WP e-Commerce is a popular ecommerce plugin for WordPress. It is available for free download from the WordPress plugin repository, or you can install it from the convenient plugin installation tab on your WordPress-based website’s administrative back-end.
For this review I tested WP e-Commerce version 18.104.22.168. My test environment is running a clean installation of WordPress 3.8.1 in Debug mode, with PHP errors turned On. My test environment’s theme is a stock copy of the simple yet elegant “Twenty Twelve” theme from WordPress.
This is an extremely popular WordPress plugin. It has been downloaded more than 2.7 million times! However it is not the highest rated plugin I have reviewed; it has been rated an average of 2.8 stars (out of 5) by the users who have reviewed the plugin.
I always begin the review process by investigating the one-star reviews. These can often point towards possible pitfalls or problem areas. However, sometimes they are not very relevant.
The first review that I read discusses a potentially serious issue. The user states that the latest version of this plugin creates a temporary user record in the database for every visitor who lands on a website running this plugin. I can understand creating a record for everyone who adds an item to the cart, but let’s face it: most of a website’s visits come from bots, who are not good prospects. So I’m agreeing with the commenter, that this is a flaw in the development strategy.
In another thread, in response to another commenter, one of the plugin authors states that the bug has been fixed. In another thread, people continue to post, all the way down to today, still having the same issue. Apparently there’s a workaround involving an additional plugin, or possibly a hack involving adding a line of PHP code to the file wp-config.php; but an ideal plugin should be simple to use.
Let’s see if this one is.
The .zip file for WP e-Commerce version 22.214.171.124 is 3.59 MB; and the folder requires 12.8 MB of disk space when uncompressed.
Installation is a breeze, and activation does not generate any error messages. I do see a notification from the plugin that if I’m planning to edit the look of my site, I should update my theme files. I’m not sure what this means; but it sounds similar to a step I took when I activated the last theme I reviewed, so I’ll go ahead and click the link to update my active theme.
So I click the link, and on the next page, I see the same notice again. I’m now in the “Presentation” tab of the Store Settings. I guess it wants me to click “Save”? Just to get started, I’m going to accept all the default settings.
Nothing. The message “update your active theme” does not go away. I change “Cart location” from “widget” to “page” just to see if that will do anything. It does not. I don’t immediately know why the “update your active theme” link does not work; and I don’t immediately care. Instead I click “Click here to ignore and remove this box.”
[Note: later on, I discovered that the problem was a CSS issue: when viewing the admin area from a narrow screen, the theme hides the control panel that was required for this step.]
Ecommerce store settings
Next I proceed to the “General” tab of the store settings.
I see that by default, the entire world is defined as a target market; including Afghanistan, Albania, and many more. Do the Aland Islands even have internet access? Well that’s all right. We’ll just change this to select our home country as the only Target Market. We don’t want to have to worry about international shipping costs at this time.
When I select “USA” as my base country, another dropdown appears and makes me select a state. It does not use my base country selection to determine my currency; the plugin seems to think I might like to price my goods in New Zealand Dollars. I’m uncertain of the exchange rate, so I’m going to select the actual currency used in the country where I’m registered to do business.
Settings saved, simple enough, so far so good.
The “Admin” tab has settings for digital downloads, administrative notifications, legal verbiage, and e-mail receipts. I’ll leave the defaults in place for the time being.
The “Taxes” tab allows the store owner to add tax to the purchase price of products. I check the box to “Turn tax on” but I have to click “Save changes” before I’m presented with the means to add data to the “Tax Rates” table. Still, this is simple enough. It’s all going swimmingly.
Let’s see if our luck holds for the “Shipping” tab. I enable shipping and click “save changes.” I’m presented with a message that the system has rejected my setting because I didn’t fill out the form fields that appear BELOW the “Save changes” button. Picky, picky.
So, options include “Internal” or “External” shipping calculators. Internal calculators include flat rate, table rate, and weight rate. External calculators are powered by Australia Post (?!), UPS and USPS.
Ah, here’s the catch. In order to use the USPS shipping calculator, I need to register for an account to use the USPS Web Tools API. But that is my own problem; it is not the plugin’s problem. The plugin (apparently) handles this gracefully, and without the need for a paid upgrade.
This is more like it. There are a number of shipping options, and the “table rate” shipping calculator works as expected. I set some weight-based shipping cost rules, and I’m off to the races.
For payments, I’m just using the Test Gateway for now. There are also options to use Google Wallet, three different flavors of PayPal, or something called ChronoPay. This e-commerce plugin does not provide support for major payment gateways like Authorize.net but that’s all right for now.
The “Checkout Settings” allow you as the store owner to specify which input fields must be completed by the customer. I’m using the default settings for now, except I’m going to enable the “Shipping same as billing” option. These settings allow users to create an account, but do not force them to.
The “Marketing” tab has some interesting options. There’s an option to generate the familiar “Users who bought this also bought” field, like the Amazon recommendations that lead to so many extra purchases. There are also “social” links, surveys, and additional Google integration, if you aren’t already using other plugins for those features.
The “Import” tab allows you to automatically create product records for a large number of items by uploading a CSV file (which you could export from, for example, Microsoft Excel).
[As revealed above:] I’m back at the “Presentation” tab from earlier; and finally I see why I was having trouble earlier: it’s a simple CSS issue. The “Advanced Theme Settings” are only visible if you maximize your browser. Earlier, I had been viewing this page at tablet width. At tablet width, the “Advanced Theme Settings” panel disappears completely. It’s not just moved below the other forms; it’s not just scooted over where you have to scroll right to see it; it is simply not there! But with the browser maximized, the advanced settings panel returns. From there, I’m able to add all the extra features to my theme.
Having gotten this far, let’s first see what my new shopping cart looks like without the extra cart-related files. Then I’ll add them in the next step.
Before I can do that, I have to create some product items.
As with the last ecommerce plugin I tested, “Products” are a custom post type with their own menu in the sidebar of the administrative area. I’m going to quickly set up a placeholder product and see how it looks.
Well the interface performs as expected, but what’s up with this lengthy URL? That’s probably a result of some setting that I chose too hastily. Let’s go back to the “Store” preferences and see if we can at least ditch the “products-page” parent category from this permalink.
Here it is: the option “Use hierarchical product category URL” should be set to “No” unless you like your URLs to be three miles long and unreadable by humans.
So now I’ve done that, but I see that my URL is still ugly and long, even though I changed my preferences.
That’s irritating, and I don’t see a way to override it. Is it because I created the product before I updated my preferences? No, I create a new product and the URL still looks exactly the same. This is a bug: the setting does not work as expected. That’s a mark against this plugin.
While navigating back to my product, I see a notice that my selected shipping method won’t work unless I enter a product weight. That’s helpful to know.
Moving along, let’s see what the product page looks like, without any of the shopping cart files installed.
Hey, it looks all right! I even get a message that says “Updating cart” when I click the “Add to cart” button. The problem is, there’s no “view cart” or “proceed to checkout” button. That’s a limitation on my e-commerce site here, so let’s go ahead and install all those various plugin pages from the “Advanced Theme Settings” panel on the “Presentation” tab of the Store settings.
That was quick and easy enough. Now what?
Nothing. My product page looks the same.
[My first guess was wrong:] It looks like I’ll have to create a separate page to serve as the shopping cart, and manually add that page to the site navigation. No, that’s not right, there is no “Checkout” page template.
[But I figured it out:] All I really need to do is navigate to Appearance > Menus, select the “Checkout” box and click “Add to Menu” then “Save Menu.” Now I can go to the “Checkout” page and place an order for the product.
One noticeable glitch here: the “Product” page very specifically displayed the shipping at $0.00, which is not correct. The checkout page updates the shipping to the correct price, which may come as a nasty surprise to customers who were hoping to get some free shipping.
All right, so I fill in my shipping information.
Then I click the “Purchase” button and…
It worked! My custom maybe-not-so-friendly checkout message displays as the “Transaction result.” Nowhere in here do I see an option to create an account, which I thought I had enabled as an optional option. Perhaps that’s because I’m already logged in as an administrator from this browser. I try from a different browser and see that my product is inaccessible. Back on the “Edit Menus” page I add a Products Page to my headerbar. It looks like this:
What’s up with those scrollbars? Ugh! That is ug-ly. And it still states, incorrectly, that the shipping is $0.00. I’ll have to figure out how to fix that.
So I add the widget to my cart and proceed to checkout.
The result is exactly the same. The checkout process is quite smooth, but I am not presented with an option to create an account.
Ah. Now I see why. I have to go to Settings > General > Membership and select the box, “Anyone can register.”
Well, that may have been a necessary condition; but it was not a sufficient condition. I go through checkout again and there’s still no signup option. I guess I have to add that to my menu manually. So, back to Appearance > Menus and choose “Your Account” > Add to Menu > Save Menu.
No, it still does not offer me the option to create an account, just asks me to log in to an existing account. There is also a “Register” link under the “Meta” menu in the sidebar. It doesn’t have the pretty signup form though.
Back in my store settings, I change “Display per item shipping” to “No.” That should get rid of the pesky incorrect shipping information that I was seeing earlier.
I see now that the option under Settings > Store > Checkout > “Force user registration” simply allows users to proceed through checkout without creating an account. For fun, I change this option to “Users must register before checking out.”
It looks like, if you want your customers to create an account, you have to make it mandatory, or else nobody will do it. (Other than the odd hackerbot here and there….)
So, I create a test account with a ridiculously insecure password, and I’m instantly logged in as a user. As I stated in my last review, I think that plugins like this should incorporate some measure of password security when allowing users to create accounts. But, be that as it may, that about does it for the front-end of this ecommerce plugin.
Let’s take a look at the back end.
File system changes
WP e-Commerce is a plugin with a substantial footprint: 12.8MB of disk space when installed in my test environment. That’s just within the plugin’s own folder.
I see that it also creates a folder named “wpsc” within /wp-content/uploads/ where additional plugin data is stored.
[ NOTE: I see that this is also true of woocommerce, and woocommerce does NOT delete the folder upon uninstallation, so my earlier review requires additional editing!!! ]
So, now we know the plugin makes file system changes outside its own plugin folder. That’s not ideal, from my personal perspective, but let’s move along.
This plugin creates so many new entries in the wp_options table that I can’t count them all. I should have counted the table rows while empty, so I could calculate the difference. Absent that, I can only say that in addition to all the option records that actually have wpec_ or wpsc_ in their name, there are many, many other wp_options records related to store preferences. How many? I don’t know. Does anybody care? If you care, leave a note in the comments, and maybe that will motivate me to calculate a figure.
The plugin WP e-Commerce creates 13 new tables in the database.
Most of the WP e-Commerce database tables have an obvious purpose. “_also_bought” helps identify patterns of customer purchasing behavior for product suggestions; “_cart_contents” stores shopping cart data in the database (rather than in a PHP session or in the user’s browser); “_cart_item_meta” stores product SKU’s; “_checkout_forms” stores the form fields displayed to customers on the checkout page; “_claimed_stock” helps deal with inventory; “_coupon_codes” is obvious; “_currency_list” is installed by default with a list of the currencies and currency symbols used by 253 different nation-states; “_download_status” determines how long digital downloads are still available to the customer after a sale; “_product_rating” deals with user reviews; “_purchase_logs” stores detailed information about transactions; “_region_tax” contains the website owner’s stored preferences for tax rates by region. So far, so good.
This leaves the table “wp_wpsc_meta” and “wp_wpsc_submited_form_data” [sic]. The former contains associations between shopping cart data types and certain stored user preferences.
The latter stores information about user-submitted form data.
Very interesting. Now let’s investigate the statements in the forums about how this plugin creates a new WordPress user for every visitor to the website, even if they never add anything to their shopping cart.
I do see that there are placeholder accounts in the users database. In addition to my admin account and two test accounts for checkout, there’s an account named “_wpsc_bot” which serves an unknown purpose, allowing the plugin to access the website as a user, not just as a plugin. Odd but whatever. Then there are two accounts with usernames based on session IDs.
And if I visit the site in a different browser, the next day?
I can confirm that the plugin creates a new WordPress user just to deal with the fact that I viewed the page, even though I did not add anything to the cart. In the support thread I viewed on the WordPress forum, a user stated that the plugin does not delete unused visitor data, while one of the plugin authors replied and stated that indeed it does. I cannot confirm if either of these assertions is correct until more time has passed. After a day or two has passed, I will update this post and let you know if the unused WordPress user data is still stored in my database or not.
The WP e-Commerce Conclusion
The WordPress plugin WP e-Commerce could definitely be useful for a website owner trying to set up an online store. In particular, I found its shipping system more user-friendly and full-featured than the plugin I reviewed previously. That said, the plugin does have some issues.
- “Use hierarchical product category URL” setting does not work: the hierarchical URL scheme is used, even when “No” option is selected.
- Shopping cart functionality must be manually added to theme files and menus. Turning on “Fancy purchase notifications” helps with this, but out of the box the “Fancy” notifications aren’t actually that attractive, despite the name.
- In administrative area, required form fields on “Shipping” tab appear below the “save changes” button
- In admin area, there is a display issue with the “Advanced Theme Settings” (hidden by CSS on narrow screen).
- On customer-facing side, the product thumbnail has some pug-ugly scrollbar placeholders around it, I don’t know why.
- Per-product shipping incorrectly states that shipping is $0 when store settings add shipping to the cart on checkout. (But this field can easily be hidden, you just have to know about the setting.)
- Customers can register for user accounts, but strong passwords are not required.
- Anonymous user records are created in the database for every visitor to the website, even if those visitors do not add anything to their shopping cart. For an underpowered server with lots of traffic, this could potentially result in a crashed site. User reports in the forums indicate that this server-crashing issue has occurred repeatedly in the wild.
Are these serious problems? How does this plugin compare to other ecommerce plugins for WordPress? Stay tuned! It’s a slow process, but eventually I’ll review four or five of the top plugins, and then I’ll compare them all and select a winner.
Update on 3-25
It’s now been almost a month since I originally posted this. I figured it was about time to answer the question, once and for all: does this plugin clean up all those extra unused visitor records that it creates as users in the WordPress database?
No. The answer is no, it does not. WP e-Commerce creates a record in the wp_users table for every visit to the site; but it does not properly employ wp-cron to clean up the database table and delete entries related to visitors who never placed an order, or even added anything to their shopping cart. Almost a month after my original post, you can see that two new users have been created, from when I visited the test installation in my browser; but those visits did not trigger garbage collection. The users that were created a month ago are still there.
What a disappointment! I really wanted to like this plugin. But this is an inappropriate use of server resources.
I’ll keep reviewing e-commerce plugins, and I’ll let you know if I find a better one. Stay tuned!
Now that we’ve answered the users question, we can finally proceed to answering the question, “Does this plugin uninstall cleanly?”
Users. The first thing I checked was the users table; and I found that most of the users created by the plugin while it was installed were not deleted by the plugin when it was uninstalled. However, one of them was! Why one and not the others? This is unclear. Most problematically, the user named _wpsc_bot is still a registered user of the site, even when the wpsc plugin has been deleted.
Database tables. This does not even pretend to be a clean uninstall. Every one of those 13 database tables created by this plugin are still there after the plugin has been deleted.
Options entries. There are presently 287 rows in my wp_options table. I’m estimating that approximately 120 of these records were created by the WP e-Commerce plugin; and none of them were deleted upon uninstallation.
Folders on file system. The plugin created a folder named “wpsc” within my uploads directory. After I deleted the plugin, this folder is still present, along with all its subfolders and their attendant data.
The last word
If you accidentally uninstall WP e-Commerce, and then decide you want it back, you’re in luck! None of the plugin’s data has been removed from your system.
On the other hand, if you want to uninstall WP e-Commerce because you’re moving to a different ecommerce plugin; or if you want to stop running an online store from your WordPress site: then you’re out of luck, because uninstalling the plugin does not actually remove it from your system. Yes, the core files are gone, but all its settings, data, and additional directories remain on your web server after the plugin has been deleted.