The WordPress Integration Mistake Many Magento Merchants Make
Many merchants are interested in integrating WordPress and Magento in order to extend their shopping cart right into their content: customers can read rich content from a WordPress post or landing page, and if they like the products mentioned in those pages they can simply add to cart directly from the WordPress page. And they’re right: if done correctly, it can make for an awesome shopping experience.
According to WebsiteToolTester.com, over a third of the internet still runs on WordPress as of 2020, and WordPress powers 65% of websites that run a CMS¹. One of the main reasons is that WordPress is a very old platform, dating back 17 years to 2003, and it’s also an undeniably good CMS that has mostly kept up to date with the industry needs.
But there's a HUGE problem!
When searching for How to integrate WordPress with Magento most of the results in the first few pages will teach merchants how to install WordPress in the same server as Magento, and in most cases right within the Magento code-base itself.
My brain cringes as I type these words, and I’ll try to explain why.
WordPress is a Hacker’s Paradise
WordPress is a prime target for hackers, and it's not only due to market share, or the severe quality issues that plague their plugin ecosystem. The real prize are all the goodies hackers can find once they’re able to get inside.
WordPress is a platform that:
- Is often integrated with very capable, reputable email delivery services: ideal to send SPAM.
- Often saves huge lists of email addresses from blog subscriptions: ideal to sell those email addresses to spammers or as specialized email contact lists in the black market.
- Is so easy to install almost anyone does it, which unfortunately means that WordPress, more often than not, gets installed by people who don’t really know what they’re doing.
But the the cream of the crop, the pick of the litter, the icing on the cake: is when WordPress is running next to an eCommerce platform like Magento. Right on the same server. Right within the same code-base.
[TL;DR] Why not run WordPress within Magento?
Because when WordPress is running alongside your Magento store, hacking WordPress means hackers immediately also get access to the Magento code, along with a plethora of payment information and other personal details from any customers that purchase on your site. And as you can imagine, payment data is one of the most profitable things to hack.
Tip: this is also just another reason why we believe WooCommerce isn’t a good investment for most merchants!
The way they do it: once inside, hackers will inject code into your platform – right into the Magento code-base to sniff out payment details from your customers. And what’s worse: depending on how you’re managing your websites, you might not even realize this is happening for a very, VERY long time!
This is not only a huge risk for customers but also for the merchant, which could face multi-million euro penalties under laws like GDPR as well as class-action lawsuits.²
How to Integrate WordPress and Magento “The Right Way”
If you’re interested in integrating WordPress and Magento then these are some simple rules of thumb:
- Whatever you do, do NOT install WordPress and Magento alongside each other.
- Install and host Magento using latest industry security best-practices. You can still get all the features you need but without the risk!
- If you’re considering doing it yourself but you don’t have experienced Magento developers in-house, consider hiring Magento experts instead.
- If you’re low on budget (you’re not alone), remember that the security of your customer’s credit cards is not a good area to cut on costs.
How We Can Help
- Expert advice tailored to your specific needs and budget.
- A team of Magento developers ready to help you with all your Magento and WordPress needs.
If you made it here and are interested in our Magento services, we’d like to meet you for a free 10-minute online consultation, directly with one of our internationally-recognized Magento experts.