Basics of eCommerce and woocommerce

Curtis McHale


  • running SFNdesign for 5 years
  • specialize in WordPress eCommerce and Membership

Benefits of an online store

  • typical brick and mortar will see a 30% increase in sales
  • no retail space required
  • carry wider variety that then benefits local market
  • better customer targeting with increased metrics
  • easy funnel in to email marketing
  • mobile shopping up 21% in holiday season


  • when it says 'https://' in the browser


2 Types of SSL

  1. Quick SSL ($0 with Lets Encrypt to  $150)
  2. Extended Validation ($150 - $500+)

Ssl where?

  • use the host if they have them
  • many hosts have Lets Encrypt built in
  • Geotrust

SSL Setup

  • Media Temple has the best instructions
  • Generate a CSR
  • Send CSR to Geotrust
  • EV requires a bunch of verification
    • checking address
    • checking with government
  • send SSL cert to host or install it
    • some hosts cost extra for dedicated IP

pCI Compliance

  1. Use a firewall
  2. Do not use vender default logins (no admin allowed)
  3. Protect stored data (no FTP)
  4. Encrypt transmission of cardholder data
  5. Use and update virus protection
  6. Build and maintain secure systems
  7. Restrict access to data
  8. No sharing login information
  9. Restrict physical access to card data
  10. Track all network access
  11.  Regularly test security systems and processes
  12. Maintain information security policy

SUper fun reading

PCI Levels

  • Level 4 - less 20k yearly and 1 million in visa
  • Level 3 - 20k - 1 million annually
  • Level 2 - 1 - 6 million annually
  • Level 1 - 6 million+ annually

Pci Audits

  • most of your clients are likely to fall in to self assessment 
    • basically fill out a form yearly and get an automated scan
    • cost is under $500
  • Level 1 and 2 clients need expensive scans
    • 15 - 20k annually
  • all of the steps need to be reviewed annually
    • yes that means the self assessment form

When PCI?

Any time that customer card data is going to touch your server!!

A breach will cost so much money it will shut most businesses down

My starting point is you never want cardholder data

Other Security notes

Skimp on the security stuff and you could 
be liable for a breach

Make sure your contract covers you


  • how many tax zones do you think there are in North America?
    • 15,000
    • in 2010 there were only 5,000
    • For WordPress sites with WooCommerce just use TaxNOW


If you want user agreement to be 'valid'

  • make it easy to find
  • generally a link right next to the button or checkbox

If you don't do this courts have said a TOS is invalid
The user had no 'reasonable' way to find and read it

EFF on TOS          

Privacy Policy

You really should have one even though it's not mandated
  • some industries do regulate it like Hospitals...
  • client needs to check the federal or provincial laws
  • write it in plain english so that users can understand it
  • talk to a lawyer

WordPress Solutions

Key Plugins for WooCommerce

  • Stripe
  • Drip
  • WooCommerce Subscriptions

Really that's it and many people don't need Subscriptions if they're not doing a recurring product.

eCommerce Basics and WooCommerce

By curtismchale

eCommerce Basics and WooCommerce

  • 1,459