For years, WordPress and WooCommerce served our clients well enough.
But "well enough" has a shelf life. As the projects we took on became more complex (international e-commerce with multiple VAT rates or B2B platforms with a B2C webshop) WordPress started showing its limitations.
So we made a decision. We built our own commerce platform: Next.js on the frontend, Vendure as the e-commerce engine, and a custom CMS purpose-built for how our clients actually work. This post explains why.
Is WordPress secure enough for business websites in 2025?
Let's start with the most uncomfortable truth. According to Lars Koudal, in 2024 7,966 new vulnerabilities were discovered in the WordPress ecosystem (34% increase over the previous year). By 2025, that number jumped to over 11,300. Of those, 90% were found in plugins.
That's over 30 new vulnerabilities discovered every day in 2025.
Here's the part that should concern any business owner: more than half of the plugin developers who were notified about vulnerabilities in their code didn't patch the issue before it was publicly disclosed. That means there's a window (could be hours or could be weeks) where your store is exposed and the fix simply doesn't exist yet.
For a blog site, this might be an acceptable risk. For an e-commerce store processing payments, and managing customer data? It's a different calculation entirely.
The root cause is architectural. WordPress is a monolithic system where every plugin has access to the same database, the same PHP runtime, and the same user sessions. One vulnerable plugin doesn't just affect its own feature: it can compromise your entire site. A single outdated contact form plugin can become the entry point that exposes your customer database.
Our approach eliminates this risk. The frontend that your customers interact with is completely separated from the backend that manages your data. There's no admin panel exposed to the public internet. The communication happens through authenticated API calls, and each layer can be secured independently.
How does WordPress performance affect your revenue?
Every e-commerce study arrives at the same conclusion: speed directly affects revenue. According to 2024 Bright Global Report, a one-second delay in page load can increase cart abandonment by up to 20% and millions in lost revenue.
WordPress and WooCommerce have a fundamental performance challenge that no amount of optimisation can fully solve. Every page request triggers a full PHP execution cycle: WordPress bootstraps itself, loads the active theme, initialises every plugin, queries the database, assembles the HTML, and sends it to the browser. For dynamic e-commerce pages, where caching is often impossible because of live cart data, personalised pricing, or real-time inventory, this process repeats for every single visitor.
The typical WooCommerce optimisation journey looks something like this: you start with a shared hosting plan, realise it's too slow, upgrade to managed WordPress hosting. You install a caching plugin, then discover it conflicts with your cart functionality. You add a CDN, optimise images, minify scripts. At some point you're spending more time and money keeping the site fast than you spent building it.
With Next.js, performance is built into the architecture. Pages can be pre-rendered at build time and served as static files from a global CDN. When dynamic data is needed (cart contents, pricing, stock levels), only that specific data is fetched through the API. The rest of the page is already rendered and cached at the edge, physically close to wherever your customer is browsing from.
The difference is measurable. Where a well-optimised WooCommerce store might achieve load times of 2-4 seconds (and an unoptimised one far worse), our headless architecture consistently delivers sub-second load times. Because the architecture itself doesn't carry the overhead.
What is the real cost of WordPress plugins?
WooCommerce is technically free. But any business that has run a serious WooCommerce store knows this is misleading.
Want B2B pricing with customer-specific rates? That's a premium plugin, typically €99–€199 per year. Multi-warehouse inventory management? Another plugin. Multiple VAT rates for international sales? Plugin. Advanced shipping rules? Plugin. Each one comes with its own annual license fee, update cycle, and potential to conflict with everything else you've installed.
A mid-size e-commerce operation easily accumulates €1,000–€3,000 per year in plugin subscriptions alone, before accounting for the managed hosting, the security monitoring, and the development hours spent troubleshooting the inevitable plugin conflicts.
But the real cost isn't financial: it's architectural. Every plugin is a dependency you don't control. When WooCommerce pushes a major update, you're at the mercy of every plugin developer to release a compatible version. When two plugins conflict (and they will), you're debugging code written by strangers with no obligation to help you.
In 2024, over 1,600 plugins were removed from the WordPress repository due to security concerns. Some of those plugins were active on thousands of sites, and the businesses running them didn't get a warning. Vulnerability
We chose to build differently. Instead of stitching together dozens of third-party plugins, our commerce platform has the features businesses actually need built into the core: multi-currency support, customer-specific pricing, complex tax calculations, multi-warehouse inventory, and B2B/B2C hybrid capabilities. Nothing is bolted on. Everything is designed to work together because it was built together.
What does a modern e-commerce website actually need?
There's a category of e-commerce challenges that WordPress simply wasn't designed for. Not because WordPress is bad software, but because it was built as a content management system that later had e-commerce functionality added through plugins. That origin shows when requirements get complex.
Consider this example. An international B2B/B2C wine supplier needs different VAT rates per country and product category, customer-specific pricing tiers for wholesale clients, inventory tracking across multiple physical warehouses, age verification compliance that varies by market… the list goes on.
A brand operating across multiple European markets also has specific needs: different regulatory requirements per country, market-specific payment methods, warehouse allocation logic that routes orders to the nearest fulfilment centre, and a single admin interface to manage it all.
In WooCommerce, each of these requirements means another plugin, another annual subscription, and another dependency. By the time you've assembled the full stack, you're not really using WooCommerce anymore: you're maintaining a fragile patchwork of third-party code that happens to share a database.
Our platform handles these requirements natively. Vendure, the e-commerce engine at its core, was designed from the ground up for exactly these scenarios. It's built with TypeScript and Node.js, exposes everything through a GraphQL API, and uses a plugin architecture that extends the system cleanly rather than patching around its limitations.
This is what we've implemented for clients with exactly these requirements; and the difference in reliability and maintainability is night and day compared to the WooCommerce equivalents we used to build.
Is WordPress ready for AI and automation?
Here's something that rarely comes up in platform discussions but will define the next five years of e-commerce: how well does your platform support AI integration and process automation?
WordPress was designed for an era of static web pages. Its architecture wasn't built to support real-time AI-powered features like intelligent product recommendations, dynamic pricing optimisation or predictive inventory management.
A headless, API-first architecture is fundamentally different. Because all data flows through structured APIs, integrating AI services is straightforward: feed product data to a recommendation engine, connect customer behaviour data to a personalisation service, pipe order patterns to a demand forecasting model. The API layer becomes the integration point, and the frontend can consume AI-enhanced data just as easily as it consumes product listings.
This isn't theoretical for us. At sixtynine.digital, we're already building AI-powered automation tools. Our custom commerce platform is designed with these integrations in mind.
What are the trade-offs of leaving WordPress?
We're not going to pretend there isn't a trade-off. A custom commerce platform costs more upfront than installing WooCommerce and a handful of plugins. The development timeline is longer. You need a technical partner who understands the architecture.
WordPress wins on initial cost and speed to market. If you're launching a small online store with straightforward requirements, WooCommerce is perfectly fine.
But if your business is growing, you're expanding into new markets, you're tired of spending development hours on plugin updates and security patches instead of growing your business - things change.
The upfront investment in a custom platform will pay for itself through lower maintenance costs, fewer security incidents, better performance, and the ability to build features your competitors can't replicate with off-the-shelf plugins.
What do we build instead of WordPress?
Our commerce platform is purpose-built for businesses that have outgrown the limitations of traditional e-commerce:
Next.js frontend delivers sub-second page loads through server-side rendering and static generation, with built-in SEO optimisation that helps your pages rank. Every page is responsive, accessible, and performs well on Google's Core Web Vitals.
Vendure e-commerce engine handles the complex commerce logic: multi-channel selling, sophisticated tax and pricing rules, inventory across locations, customer groups with different privileges, and a robust order management system. It's open-source, enterprise-grade, and built with the same modern technology stack we use across our entire platform.
Custom CMS gives your team an editing experience designed for how you actually work. Every field, every workflow, every permission is tailored to your business.
Everything connects through GraphQL APIs, which means your commerce platform can integrate with anything: your ERP, your warehouse management system, your email marketing, your analytics, your future AI tools. Nothing is locked in.
Why does the technology choice matter?
We didn't abandon WordPress because it's trendy to criticise it. We moved on because our clients' needs evolved beyond what it could reliably deliver.
That's the same approach we take to everything at sixtynine. We don't pick services from a menu. We start with understanding what your business actually needs and work backwards from there. Sometimes the answer is elegant and simple. Sometimes it's a custom commerce platform that handles complexity your competitors can't match.
If you're questioning whether your current platform is holding your business back, that instinct is probably right. Let's talk about what the right foundation looks like for where you're headed.