All the “advice” around here is scary. The only thing you should do when you hear WordPress is to run away, and definitely not entrust it with customer details including payment details.
WordPress is an old legacy pile of crap and a brilliant example of how not to design a web application. The awful code quality inevitably leads to regular security issues which is dangerous for a website selling things; an attacker can steal customer data or replace the payment page with something that steals card details. Performance is another issue. Anytime a WordPress website is linked on a high-traffic website (Hacker News, Reddit, etc) it goes down - something that just doesn’t seem to happen with most other websites. Not surprising when it needs to make 50 DB queries just to render the home page.
Maintenance is also another issue; you need to maintain a server (definitely avoid shared hosting for anything containing people’s personal data), secure it, update it regularly, etc. Do you have the expertise and time to do it? Shopify is cheap in comparison.
Sorry for the “bad advice” OP. You should follow that of @Rjevski and spend thousands to have something bespoke and ultra secure on your own dedicated box.
If in your last sentence you’re suggesting Shopify, I think you should do some research and you’ll find they’re much worse for security.
Every company makes mistakes but I would still trust a company with a dedicated team of engineers, a stock price and reputation to maintain and the fear of losing their PCI-DSS certification over a pile of random PHP scripts on an overloaded shared hosting server set up by following a tutorial on Google.
I also don’t see how Shopify are worse? The only recent thing I found is a vulnerability disclosing revenue data; while it’s bad it’s one instance and customer data was not affected. In comparison, WordPress vulnerabilities are discovered monthly or even weekly and most of them lead to complete remote code execution which means attackers can silently modify the site to exfiltrate customer and payment details (which can have a GDPR liability) and gain persistence so they keep their access even after you patch the vulnerability.
Btw don’t take it personally, this is nothing against you and just against putting customer data at risk & having compromised servers used for nefarious purposes (hosting phishing websites, denial of service attacks, etc).
All I’m saying is that it’s nowhere near as bad as you’re making it out to be. You’re going to scare the poor bloke into not wanting to do anything online.
All he needs is a simple website to sell some bits online and Woocommerce it covers all that - he’s not Jeff Bezos!
Wordpress is not too scary but it is old but as lot have said you do need to know what you are doing in order to build and maintain to website and you also need a good host some hosting providers have extra or added security on the end for Wordpress they is also add on you can download to Wordpress to help with security and performance on the site.
Wordpress isn’t old I’m not sure what you’re trying to say with the rest of your statement either. The person who originally needed help is sorted now so let’s leave it here.
Yeah whatever suits you best and gets you up and running
Just remember to keep evaluating it all and as the website grows you’ll come to learn what you need from it, what works well and what doesn’t. Keep tweaking and refining as you go and I’m sure you’ll do well.
I’m not sure what you’re trying to say with the rest of your statement either. The person who originally needed help is sorted now so let’s leave it here.
