Last Week in WooCommerce: Security & Reporting

Always Pay Attention to WooCommerce Security

Whether you're a freelancer building WooCommerce stores, a merchant running a WooCommerce store, or an agency helping WooCommerce stores manage their stores – there's nothing that stresses you out as much as when you hear there's a new WooCommerce security issue at play. This past week we heard two reports worth paying attention to.

The first was right before Christmas and focused on Gift Cards.  The report focused on a plugin called Ultimate WooCommerce Gift Cards. What was reported was the fact that the file uploads feature could be used to run remote code. You can see the details of the issue. If you're not loading (or not letting others load) custom gift card templates, you should be ok. Alternatively, work with your hosting company to make sure that they don't let images exist in your content folder with a PHP extension.

The second issue wasn't specific to WooCommerce. Instead, it was a campaign that's been going on for months focused on all the eCommerce platforms out there. It's a skimming malware, which means its focus is collecting customer credit cards. And it does it by injecting itself into the checkout process and showing you an incorrect checkout page to collect card info.

If you've read about it already, it's called Magecart, and it is affecting Shopify, BigCommerce, Zencart and WooCommerce. Sansec has the details.

Now let's get to WooCommerce Reporting

In the early days of WooCommerce reporting, the only thing that was agreed upon was that the default reporting was a bit light. It's likely because of that dynamic that so many solutions have been created to solve the lack of serious reporting for WooCommerce stores.

Glew is the gold standard.

When I wrote about choosing the best hosting for WordPress & WooCommerce stores, I highlighted that the product we'd created at Nexcess included Glew. It's the most advanced reporting for eCommerce stores, and WooCommerce stores specifically.

It's been several years since they came on the scene and nothing yet delivers the same kind of reporting that it does – mostly because what they do is difficult and complex. It requires experts in eCommerce, experts in Ad spend, experts in analytics and data science. So it's not likely that a plugin will step in and solve the problems it solves in the same way.

But that hasn't stopped the competition from getting into the mix.

The WooCommerce Reporting Competition

  • Metorik: The most popular reporting solution you may have already heard about is Metorik. It is another SaaS solution (like Glew) that prices itself on order volume rather than revenue. When configured correctly, it's an incredible solution for WooCommerce stores (and now supports Shopify). When configured incorrectly (not their fault) it can create a massive strain on the performance of your store. So make sure you get a trained professional to help configure it for you. They don't have as many pre-configured segments at Glew. But they have several – which makes it really helpful straight out of the box.
  • Putler: They're a relatively new player in the game but an excellent solution as well. Similar to Glew and Metorik, Putler is a SaaS solution that does a lot of the work off your actual site. This ensures that your store doesn't slow down because of the data processing going on. They use the RFM approach to segmentation – focusing on recency, frequency and spend (monetary value) – which is different than how Glew and Metorik work. But it's still incredibly useful because it quickly gets merchants spotting opportunities to grow revenue.
  • Infocaptor: They've been in the business intelligence and visualization space for a while. Nevertheless, their Advanced WooCommerce Reporting plugin is less well known than the others in the space. But don't let that stop you for looking at their solution. The reason I decided to look deeper into reporting options this past week was because they just released a new Heat Map report as part of the plugin.

Getting Help

A strange thing happens when you write about WooCommerce security, segmentation and/or reporting. Instead of being excited by the options, it leads to a despair or frustration because there's never enough time.

  • Exploring options takes time.
  • Migration takes time.
  • Testing takes time.
  • Selection takes time.
  • Implementation takes time.

Here are my recommendations.

If you need help with your WooCommerce store, there are tons of folks I'm happy to recommend. My favorite two are Zeek and Zao. Each brings a depth of experience to help you – whether you're an agency that needs additional WooCommerce expertise, or a merchant looking to improve your store.