Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 8 of 8
  1. #1
    Junior Member tedor2's Avatar
    Join Date
    May 2014
    Posts
    3
    Member #
    39152

    eCommerce theme to sell both 1) items to deliver and 2) digital art to dowload

    Hello Forum,

    We are looking for an eCommerce theme/plugin where customers can select both to have in their shopping cart:

    1) items to be delivered via post e.g a bag of tea and
    2) items to download e.g. digital artwork (jpg, mp3)

    I have found themes which only feature one or the other.

    Responsive and ideally Wordpress.

    Any help greatly appreciated,
    Regards,
    Kris

  2.  

  3. #2
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    I think you're mixing up a few ideas here.

    First of all, W*rdPr*ss is not an e-commerce platform. There is a WooCommerce plugin available for it, but I wouldn't recommend that approach if for no other reason than PCI compliance...WooCommerce was never really built with PCI compliance in mind, and while many issues associated with it are beyond the scope of WooCommerce (e.g. firewalls), some aren't (e.g. publishing of code) and as such they need to be considered.

    Second, a theme is not a shopping cart. Themes and shopping carts, as in proper shopping carts, are separate beings. A theme is incorporated into the shopping cart.

    With all of that said, about the only cart I can think of that might do what you want is Magento, and having used that thing I wouldn't recommend it. It's insanely difficult for a developer to work with, there is little support whatsoever (yes, there's a "community" but it's small and largely populated with people who say "you should already know how to do this" when they don't know themselves), and it'll probably be more trouble than it's worth.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  4. #3
    Junior Member tedor2's Avatar
    Join Date
    May 2014
    Posts
    3
    Member #
    39152
    Hi theGame1264,

    thanks for your input. Yes, I probably should have been clearer in the initial post. Sorry about that.

    I am familiar with Wordpress, have used several themes and external plugins and widgets. However, haven't used any eCommerce plugins.
    After reading reviews on which one to implement in WP I choose Woo and decided to find a WP theme that supports Woo. (themeforest).

    PCI compliance. Yes, I really have to research that part of the project. I hoped that most people would pay with paypal which is secured enough I hope. However paypal might charge us more than if the customer used a debit or a credit card. Are you suggesting that WooCommerce is not safe?

    I was suggested elsewhere

    1) Magento and
    2) that WooCommerce actually has options for both: 1) items to be delivered via post as well as 2) digital download.

    I will have do do some more research.

    Regards,
    Kris

  5. #4
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    PayPal is an option. If PayPal is the option, you're going to have fewer conversions. Your maximum number of conversions generally occur with multiple payment methods (hosting your own payment pages, hosted payment pages with a service such as PayPal, layaway if possible, check / money order, etc.) The first method means you're going to have to worry about PCI compliance, and believe me when I tell you if you've never gone through a PCI compliance audit you will never....ever...e-e-EEEEEEEEEEEEEVER...be the same developer when you come out of it. It's brutal, it's harsh, and it's necessary.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  6. #5
    Junior Member tedor2's Avatar
    Join Date
    May 2014
    Posts
    3
    Member #
    39152
    Hi, OK.

    I think setting up an online business is a bit more than what I though it would be. I don't have any experience in PCI compliance. Since your posts I have read a few pages online and started asking myself a few questions:

    Once I have my website with either WP & WooCommerce or a Magento, do I have to then ask some 'PCI company' to check my site whether it is safe enough for my customers? I will research sites like this:

    PCI-DSS Compliance and WooCommerce | WooThemes Documentation

    Your wrote that you had to go through this, could you please point me to some well documented information on this issues, please?

    Regards, Kris

  7. #6
    Unpaid WDF Intern TheGAME1264's Avatar
    Join Date
    Dec 2002
    Location
    Not from USA
    Posts
    14,485
    Member #
    425
    Liked
    2783 times
    Well, at least the light came on pretty early for you. Setting up an online business is hard. Setting up a brick-and-mortar business is hard. They're not any different in terms of difficulty, although there's a misconception that they are. Most people have that moment when they've built their store and say "ummm...why isn't it making millions of dollars? The Internet is supposed to be easy! What's wrong with the Internet?"

    https://www.pcisecuritystandards.org/ <-- That's the governing body for PCI compliance, and it's about the best source you'll find for documentation on PCI compliance and other issues. Unfortunately, it's not a well-documented area. You pretty much have to go through it to fully comprehend it, and after 9 years of having various people doing PCI scans on sites I've worked on it hasn't gotten any easier....nor should it, really. There are always various issues to deal with pertaining to server security, patches, things like that. That's why I'd never build an e-commerce site on WP, by the way...I'd spend so much time with the constant updating I'd never be able to build out new features.

    To answer your question about getting a PCI company to scan your site, no. Your merchant account provider or payment processor (referred to as merchant account provider afterward for brevity) will do that for you, if necessary...they're legally obligated to before you can even launch your site..

    Now, as far as some things you can do to make your life easier:

    1) Find a PCI compliant host. That doesn't mean a host that says they're PCI compliant...a host that actually is PCI compliant, and sadly ,there's a difference. There are HostGators in the world (oops, did I make a typo there?) that claim to be PCI compliant when all they do is say "we'll patch vulnerabilities if they're reported to us, but we're not proactive in that regard." That's not PCI compliance. PCI compliance is keeping servers and networks up to date.

    Spend some time on this. Do your homework. The time you spend finding a legitimate PCI compliant host will come back on you in spades if you do. You might be able to save some time in that regard by asking your merchant account provider.

    2) Look at things from the standpoint of a customer and tighten them up as much as possible with them in mind. Make sure you've got clear privacy policies, refund policies, things like that.

    3) In the short run, let your merchant account provider host payment pages if this is an option. Your merchant account provider (or payment processor) has to be PCI compliant, so by letting them host your payment pages you're automatically ensured of full compliance as well. This isn't a good long-term strategy (as hosted payment pages don't convert quite as well), but if you need to get other things done, then this might be a good place to start.

    4) Don't store credit card info if you don't absolutely have to. The last four digits is fine, but anything beyond that is asking for trouble. If you must do it, encrypt it. But if you don't store them at all and for whatever reason your server is hacked, at least you have protected your customer's interests.

    In its simplest form, PCI standards are "make sure you keep your customers' sensitive information as tightly protected as possible."

    As far as adequately preparing you for a PCI scan, there's no adequate preparation. One of the weaknesses of PCI compliance is that much of it is surprisingly interpretive and not all scans are created equal. The first time it happened to me, it was a contractor from a major Canadian bank who did it without warning or permission and couldn't even get the operating system of my server right. Some scans are easy to deal with. Some scans are hard (e.g. the ones provided by Aperia Solutions). You just have to read and react. One way or the other, you'll probably feel like you were just given a prostate exam with a flaming barbed-wire baseball bat.
    If I've helped you out in any way, please pay it forward. My wife and I are walking for Autism Speaks. Please donate, and thanks.

    If someone helped you out, be sure to "Like" their post and/or help them in kind. The "Like" link is on the bottom right of each post, beside the "Share" link.

    My stuff (well, some of it): My bowling alley site | Canadian Postal Code Info (beta)

  8. #7
    Junior Member
    Join Date
    Jun 2014
    Posts
    3
    Member #
    39434
    Quote Originally Posted by tedor2 View Post
    Hi, OK.

    I think setting up an online business is a bit more than what I though it would be. I don't have any experience in PCI compliance. Since your posts I have read a few pages online and started asking myself a few questions:
    Regards, Kris
    Can I make a suggestion Kris? Let the gateways, and virtual terminals worry about the PCI. If you redirect to their checkout, there's no need for PCI. eProcessingnetwork is one of the best examples, and they give the business unlimited customizable pages, that you can then copy over to the host, that leads directly to their virtual terminal. Save your customer tons of money, and you tons of time. Keeps liability off of both of you.

  9. #8
    Junior Member
    Join Date
    Jun 2014
    Posts
    3
    Member #
    39434
    He's right. I do the questionnaires with Businesses all the time. In fact have become most fluent at it. I can usually breeze through it in a matter of minutes, but I've done hundreds. Merchants spend days at it, and usually give up.
    Quote Originally Posted by TheGAME1264 View Post
    PayPal is an option. If PayPal is the option, you're going to have fewer conversions. Your maximum number of conversions generally occur with multiple payment methods (hosting your own payment pages, hosted payment pages with a service such as PayPal, layaway if possible, check / money order, etc.) The first method means you're going to have to worry about PCI compliance, and believe me when I tell you if you've never gone through a PCI compliance audit you will never....ever...e-e-EEEEEEEEEEEEEVER...be the same developer when you come out of it. It's brutal, it's harsh, and it's necessary.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 05:07 AM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com