store hosted by a company that is all they do is ecommerce. They say that there is a way to integrate a WP site via pointing the url fron the WP site to the ecom site. Not sure about how that one will work or not. LOL We’ll see.

    I play an Alvarez 6 string but really jonezin for a Takamine 12 string lol!


    WordPress is as secure as any other well written and actively maintained web software. Generally neither WordPress, Drupal, Joomla, or whatever app itself is the weak point. Plugins and server configs are the number 2 and 3 causes for insecurity.

    Reason #1? Users.

    Thank you for your responses.

    I have also done a lot of research on this topic during the last week, being that WordPress is unable to run as an online store without an plugin developed to operate as a way to have an online store within the WP platform, makes the entire process much less safe via the plugin, which I personally will not risk throwing products on a site to only end up with a hacked system from a plugin that was easily hacked to pry open the site itself.

    I was able to find an idea, however, of instead of using a plug in for WP. Feed the products from a different host with a 128 bit encryption, in order to bring the shopping cart in through the WP site.

    Any thoughts on this?

    Thank you


    Plugin insecurity, with known e-commerce plugins, is actually pretty small. It’s not zero-risk, but it’s really quite low. A lot of people use them, very few have problems, and when they do, it’s generally a configuration error. No, they’re not perfect, but nothing is, not even a stand-alone app.

    The reason I say plugins are the 2nd cause for insecurity is because poorly written and incorrectly installed plugins can cause issues.

    AND here’s the funny thing about what you just said. In order to bring the shopping cart to WP? You need a plugin 🙂

    It’s a trust thing. Find a good, reputable, software dev for what you want, and you’re okay. Find a fly-by-night and you’re not. This is true of all things.

    I’m not sure about the relative security compared to other plugins or installations, but I have used the Shopp plugin for ecommerce and found it very easy to use.

    I have also used the Shopp plugin and I feel it’s the best in terms of integrating well with WordPress. However, there are of course issues that do come up since it is fairly new. Also, using SSL is tough to get working with WordPress and Shopp together.

    Try Zen Cart, I’ve used it successfully on a number of large and small online shops.



    wp-ecommerce is cool, secure and easy enough to install.
    I have used on a number of clients sites.

    what is it exactly about wp, or plugins such as the big ones like WP e-commerce that could potentially be insecure?

    Arnt plugins like wp e-commerce just managing display and product info so something such as PayPal can handle the things in which need to be “Secure” like racer x said above about putting paypal buttons in a post page, which contains your product info, the only thing that could happen is your site explodes some how, or paypal gets hacked and financial info is stolen.. what kind of things other than errors could wp, or wp e-commerce have that is “insecure” im just confused.. but as some said above that main problems are server config etc.. wp is used by some pretty big companies.. so i think that proves some what that its pretty damn secure..

    this is a good topic,, would be nice to get some smarty pants guys/girls in there to keep up the discussion. 😀

    Joe Ponzio


    applesfaceman has a point. If you are integrating SSL and a payment gateway through your server (ie, if someone enters credit card info on your site), then you need to worry about security as far as your visitors/customers are concerned. If you are having people checkout through a third-party (like PayPal) where they go to that website to enter personal and financial information, then you’ll want to know that their site is secure.

    When it comes to security for your visitors, you want to know that, when they send credit card and other information, it’s over a secure line and encrypted. Because they’re doing that at and through PayPal (or wherever), you don’t have to worry about it on your site.

    We had an intrusion and attempted takeover of our server through what appears to be an injection vulnerability in WordPress 2.7.

    Let’s face it: NOTHING is secure enough to be on the same server that processes credit cards. Even then, one has only made a best effort. Until the Payment Card Industry abandons this ridiculous attitude that they alone are entitled to zero-factor authentication, it will remain so. A CC number is hardly a password, but they want to prosecute us if we don’t keep them secret. insane.


Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘Word Press Combined With Ecommerce-Is It Secure?’ is closed to new replies.