WooCommerce vs bespoke: which is right for your online shop?

WooCommerce powers roughly a third of all online shops worldwide. It's built on WordPress, it's free to install, and there's a huge ecosystem of themes and plugins around it. For many businesses, that combination makes it the obvious starting point.

But obvious isn't always right. WooCommerce's dominance means it's also the most frequently hacked ecommerce platform, the most maintenance-heavy to run securely, and the one most likely to cost you more than you expected once you start adding the functionality your shop actually needs.

We've been building online shops since 1997 - before WordPress existed. This isn't a case against WooCommerce as a product. It's a clear-eyed look at who it suits and who it doesn't.

What WooCommerce actually is

WooCommerce is a plugin. It extends WordPress - a content management system originally built for blogging - with ecommerce functionality. When you run a WooCommerce shop, you're running WordPress with a collection of plugins on top of it.

This architecture has consequences. Your shop's security depends on every piece of software in that stack being kept up to date: WordPress core, WooCommerce itself, your theme, and every plugin you've installed. A typical WooCommerce setup runs 15-30 plugins, each written and maintained by a different developer.

Your shop's performance depends on how well that stack is configured and hosted. Your shop's design is shaped by whatever theme you started with. And your shop's functionality is limited to what WooCommerce does natively plus whatever you can find - and afford - in the plugin library.

What a bespoke shop is

A bespoke online shop is built from scratch for your specific business. There's no CMS underneath it, no plugin stack, no theme it was originally designed for. The code does what your shop needs and nothing else.

You own it outright. It doesn't have a subscription attached to it. It doesn't inherit the security profile of WordPress. When something needs changing, you change it - you don't need to wait for a plugin update or work around a theme limitation.

The upfront cost is higher. The long-term running cost and maintenance burden are lower. The design and functionality are precisely what your business needs rather than what a general-purpose platform can accommodate.

The real cost of WooCommerce

WooCommerce is free in the same way that a puppy is free. The ongoing commitment is where the cost accumulates.

The DIY WooCommerce route looks cheap until you add hosting, a decent theme, and the plugins you actually need. The agency-built WooCommerce route often costs more than a bespoke build from the outset - and still leaves you with the same ongoing maintenance burden.

Security: the sharpest difference

This is where the comparison is most stark. WooCommerce shops are the most commonly targeted ecommerce sites on the internet, for a straightforward reason: they're everywhere, and attackers have built automated tools that probe for known vulnerabilities in WordPress and its plugins at scale.

When a vulnerability is found in a popular WooCommerce plugin, millions of shops are potentially exposed simultaneously. The WPScan vulnerability database lists over 50,000 known WordPress plugin and theme vulnerabilities. New ones are added weekly.

A bespoke shop doesn't run WordPress. It doesn't have a plugin library. It doesn't have an admin login at `/wp-admin/` that automated tools know to probe. The attack patterns that compromise WooCommerce shops find nothing to target on a custom-built shop.

In 29 years of building bespoke ecommerce sites, Futurestore has not had a single client shop compromised by malware. That's not a claim any WooCommerce developer can reasonably make.

Design and flexibility

WooCommerce design starts with a theme - a pre-built template that shapes everything from page structure to checkout flow. Customising beyond the theme's built-in options requires either custom code or additional plugins, both of which add complexity and maintenance overhead.

Some aspects of a WooCommerce shop are genuinely difficult to change. The URL structure for products and categories follows WordPress conventions. The checkout flow is structured around WooCommerce's assumptions about how a checkout should work. Payment gateway integrations depend on plugin availability and compatibility.

A bespoke shop has none of these constraints. The URL structure is whatever makes sense for your business and your SEO. The checkout flow is designed around how your customers actually buy. The product pages look like your brand, not like a WordPress theme with your logo on it.

When WooCommerce is a reasonable choice

• You already have a WordPress site and want to add a small shop without rebuilding everything - WooCommerce is a practical extension of what you have
• You need to be live very quickly and have the technical knowledge to set it up - WooCommerce can be functional in a day for a straightforward product range
• Your budget is genuinely limited and you're comfortable managing the maintenance yourself
• You're testing a product idea and don't want to commit to a full build before you know there's a market

When bespoke is the better investment

• Security matters to you - and it should, because your customers' payment and personal data is at stake
• You're building a brand - not just a transaction mechanism. Art, food, clothing, gifts - anything where the look and feel of the shop is part of what you're selling
• You want to trade for the long term - the economics of bespoke are better from year 2 onwards, and significantly better by year 5
• You want one person responsible for everything - design, build, hosting, updates, support - rather than managing a stack of third-party plugins and a hosting provider separately
• You don't want to think about updates - a bespoke shop doesn't need the constant patch cycle that WordPress demands

"WooCommerce is a reasonable tool for a specific job. The mistake is using it as the default for every job, because it's what most developers know."

Moving away from WooCommerce

Many businesses reach a point where WooCommerce stops working for them - a security incident, spiralling plugin costs, or simply the frustration of fighting the platform to do what their business needs. Migration to a bespoke shop is entirely possible.

What migration involves: exporting your product catalogue, customer data, and order history, then rebuilding the front-end and configuring the new shop. URL structures typically change - WooCommerce uses `/product/` and `/product-category/` paths - which means implementing careful redirect mapping to preserve search rankings.

Migration adds cost and complexity that wouldn't exist if the shop had been built properly from the start. If you're considering WooCommerce as a temporary measure while you build up revenue, it's worth factoring in the future migration cost when making the decision.

Summary

WooCommerce is a capable platform for businesses that understand its trade-offs: ongoing maintenance, security vigilance, plugin dependency, and design constraints that come with building on top of a general-purpose CMS.

For a UK small business that's serious about its brand, plans to trade for 3+ years, and wants someone to take full responsibility for the shop - design, build, hosting and security - a bespoke build is the more coherent choice. The upfront cost is higher. Everything after that is lower and simpler.