Welcome to Press This, the WordPress community podcast from WMR. Here host David Vogelpohl sits down with guests from around the community to talk about the biggest issues facing WordPress developers. The following is a transcription of the original recording.
David Vogelpohl: Hello everyone and welcome to Press This the WordPress community podcasts on WMR. This is your host, David Vogelpohl, I support the WordPress community through my role at WP Engine, and I love to bring the best of the community to you hear every week on press this as a reminder, you can find me on Twitter @wpdavidv, or you can subscribe to press this on iTunes, iHeartRadio, Spotify, or download the latest episodes at wmr.fm. In this episode we’re going to be talking about common ways people mess up WooCommerce and joining us for that conversation is Sean Conklin. Shawn, welcome to Press This
Sean Conklin: thanks for having me David appreciate it.
DV: Glad to have you here for those listening which Sean’s going to cover is what store owners and agencies or if you’re an agency building a WooCommerce store should do and most and I kind of saw the list ahead of time and I think if not all cases, but Sean’s gonna be sharing his thoughts around kind of the way to avoid problems with WooCommerce and set yourself up for success. So really excited to have Shawn here to talk about all that. Shawn to kick us off. I’ll ask you the same question I asked every guest for our first question, briefly tell me your WordPress origin story.
SC: Okay yeah that goes back to 2008, and the financial crisis at the time. A good friend of mine was laid off, and I was sort of furloughed Part, Part laid off, if you will. And we decided you know what we need to do our own thing. And so we were doing some consulting work, and really just telling everybody you know yeah we we build websites you know we know PHP, that just didn’t go over too well so we started CMS is we’re becoming really popular. So we started working on Joomla Drupal us, and ultimately just settled on you know what WordPress seems to be where most of the interest is my colleague Randy really loves it. He used to work for Apple so he’s big on design and, you know, just well thought out user interfaces and admin interfaces WordPress fit the bill, so we just decided to go all in WordPress.
DV: It’s interesting, I’ve used WordPress prior to settling on it in my agency. Back in the day, and I also landed on WordPress as our CMS of choice because of demand I wasn’t getting any calls for Joomla and Drupal eight almost all for WordPress. So that kind of following the demand. I think we share in common there. So you mentioned your. You mentioned your business a little bit but I was wondering if you could tell us a little bit more about coded commerce, what do we all do.
SC: Yeah, so it’s also myself and Randy, you know, once again, from our previous consulting business be automated we had gone to work for a couple of clients and now we’re back into this, and this is WooCommerce specific so still WordPress still the same stack, if you will, but WooCommerce is the official framework for e commerce. You know, it’s the open source free WordPress communities answer to, e commerce, if you will. So that’s what we focus on now, and it is still just the two of us, and taken on client work doing. I started out doing more development now it’s become more support because the nature of e commerce is the more stores you build the sort of long tail of support is is growing. With each store, so I do quite a bit of support work.
DV: It’s very interesting you know that song just the two of us was ringing in my head as I heard you talk about with Randy but from the high level y’all are essentially an agency focus on e commerce and specifically WordPress eCommerce.
SC: Yeah, exactly. I mean you could call us an agency we operate a bit or type arrangement in the sense that we build our lay, whereas agencies tend to have more staff doing you know the marketing the sales the design as well as the development and the support. So in our case it’s just the development and support. So we, we try to work as simple as you know easily simply and just avoid what I call the agency dance where they’re doing the, all the contract kind of stuff back and forth change orders and all that sort of nonsense in my developer mind I’ll call it nonsense, but I know it means something to some people but not really me.
DV: Yeah, that’s a very clean way to operate your agency definitely understand the drive that. So let’s kind of jump into the whoo side obviously you spent a lot of time helping people out with websites. So let’s start with user management like what do you recommend stores do around like all these WP admin accounts that people end up making in the WordPress e commerce contacts password security like to me that seems like something people often don’t spend enough time on is the notion of user management security.
SC: Yeah, well let’s face it, these e commerce sites are targets, they have a lot of user data in them. There’s a generally speaking, they don’t store raw credit cards, that’s, that’s been non PCI compliant for a long time, but they do have user data, you know purchase data of email addresses names, addresses, things like that. So they are a target. And you certainly want to make sure that you’re. Anybody who has admin access to your site is trusted that they’re using a good strong password, and there’s various ways to lock that down there are plugins. Some of the more common ones you know you have security, wordfence, I theme security all those are relatively large, you have more basic plugins like the limit logins reloaded one is popular. I think WP Engine has one installed. What’s that called the strong password enforcer plugin
DV: I don’t know if it’s done through a standalone plugin it might be facilitated through one of our MMU plugins but yeah we we first term passwords there for sure. I guess the point here though is that, you know, to have that good user management require the strong passwords. Any other areas and the sphere.
SC: Yeah, I mean just not too many admins, not everybody needs to be an admin you need to think about, you know, who should be a shop manager, who should just be an editor versus who really needs to be an admin to have that plugin and theme level access.
DV: So, you know the title of this episode is that common ways people mess up WooCommerce I’m just curious like have you experienced someone who’s had a, you know, horrific issue with their site because of poor user management like what does this look like when it goes wrong.
SC: I’ve seen various types of attacks I haven’t seen anybody’s site go I’ve heard stories but I haven’t actually seen somebody site go rogue because an admin account escaped. But what I have seen is denial of service attacks credit card guessing attacks the credit card one we didn’t mention earlier that’s where they place a bunch of fake orders on your store to test a database of stolen credit cards to see which ones are good. So you’re then on the hook for the auth fees you may get shut down by your gateway, it’s a bad thing, plus you have a bunch of junk data to deal with.
DV: I have been there I’ve actually dealt with fixed testing is stolen credit cards. You know you talked about not having too many admins. You know one of the interesting things I’ve noticed with plugin vulnerabilities when they’re discovered is that they’re often cross site scripting vulnerabilities, but only if it’s on an admin level account in WP admin. But your point is like be stingy with those admin accounts because they have a lot of authority but then I guess it also opens them up to possibly some of these cross site scripting issues that we see in plugin vulnerabilities or you know much about that or do you agree or.
SC: Oh yes I I’m all about reducing the number of plugins as well. He got to get a handle on your number of admins as well as number of plugins I think we’ll talk a little more about that in a bit. But, yeah, certainly, the more exposed you are you know the more you have, the more exposed you are the more you have to just critique every aspect of every plugin and every user to find out where those security vectors are gotcha gotcha.
DV: So you mentioned plugins, like to explore this kind of a little bit before our next break and then maybe a little bit after but what items are on your checklist around, choosing plugins for woo store, what do you look for.
SC: I certainly trust the official woocommerce.com extensions quite a bit. Some of those are newer, you could kind of tell by the version number. I do like the community repository plugins where you have that transparency, you can see how many downloads the change logs and everything. The official WooCommerce marketplace. It has a little bit less information as far as how many downloads, but you can you can tell by the vendors who you trust you know if you really use whoo subscriptions a lot. You trust that vendor, you kind of believe in their, their extension set and it’s more minimalist it, it serves a feature and and all the functions surrounding that feature but it doesn’t try to do more and try to upsell you on other junk and it’s just clean and it works so I really trust those. And then again, looking at the community repository you could kind of suss out, which which plugins are well updated well supported popular things like that.
DV: So it looks like you’re watching for like the change log to make sure has nice healthy, he kind of updates scheduling cadence. Looking at the volume of people using the plugin presumably to make sure that it’s popular and they’re gonna keep supporting it sounds like you touched on their support. And you also touched on kind of this notion of like choosing plugins that are as focused on the feature you’re trying to enable as possible so you don’t have kind of all this satellite functionality that you may not need. And I can imagine actually firsthand. I’ve seen in WooCommerce context where, you know, people do layer in a lot of plugins and some of them maybe are over, built for the purpose they’re trying to solve where I can see where that would be really important for you. As you all think about building out WooCommerce sites. I want to talk to you about the maintenance part though because like we touched on like the plugin security issues and you also touched on like how frequently folks update their plugins that they’ve made, but we’re gonna take a quick break and we’ll be right back.
DV: Everyone welcome back to Press This WordPress community podcast on WMR. This is your host David Vogelpohl and we’re talking about common ways people mess up WooCommerce. Our guest Sean Conklin right before the break Sean you were talking about how you chose plugins. You basically looking for either trusted repositories like commerce marketplace, or the extensions. Even the community repos you’re doing a lot of research looking for them to be updated and supported and popular. But what about managing these long term like this Do you have any specific observations on how to manage the plugins in your kind of repertoire or stack of plugins for one
SC: another thing I’ll add to that that I look at is, are we really going to be using more than 50% of what this plugin offers, because if not, then either need a smaller plugin, or just put in a code snippet, sometimes referred to as a custom function in your child theme, I usually call them code snippets. You know that that, you know, one little paragraph of code can replace a you know five or 10,000 line of code plug in, in many cases so I do look for those opportunities as well. But to answer your question, you know about maintenance of them. It’s really a vendor management thing every plugin that you have and your theme, and possibly your child theme if you have a developer, you know they’re they’re like a vendor of the site. And the more you mix these things up, the more finger pointing happens, the more you have to be on the pulse of what that vendor is changing and what they’re recommending like for security. So the more you do, the more complex that gets but if you’re looking at a suite of plugins by a given vendor that cleans that up above it makes it easier to stay on top of their developments, so the source, not only from a credibility standpoint, but from a support and maintenance and upgrade standpoint, really does mean a lot.
DV: Yeah, it’s interesting to hear you frame it is like you’re adding another vendor for your website that’s absolutely true. I take that analogy one step further often would say it’s like choosing a partner in your digital business like who are you going to partner with. And you know, there are a lot of big implications for sites and the plugins that they choose. It’s interesting because like when I heard you talk about choosing a plugin you specifically said if it doesn’t do at least around 50% of the functionality if I’m not going to use about 50% of functionality, it does I consider not using it, then you talked about using a suite of plugins from one vendor, which I understand why you know you can rely on the quality of code and how they do things and expect some consistency,
SC: in the Elementor Pro Plugin, they all kind of go together. And they replace the need for lots of other plugins and getting other vendors involved. If you really like Astra theme, which is a free theme then you’ve got the Astra pro plugin, and also the Astra marketing plugin I think they call it convert Pro, and possibly if you’re using the, the block editor or WordPress block editor Gutenberg, then you may want there I think they call it the ultimate. You know blocks that is also by them so you know that you’re not going to get finger pointing but you know if the block doesn’t look good in your theme. You know the themes control panel you do a setting for the font, and that font doesn’t come through on the block, you’ve got one vendor to go open that ticket with and they’re not going to point the finger at your, your theme versus your, your add on plugin versus whatever else.
DV: Got it. Yeah, that sounds like you would be able to get to the root cause and resolution faster. And they would obviously know well about how they’re different products interacted together. It’s a very interesting observation. I want to kind of shift things up a little bit, I want to talk about is those old older stores but with lots of content hanging around. What do you do in terms of like, maintaining older pieces of content or like, just in terms of like reducing the overall storage footprint of the store over time like obviously the students can kind of grow and grow grow.
SC: Yeah, and it can even be a newer store if the developer was sloppy. But But either way, whether it’s an old store with a lot of old stuff in the database or a newer store, you know, same thing that needs to be tidied up. There is some garbage collection that WordPress and WooCommerce do natively like with transients and things like that to clear out, you know, post revisions and, you know, some basic stuff and you can use the WP optimized plugin, or WP sweep to, you know, to apply some of those, you know, As you wish. But the main thing that bugs me from a manageability standpoint, is when I go to edit a page like the About Us page, and there’s four different about us pages, under the admin pages menu, and you find some of those are just a draft somebody abandon or when they installed their theme they imported the sample data, and they just left it there, you know, sitting in drafts, sometimes it’s even published. It’s a published you know about us two that goes to nowhere. So I really like to clean that up to make it clear when we’re editing the about page where we go to find that. And it just makes manageability a lot better and cleans your database to optimize your database queries a little bit. And that applies to media as well. I see so many, you know media libraries that have 1000s and 1000s of images, and I just know that they’re, they’re not all in use or, you know, maybe, you know, think about the content if it’s a blog post it may have a long history but if it’s a product that is discontinued. Maybe you don’t need those images in there anymore and they’re just bloating your backup sets and wasting database space
DV: gotchas doing a little cleanup on this old drafts and guess this is avoiding people editing the wrong page or as you pointed out in the publishing demo content from a theme that has nothing to do with their business, obviously that’s not the greatest. And then also cleaning up media I have to say Shawn I’m a little guilty of keeping my media library a little a little too heavy on some of my sites.
SC: Some clients can be that way I have one that puts like over 100 images on every blog post which is unusual, but it suits her, her use case so I understand there’s, there’s always exceptions but we just want to, you know, as a developer when I have to download a copy of the site for my local host, and it’s a 10 gigabyte, you know site it just makes things more difficult.
DV: Yeah, it can slow down your overall work, workflow and even if you’re not the developer you’re still paying the developer for this time we’re gonna do that. So it’s like you fully escape the pain of that. Turning our attention to growth. Do you have anything in your checklist around coupon strategies I know that you know with cyber weekend, a couple months ago, two, three months ago now, and this was the focus of a lot of stores, how do you think about coupons with new stores.
SC: Yeah, I do find that most clients will use coupons, and I tell most of them, you know it’s not a good idea to show a coupon form. And I know Amazon does it, but you’re not Amazon you’re a boutique shop and the coupon form does invite users to open up a new tab or leave your site to go look for a coupon, which they may find your competitors coupon. Chris limit spoken about this at wordcamp oc a few years ago and I really took this to heart, you know, you really want to think I can’t completely say you know it’s a bad idea to show coupon form but you want to think about if that’s really helping or hurting your conversions because it certainly could be hurting it, and you could use the URL coupon code snippet I have one on my site that’s free if anybody wants to go download that. Or there’s plugins that do it as well, but you’re saying that coded commerce.com and then you click code snippets down in the footer.
DV: That’s cool yeah I love link based coupons it’s a great way to get around the coupon field abandonment issue you’re talking about it’s really interesting because I have seen studies where like people bouncing out, finding kind of finding the coupon or getting that little reward in their head, and then coming back, actually has helped folks increase their sales rate but I think it’s a balancing act because you’re also as you pointed out inviting people to leave the checkout process where they could be exposed to competitor coupons. And so, I don’t know, like my philosophy I guess on everything is just test but you know kind of seen it go both ways there. I want to dig a little bit more into all this, we’re gonna take a quick break and we’ll be right back.
DV: Everyone welcome back to Press This WordPress community podcast on WMR. This is your host David Volgelpohl I’m interviewing Sean Conklin of Code and Commerce, about ways people mess up WooCommerce stores. Chris right before the break, we were talking about coupon strategies you mentioned how you’re a fan of link based coupons you shared where folks can find your code snippet for that. Thank you for that. Anything else on the coupon frame you think that folks might may be making a mistake on and how they operate their new store.
SC: Yeah, so in in whoop, typically I’ll come across, smart coupons, which is where you’re generating. Well there’s various use cases for that plugin but it most people use it to generate discounts that they email, their customers and it’s a one off coupon so now we’re creating a bunch of, you know data that needs to be cleaned up so that’s questionable. And you want to think about dynamic pricing as an alternative and memberships as an alternative. Those are two good alternatives to the overuse of coupon codes.
DV: Alright, thanks for that. You had mentioned that, to me, I guess prior to the interview that you thought page cache caching might not increase the performance for restores, why is that or what are the caveats around, you know your viewpoint there.
SC: No page caching never improves performance. It allows your server with its with its fixed resources again depending on the plan you have and who you’re hosting with but it allows you to take a higher level of concurrency with the given amount of server resources, it actually slows down that first paycheck so it has to generate its cash. You know, it’s not making PHP faster it’s not making your database faster it’s not making your code, faster, all it’s doing is putting a static version of those pages out there, and with e commerce that doesn’t really do much, because most e commerce activities are session based using your, your cookie in your cart session for example, and page count, you know, if you were to use page caching in that context, you’d be seeing somebody else’s cart whoever whoever’s cart, cause the cash to to generate you would be seeing their cart. So, page caching plugins do not to cache. Your, your pages that have a dynamic card on them and the shopping cart the checkout page etc where most of the activity is happening. So, it may help any hybrid site where you have a lot of blog traffic but you also have e commerce. I’m not saying not to do page caching. But it just isn’t the panacea that people may want to think of it as it can actually be doing harm slightly.
DV: So the gist is that the page caching means that the web server doesn’t have to dynamically build the page which is good for concurrency and I’ve also been to performance but in a dynamic side situation like an e commerce site, because the content isn’t static, it’s in a sense, uncatchable. And so for pages with dynamic content like pages running your cart, then you might not be able to cache. What about like card fragments and I’ve seen others like take some really aggressive caching strategies to like try to make the new stores as cash friendly as possible. Is that something that you pursued your breakfast.
SC: Well, what I would say is, again, if it’s a, if it’s an e commerce site leave it alone let it work the way it’s supposed to work. If it is a hybrid site where you have a lot of blog traffic for example, or something of that nature. Then you know you may want to unload a lot of those WooCommerce assets. You know the job scripts the CSS files that you don’t need throughout the rest of your site, and there’s some very simple code snippets I even, I think have some on my site for that. If you click on code snippets in my footer I believe I have some examples there. But, you know, the idea is you don’t necessarily need to load WooCommerce assets in your blog area if you have a lot of traffic there, but you do need it on your product pages because you want to show that card up there and just have a nice hover over effect where boom click this big button to go to checkout. You want to help the user, those are there for a reason. But in a hybrid site maybe you could consider optimizing other parts of the site.
DV: Yeah, so feel like there’s a middle ground here somewhere like I know it’s great to have like number of items show in the cart and other dynamic elements on product pages which otherwise are fully static. And so, it feels like there’s opportunity there maybe somebody said something into this end but this cache ability issue. We think ecommerce sites in general not just on WordPress. It seems like an interesting problem to solve for like the trade off of the cart counter versus the fact that it’s not cashable, it’s interesting to think through this things to wind us off. When is up here. What are like two or three like major themes that you think every WooCommerce store should do no matter what LIKE IT folks only remembered a couple of things from what you talked about today or even something new, what would that be
SC: well definitely use high quality hosting because that is really going to help guide you through all of this and help set you up on a solid foundation. Similarly, pick your theme wisely. You know you want to use a theme that really supports WooCommerce well and, and that you can trust their, their development that they’re going to keep up with things, and then be really careful about your users and your plugins like we we said in the beginning. Your admins of your, your plugin vendors.
DV: Well that’s sage advice, I know if I had heard this advice. When I first started leading teams building restores I would have saved me some headaches. Sean, thank you so much for joining us today.
SC: Thanks for having me.
DV: Awesome. If you’d like to learn more about what Sean is up to you can visit coded commerce.com. Thanks everyone for listening to press this WordPress community podcast on WMR. Again, this is your host, David Vogelpohl. I support the WordPress community through my role at WP Engine, and I love to bring the best of the community to you here every week on Press This.