Starting an online store involves more decisions than most people expect. Platform, domain, hosting, payment gateway, shipping configuration, legal compliance, and pre-launch testing all need to be sorted before you can start selling. Getting them right from the start is significantly easier than fixing them after you've launched and have live traffic and orders. This guide works through the full setup process in the correct order.
The two dominant options for small-to-medium stores are WooCommerce and Shopify. WooCommerce is free open-source software that runs on WordPress. You own and manage the hosting, choose your payment gateway, and have complete control over every aspect of the store. Shopify is a managed SaaS platform with a monthly subscription (starting at $29/month) that handles hosting, security, and software updates within a closed ecosystem. Both work well, the choice comes down to your priorities.
Choose WooCommerce if: you already have a WordPress site, you want to own your platform without dependency on a SaaS vendor, you have developer resources or technical confidence, or your order volume is high enough that Shopify's transaction fees represent a meaningful ongoing cost. Choose Shopify if: you want to start selling quickly with minimal technical setup, you have no existing web presence, or you're happy paying a monthly fee for a fully managed experience. Both choices are legitimate, what's important is making an informed decision based on your specific situation rather than default assumptions.
Register a domain that matches your business name as closely as possible. Use .com if available, it has the highest recognition globally. For businesses serving primarily a national market, a country-specific TLD (.co.uk, .com.au, .ie) works equally well and may actually perform better for local search. Avoid hyphens, numbers, and unusual character combinations, domains that need to be spelled out verbally create friction. Keep it memorable and as short as practical.
Register your domain with a dedicated registrar (Namecheap, Cloudflare, IONOS) rather than bundled with hosting if possible, this keeps domain and hosting separate, making future hosting migrations simpler. If your business name is already taken as a .com, check alternative TLDs or a slight variation before settling on a hyphenated version or obscure extension. Don't spend weeks agonising over a domain, a solid .co.uk or a slightly different .com name is better than delaying launch.
WooCommerce is significantly more demanding than a standard WordPress site. It runs more database queries per page, handles session data per visitor, processes payment callbacks, and has no tolerance for downtime during a sale. Cheap shared hosting that works for a blog often fails under WooCommerce load, particularly at checkout, where pages can't be cached and must be generated fresh by PHP on every request.
The minimum requirements for a WooCommerce host: PHP 8.2 (selectable from cPanel, not a global server default), 256MB PHP memory limit (512MB preferred), MySQL 5.6 or MariaDB 10.0 or newer, SSL included as standard (free Let's Encrypt), server-level caching that correctly excludes WooCommerce dynamic pages (LiteSpeed Cache is ideal), and daily automated backups with restore capability. A host that meets these requirements and has adequate server resources for your expected traffic is a better investment than the cheapest plan available, a slow checkout directly costs you conversion revenue.
SSL is mandatory for any store handling payment data. Without HTTPS, browsers display security warnings before checkout, payment gateways refuse to load their JavaScript, and you fail PCI compliance requirements. Install your SSL certificate via cPanel → SSL/TLS → Let's Encrypt before configuring WooCommerce. After installing SSL, force all traffic to HTTPS, either via the Really Simple SSL plugin, a redirect rule in .htaccess, or your server configuration.
Security beyond SSL: install a security plugin (Wordfence or Solid Security have capable free versions), keep WordPress core, WooCommerce, and all plugins updated, use unique strong passwords for WordPress admin and cPanel, and never store raw card details on your server. All payment processing should happen through your payment gateway (Stripe, PayPal, WooCommerce Payments), they handle PCI compliance for card data so you don't have to. Your responsibility is keeping your WordPress environment secure, not the payment card data itself.
Set up at least two payment methods before going live. Stripe (or WooCommerce Payments if available in your country) as primary: handles credit/debit cards, Apple Pay, and Google Pay from one integration, with clean checkout UX and 2-day payouts. PayPal as secondary: significant user base with stored payment details, easy to add alongside Stripe. Enable Apple Pay and Google Pay via the Stripe plugin's Payment Request Buttons setting, these appear automatically on compatible devices and measurably improve mobile conversion.
After setting up gateways, test a real transaction end-to-end before going live. Use Stripe's test card (4242 4242 4242 4242, any future expiry, any CVV) in test mode to place a complete order. Verify: the order appears in WooCommerce → Orders with the correct status and order details, the customer receives an order confirmation email at the correct address, and the WooCommerce admin receives the new order notification. Switch to live mode only after this test passes. A payment gateway configured incorrectly but appearing to "work" in the interface can fail silently on real transactions.
Before accepting any orders, you need these pages in place. A Privacy Policy: required by GDPR (EU/UK), CCPA (California), and most other privacy regulations. Detail what data you collect, how you use it, and how customers can request access or deletion. Generators from Termly or iubenda can create a compliant starting point. Terms and Conditions of Sale: covers purchase terms, your liability limitations, and how disputes are handled. WooCommerce includes a Terms and Conditions checkbox at checkout, link it to this page. A Returns and Refunds Policy: in the UK and EU, consumers have statutory rights to return most goods within 14 days; your policy must at minimum meet this legal requirement.
If selling to EU customers, a cookie consent mechanism is legally required. A plugin like CookieYes or Complianz adds a GDPR-compliant cookie consent banner and blocks non-essential cookies until consent is given. For stores collecting email addresses for marketing, ensure you have explicit opt-in consent and a clear unsubscribe mechanism in all marketing emails, required by GDPR and CAN-SPAM.
Work through this before going live. Test checkout with a real payment in test mode. Verify all payment methods work. Confirm order emails arrive at the correct customer and admin addresses. Check all product images display correctly on mobile and desktop. Verify shipping rates are correct for each zone, enter test addresses from each region and confirm correct methods appear. Confirm SSL is active sitewide (no HTTP pages, no mixed content). Test the returns process: can a customer initiate a return from their account? Check your store's page speed with Google PageSpeed Insights, mobile score matters most.
Run a soft launch before public announcement, share the live store with 5–10 friends or colleagues and ask them to attempt a purchase. Real people use stores differently than developers do, and problems that don't appear during solo testing often surface immediately when real users try the checkout. Fix what they find, then announce publicly. A broken checkout on launch day is harder to recover from than a quiet bug fix before traffic arrives.
HostBible WordPress plans are configured for WooCommerce from the start: LiteSpeed caching with correct cart exclusions, SSL included, and daily backups of your store data.
View Hosting Plans