Does WooCommerce Support Firearms Merchants?

WooCommerce is an ecommerce plugin for the ubiquitous WordPress platform. This is a natural progression considering WordPress powers over 40% of the websites online.

All it takes to install is a few clicks and some configuration, and you have a working ecommerce experience. You don’t have to think much about the process as it’s easy. There are pros and cons to this route. The benefit is you have few inhibitors to getting started. However, this can limit the growth of your online presence.

Think of your ecommerce platform as a rubber band. When you are fresh online, you take up only a tiny portion in the middle of the rubber band. As you grow, you bump into the sides, but they flex. The limitations become noticeable as you fill the entire diameter of this rubber band and continue to expand. It’s even possible that one day, your ecommerce platform could “explode”, causing a significant or long-term outage. We have seen scenarios where a vital product announcement takes down the website. The damages can be catastrophic and cost considerable revenue. Every day of the blackout becomes an emergency while losing your hard-fought-for search engine rankings.

The firearms industry is unique due to the compliance burden. Guns cannot be shipped directly to a consumer but to an ATF-registered dealer who will complete the final form 4473. Few ecommerce verticals have this requirement. But it goes even further than this. Let’s take a look.

Age verification

We are unaware of laws preventing minors from browsing guns or ammunition online in the United States. However, to purchase a rifle, you must be at least 18 years old; to buy a handgun, you must be at least 21. Putting such verification on your website is a way to cover yourself legally and is an overall good idea. While anyone can click “yes”, this demonstrates due diligence toward keeping the spirit of the law.

The good news is WooCommerce does have a plugin for this.

WooCommerce’s philosophy and public stance on firearms

WooCommerce disallows selling firearms:

WooCommerce is owned and developed by Automattic, which also builds WordPress.

Many people in the firearms industry consider their vendor’s opinions of firearms. If a vendor decides to make their own laws and stop selling for philosophical reasons, a company may go out of business.

Shopify is the poster child of this behavior. In late 2018, Shopify gave merchants weeks to move off the platform. We still often have conversations with merchants about this event.

WooCommerce is in a unique position in that this plugin is open source. If you use an independent host for your website, there is no way that they can kick you off the platform. However, they can legally hold you to abiding by their Terms of Service (above).

WooCommerce has clearly taken a stand against the 2nd amendment.

What are WooCommerce's limitations?

Support

Who do you call when your website has problems? Unfortunately, in many cases, merchants don’t have a good plan—until it’s too late. But even then, as a merchant, you must vet your freelancer or agency to ensure they can adequately deliver the support you need. This only ensures you have the technical expertise to resolve problems. The real problem could be with the host: do they know how to support your website correctly?

Good support costs money. This cost begins to eat away at the appeal of the “free” price tag for WooCommerce.

Speed

WooCommerce is relatively fast out of the box. However, your website is only as fast as your hosting infrastructure and installed plugins.

Think of WooCommerce as a water pipe. You can put a little water through without a problem. But as you fill it up, you eventually get to a point where the water is pressurized. You may not have any speed issues initially, but over time, your marketing efforts pay off, and you get more and more traffic to the website. Then, you release a new product, and your website crashes because too many people access it simultaneously.

Security

Security is one of those things that is easily overlooked. Unless a merchant has had a breach, security is considered a good idea but not one to spend time or money on. We often shoot for “not a big problem” instead of a quality threshold.

As discussed above, security should be a top priority for merchants in this vertical. People's safety could be jeopardized if your order records are ever made public. The more orders, the more of a blast radius should a critical incident happen.

WooCommerce allows any module to be added to the Plugin store. There are no quality checks. This means there are paths for malicious code to be injected and distributed. However, more likely is the fact that developers may miss something. Once a vulnerability is detected, bad actors can quickly scan all WooCommerce websites and attempt to exploit the problematic code.

PCI Compliance

Payment Card Industries Compliance is a set of rules to ensure the safety of credit card payments.

WooCommerce is not PCI certified. Because WooCommerce is self-hosted, the burden of maintaining a website’s PCI Compliance falls on the merchant. This means that the merchant is held personally responsible for a data breach.

One way to help reduce this risk is to use a payment gateway like Authorize.net’s Accept.JS system. This places you on the A-EP self-assessment questionnaire. Even with this approach, there is still an additional risk that you have to shoulder.

Native features

There are quite a few features that WooCommerce doesn’t have out of the box. Some capabilities can be added with plugins, but this increases security and support risks. The other issue is these plugins don’t always talk nicely to each other, leaving a disjointed experience—requiring yet more support.

Is WooCommerce a good fit for firearms sellers?

On paper, WooCommerce may sound like a reasonable fit. It’s easy to start your online presence. WooCommerce is a plugin for WordPress; thus, it is a natural next step if you use the ubiquitous WordPress platform. Better yet, it has a wide variety of plugins installed with the click of a button. Best of all, it’s free!

While this seems like a trifecta of goodness, this is not always true. Easily-installed plugins create the illusion that additional functionality is easily obtained. These plugins don’t always work together. They introduce routes for an attack. Some are not well maintained. Some are not well-built and will slow down your website. While you may not notice this with 100 users a day, you may begin to see these problems at 500 users daily.

The critical point is to monitor your growth. You will likely face slowdowns, incompatibilities with modules and themes, database bottlenecks, and potential security breaches as your website grows. These are relatively minor initially, but higher volumes mean these difficulties affect more visitors and can become catastrophic.

Eventually, you will likely find that your situation is at emergency status, forcing you to make quick decisions—which never turn out as well as you would like.

Alternatives for WooCommerce

SwiftOtter is experienced with the unique requirements of the firearm industry.

You will be surprised by the number of native features baked into BigCommerce:

• Complex coupons: BigCommerce supports over 70 combinations of discounts and coupons. WooCommerce comes with less than 25; you must use plugins to accommodate the rest.
• Live shipping rates: out of the box, BigCommerce has integrations for all major shipping carriers in the US and Europe. Again, no modules are needed.
• Abandoned carts: how about getting customers back to your store? Yes, this is possible out of the box.
• Tax calculations: BigCommerce has native integrations for Avalara, TaxCloud, TaxJar, and Vertex.
• Complex product support: WooCommerce has poor native support for product variations. However, BigCommerce can accommodate products with 600 variation combinations and can share variations among products.
• 65+ payment gateways: instead of relying on potentially insecure payment gateways, BigCommerce is PCI certified and maintains responsibility for ensuring the security of the thousands of stores on their platform.

BigCommerce has a robust PageBuilder with surprising capabilities. Content administrators have fine-grained control over displaying content across their BigCommerce websites. BigCommerce has excellent SEO features out of the box, including options to migrate from other platforms seamlessly.

Depending on budget, there is an option to combine another platform, like Contentful or Prismic, with BigCommerce. This approach gives you a world-class content management experience and a top-notch ecommerce platform.

While WooCommerce is well-used in the firearms industry, the plugin and its developers are not friendly to the 2nd Amendment. They specifically ban the sale of firearms and ammunition in their Terms of Service.

WooCommerce carries no guarantees as to PCI compliance or security. While WooCommerce can display and transact products, it’s missing critical features that need to be included using unvetted plugins, increasing the risk of performance degradation and security problems.

We would be happy to facilitate if you consider moving to a platform that hosts many firearm-related stores. SwiftOtter has plenty of experience with stores like yours, and we can provide a seamless transition to the platform that will take you to the next level.