Set up a Secure, Performant WooCommerce Site with Kinsta

WordPress is one of the most versatile, powerful systems available to build websites with. Despite starting out as a blogging platform it’s now equally capable for creating online stores as are platforms dedicated solely to e-commerce.

However, its power and versatility come with a catch: if you are completely managing everything to do with your WordPress site yourself it can be a massive, time consuming and technically challenging task in a few key areas:

  • Securing your site against hackers and brute force attacks
  • Protecting against DDOS attacks
  • Keeping the CMS, its plugins, and its themes up to date
  • Optimizing the host server for speed and performance

In my own experience with administrating WordPress sites I found that many of my domains would be under constant assault from brute force attacks and spam-bots, literally 24 hours a day. Keeping defenses strong took a great amount of research, time and attention.

It’s due to this all too common scenario that “managed” WordPress hosting, where the host takes care of essential security and optimization tasks for you, has been an increasingly popular choice in recent years. When you don’t have to think about these critical requirements yourself, you’re free to spend your energy on doing what you really want to do, and that is managing your store and focusing on your business or project.

Kinsta is one such managed WordPress hosting provider, and in this tutorial we’ll see how to use their tools to set up a secure, performant store based on the WooCommerce plugin. Let’s begin!

 If You Already Have a WordPress Website

If you have a WordPress-based store already set up and you’d like to bring it over, or if you have a regular WordPress website you’d like to add a store to, you can use Kinsta’s included migration service so you don’t have to deal with the transfer process yourself.

The included migration service will be conducted by Kinsta staff. You can migrate any number of sites free of charge as long as they are currently on one of the following hosts: 

  • A2Hosting
  • Cloudways
  • DreamHost
  • Flywheel
  • Pagely
  • Pantheon
  • SiteGround
  • tsoHost
  • WP Engine

If your site is on a different host the migration service is still free for your first site, but after that a fee applies for additional sites.

To migrate a site log in to your dashboard, look in the left sidebar for the Migrations menu item. Click the link and you’ll be taken to a page where you can choose between a Premium (first time free) or Basic (always free) migration.

kinsta migrations

Set up a New Website

If you’re not migrating an existing site and you’re starting a fresh site instead, let’s go through the necessary steps.

Add a New Site Via the Dashboard

Begin by logging in to your Kinsta dashboard. In the top right corner you should see a button with the label Add your first site now. Go ahead and click that button to initiate the process.

Add your first site now

A dialogue box will appear, and as the first step of the setup process you’ll see a field labeled Location. In order to understand what to select here you need to know about the cloud platform the service runs on.

Rather than running on their own servers, Kinsta’s service is built on and distributed through Google Cloud, which is a network of servers located around the world. In practice this means that when you create your site you can choose a Google Data Center with a physical location that makes sense for your business or project.

The best approach is typically to choose a data center in the region nearest to most of your customers. The proximity will help you to optimize load speeds for those customers. Note that you can choose different data centers for different sites.

different data centers for different sites

Once you’ve selected a location, add a name for your site. If you’ll be pointing a custom domain at your site you should also check the box labelled I’ll use my own domain and enter said domain in the box that follows:

enter said domain in the box that follow

Click the Select install mode drop-down box and choose Add a brand new WordPress install:

Add a brand new WordPress install

This selection will make a new collection of fields appear, into which you can enter the details with which you want to configure your WordPress site.

Enter a title for your site, a username, password, and en email address. 

Remember: never ever use “admin” as your username on a site as it makes it very easy for someone to guess what your username is. For a secure password, feel free to use the inline password generator to the right of the password field.

At the bottom of the form you’ll see three checkboxes, giving you the option of automatically installing WordPress multisite, WooCommerce, and Yoast SEO.

In the image below you’ll see we’ve unchecked the multisite option as we don’t really need it. We’ve also kept Yoast SEO selected as it’s a long time favorite SEO plugin among WordPress users. Finally, we’ve kept WooCommerce checked as we’ll use it to build our demo store in this tutorial.

Note that you don’t have to use WooCommerce for your store; after the initial site setup you can install any
e-commerce plugin you choose as long as it’s available in the WordPress
repositories. However, Kinsta does have optimizations specifically for
WooCommerce, such as cache rules to help optimize WooCommerce performance and
automated scaling for traffic surges, so you may wish to factor that
into your decision making.

For more information on using WooCommerce on Kinsta see their documentation.

Once you’ve finished filling in the site setup form click the Add site button.

Add site

It can take a few minutes for the site setup to run, and you’ll receive an email once it’s finished, so go make a cup of tea until the notification lands in your inbox.

Note: If you want to create additional sites you can repeat the same steps from within the Kinsta dashboard. For more info on managing multiple sites see the Kinsta documentation.

Domain and Free SSL

The next step you’ll want to complete is pointing a custom domain at your site and setting up SSL to ensure secure connections between visitors and the host. You’ll need to have your domain set up before you can install an SSL certificate, so make sure that is the first of the two tasks you complete.

To get your domain set up follow Kinsta’s guide on DNS, which gives you a few options on different ways you can configure your domain.

Note: If you migrated your site, the staff at Kinsta will have already helped you set up your domain at this stage.

Once your domain is set up you can install the free SSL certificate that is included with your hosting. To do so, select your site from the Dashboard or Sites section of the Kinsta admin area, then go into the Tools panel and under Enable HTTPS select Generate free SSL certificate:

Generate free SSL certificate

For full information on setting up SSL see the Kinsta knowledgebase.

Set up WooCommerce

During the setup of the site, the WooCommerce plugin will have been installed automatically but we still need to activate it and initiate the store creation process.

Note: If you migrated your site rather than creating a new one, you’ll need to install the plugin manually in your WordPress admin area’s plugin page.

Activate the WooCommerce Plugin, Run the Wizard

Log in to your WordPress admin area, (as opposed to the Kinsta dashboard). If you’re not sure of the URL you can go to your site’s Domains panel and click the Open WordPress admin link:

Once logged in, go into the Plugins section of the admin area, locate the listing for the WooCommerce plugin, and click its Activate link:

This will initiate a setup wizard during which you will configure your store, starting by entering your address, currency and whether you are selling physical and / or digital products:

setup wizard

In the next step you can select the payment providers you would like to utilize, and their corresponding plugins will be installed for you:

payment providers

Specify the way you would like to handle shipping in the next panel:

Specify the way you would like to handle shipping

In the next step you can choose whether or not to install an included WooCommerce theme, as well as some additional plugins. Here’s how you can decide which boxes to check or uncheck:

  • If you don’t have another WooCommerce theme already picked out it’s a good idea to keep the Storefront Theme option selected so you have a proper store layout right away.
  • If you want to evaluate whether the Automated Taxes option is a good fit for you, you can read about the plugin it installs on wordpress.org.
  • If you do want to use Automated Taxes it will also require the use of Jetpack, which you can read about on wordpress.org.
  • The WooCommerce Admin plugin will most likely be something you’ll find helpful in running your store, so you will probably want to leave this option checked.
  • The Mailchimp and Facebook plugins are not required, so unless you are already using those platforms and wish to integrate them into your site, you can safely uncheck these options.
recommendations

If you elected to use the Automated Taxes plugin, the next page will ask you to connect your store to Jetpack, which you can do by clicking Continue with Jetpack then following the prompts:

Continue with Jetpack

Once the setup is finalized you are ready to go, and on the last page of the wizard you can locate and click the button labelled Create a product to get started:

Create a product to get started

Add Some Products

At this point you should have been taken back into the WordPress admin area. To directly add a new product to your site, locate the Products section in the left sidebar and click Add New.

The first time you add a product you will see a series of prompts pop up to guide you. Complete each recommended step, clicking the Next button to see the following step. In short, you’ll be adding some descriptive text, pricing, images, and product categorization:

Once you have completed adding your first product, if you view it in your site the WooCommerce shop page should look something like this:

woocommerce shop page

Add a few more products and now when you view your WooCommerce shop page you should see a display like this:

product catalogue on woocommerce shop page

At this point your store setup is all done!

From here you can keep adding products, setting up different categories and tags to organize them, customizing your homepage and so on.

Let’s take a look at some additional steps to take after the main setup is done.

What to do After Setup

Create a Staging Environment

Sometimes if you decide to make modifications to aspects of your site, such as switching out themes or plugins, unexpected site errors can happen that you don’t want to expose to your site visitors.

A way to protect yourself from site errors being public is to set up a duplicate of your site called a “Staging environment”. You can use this second version of your site to test any significant changes before pushing them live.

To create a staging environment, first select your site from the Dashboard or Sites section in the Kinsta admin area. In the top right corner click the Change environment button and choose Staging environment:

Staging environment

At this point you will see a message telling you the system is creating a staging environment. It has to create a second copy of your site, so expect it to take about the same time as the initial install:

It has to create a second copy of your site

When the creation of the staging environment is complete, the page you were on will look like this instead:

staging

You can make changes on your staging environment by using the URL   https://staging-sitename.kinsta.cloud, where you replace sitename with your own site’s name, e.g. https://staging-mystore.kinsta.cloud.

Once you’re happy with how your staging environment is running you can make your changes public by clicking the Push Staging to Live button seen in the image above.

For more on working with a staging environment see:

Enable CDN

If you wish, you can activate Kinsta’s included CDN, (content delivery network), which can help speed up your site by serving a cached copy to your visitors from a location near to them.

To do so, go to the Kinsta CDN panel for your site and click the Enable Kinsta CDN button.

Enable Kinsta CDN

Once your CDN is activated you can monitor its usage by going to the Analytics section in the left sidebar of the Kinsta admin area, then choosing Tools > CDN Usage. You
get 200GB of data transfer included with your hosting every month, which should be ample for the
typical site.

Configure Automated Backups

Daily backups are on by default, but if you would like you can configure backups for a different increment, such as hourly.

Go to the Backups panel for your site and choose either Hourly or Manual to change how frequently your site is backed up:

you can configure backups for a different increment such as hourly

If at any time you need to restore a backup, just select it from your site’s Backups panel, click the Restore to button and choose to have the backup applied to either your staging or live environment:

For more on backups see Kinsta’s knowledgebase.

Hardening Security

It’s always important to be security conscious with any site, but especially an e-commerce site. As mentioned earlier, one of the primary reasons many people choose a managed host is so that a good portion of security is handled for you, as is the case with Kinsta:

“We continuously run malware scans, support GeoIP blocking, and
automatically ban abusive IPs. Free SSL, SFTP, SSH, HTTP/2 and A+
ratings on Qualys SSL Labs are standard.”

That said, there is still more you can do from within WordPress as well. Kinsta provide a comprehensive guide on additional plugins and configuration they recommend using in conjunction with their service.

Follow its steps over on the Kinsta blog.

Extra Tools

Your site is now all set to go, so we’ll wrap up with a look at a few extra tools you might like to use as part of your ongoing site admin.

Check on Performance Analytics

You can check on the performance of various aspects of your site’s back end by going to Analytics and then to Performance:

Check on Performance Analytics

Using New Relic Monitoring

If you are a New Relic customer you can employ it for monitoring by going to your site’s Tools panel, locating New Relic monitoring and clicking Start monitoring:

Using New Relic Monitoring

For more on using New Relic in conjunction with Kinsta see the Kinsta blog.

Changing PHP Versions

If at some point you need to change the version of PHP your site is using you can go to its Tools panel, and under PHP Engine select the version you need to switch to:

Changing PHP Versions

Further Tools

As well as the above, SSH access is included, and additional services are available such as Elasticsearch, Railgun, Reverse proxy, and Redis support.

Wrapping Up

That should give you all the key steps you need to set up a new site, get the WooCommerce plugin up and running for your store, and handle monitoring, backups, and maintenance afterwards!

If you are planning to start a WordPress based store, or any type of WordPress site for that matter, consider whether managed hosting might be a good fit for your project. And if you like what you see, it’s also worth looking at the Kinsta affiliate program; partner up and earn up to $500 for each referral you send their way, plus a 10% recurring monthly commission! 

For more information on Kinsta visit: kinsta.com.

Learn More

If you’re interested in learning more about securing your WordPress website, these Tuts+ beginners courses are a great place to start: