Why is commerce not allowed on community plans?

There is a security epidemic happening on web stores now and for the past couple of years.

All of the serious cybercrime gangs are regularly attacking and skimming Woo / Magento / Zencart powered sites. Their goals are the same always, (a) to steal the wp_users table and rest of the DB for spamming purposes, and (b) to add some kind of credit card skimmer to the website and steal payment information for as long as possible.

These attacks are automated and carried out by huge botnets, so it is very hard to avoid them attacking you and it is of utmost importance to keep on top of security updates and to minimize your attack surface on the site where Woo is installed.

Woocommerce doesn’t play well with other sites on the shared servers. This isn’t always apparent on day 1, but it becomes that way quickly. There are design flaws where it gets slower and slower the longer it lives. This starts to cause complications when bots come along and spider all the store pages, (none of them can cache properly), so the end result is that it’s really hard to tune to work well, and also really hard to measure how it’s messing up when it’s on the shared server.

Privacy/data security implications. Best practices for store data, and client data and PII is high security. Even if you don’t store credit card numbers, there’s names / addresses / emails / details on what people bought.

That is why we don’t allow it on community plans, and we really try not to make exceptions to that because it never seems to work out. One example of an exception to that though which might apply would be if you’re starting out slowly and the commerce won’t really be a thing or ramping up until a while after launch. At that time we could upgrade over to a more secure and scalable environment… so that might be a way to get in on community plan for starters.

In general though if the woo store gets busy at all you’ll need an 8GB VPS anyway, the 4GB ones run out of memory fast. However, that means your store is selling lots of stuff so in that case it won’t be a big deal if you have to throw $100/month more RAM at it.