The guide for setting requirements for WordPress & WooCommerce projects

Procuring a WooCommerce project can be complicated. What should your set of requirements look like and how do you choose service providers?

Within your own organization, there is a lot of knowledge about the business values that ​​you would want to get out of your E-commerce, but rarely expert knowledge about what processes and actions you should expect from your provider.

In this guide, we will go through how to think when deciding what set of requirements to place for a WordPress or WooCommerce project to be successful and for choosing the right type of provider.

Before we start, it is important to say that this guide is primarily for projects whose outcome is intended to be used daily for a couple of years. This means that in addition to carrying out the project, it needs to be operated, managed, and further developed in a professional manner throughout its life cycle. If the idea is to carry out a project which is then discarded within 3-6 months, this guide is not applicable. Furthermore, the guide is aimed at e-retailers who actually sell products or services, and where it is important that the solution always works. If you feel that it does not matter that the check-out on the page is down for a couple of days, this guide is, yet again,  not applicable.

Disposition of requirements

A set of requirements may look a little different, but as a rule of thumb, these different ingredients should be included:

• Background
  • About the product/service
  • About the organization
• Business goals
• User stories
• Delivery terms
  • Time estimation
  • Requirements for the working method
  • Instructions for documentation and reports
  • GDPR and other legal requirements
• administration
  • Expected traffic profile (number of visitors/month)
  • Operating requirements
  • Requirements for technical maintenance
  • Requirements for further development
• Appendix: Documentation of third party systems (if applicable)

If you want, you can also write suggestions for different personas and different use cases, but the above-presented disposition and content should work for most projects.

Demands are always based on business goals

There is always a basic idea about what kind of business value you expect to get out of the project you want to run. The project should always have its starting point in these goals and then be broken down into more specific requirements and demands.

Guidelines for business goals to be achieved are usually set by the company’s management and may look something like this:

• We will increase the number of leads
• We will increase net income per employee
• We will increase the number of job applications

These business goals are then broken down into functional and non-functional requirements. In modern projects, User stories are often used, which is an easy way to define requirements so that both customers and providers can understand and agree.

What are user stories?

A user story is a brief specification of a functional or non-functional requirement. A specification for e-commerce could, for example, mention that you have a shopping cart. This is called an Epic. An epic is then broken down into several smaller User stories, which in turn have Acceptance tests. A user story is usually expressed in the following form, “As a <role> I want <goal / desire / event> to <purpose>”

User story examples

As a visitor, I want to get a visual notification that shows how many products I have in my shopping cart when I add a product. This feature is important because it makes it clear to the visitor how many products are in the shopping cart.

Acceptance criteria

• When I click on “buy” on a product for the first time, a number appears next to “Shopping Cart” in the menu.
• If I remove all products from the shopping cart, the number disappears from the menu.
• If I add or remove products in the shopping cart, the counter increases and decreases to reflect how many products the shopping cart contains.

Even non-functional requirements can be useful to express as User stories. For example;

• As a visitor, I want the site to be available 99.9% of the time I try to use it so that I do not get frustrated and find another site to buy from.
• As a visitor, I want to be able to use the website with a speech-to-text emulator.

For further information we recommend User Stories Applied by Mike Cohn.

Who should set the requirements?

In the long term, the business will own the project’s outcome and hopefully use it in its daily operations. This means that the quality of the requirements can only be ensured by those who know how the system will be used.

Therefore, the project will work the best if requirements are placed through different units within the organization performing tests. An IT organization is, for example, experts in requirements based on technology and systems, while in an e-commerce project, the sales and logistics departments can be experts in the functionality you want. Using several departments minimizes the risk of blind decisions compared to if the entire set of requirements comes from one and the same business unit.

5 things are needed for the requirements process to succeed;

1. Review the roles, responsibilities, and mandates.
2. Create a requirements strategy that describes how the requirements management work is to be carried out.
3. Facilitate workshops with different stakeholders to land priorities.
4. Establish a model for how requirements setting and prioritization should take place.
5. Establish a plan for how the project is reported in your organizational structure and culture.

Make demands on the project’s work processes

There are many different ways to run projects. As a client, it can feel reassuring that a project has a fixed price, but this way of working is seldom what produces the best result. Instead, you should look for a provider who is used to goal management and who works with so-called agile working methods.

Iterative work process

In an agile working method, you work to achieve the business goals rather than deliver exactly the requirement specifications that you agreed on at the beginning of the project. The knowledge that all parties acquire during the course of the project is extremely valuable and should be utilized in the best possible way. Implementing the project according to agile principles is, therefore what adds the most benefit to your organization.

At the same time, it should be said that it also requires that you set aside time to be involved in the project. If you do not get involved in the project, the project will not improve on the original requirements specification that you came up with. Read more about how agile WordPress projects work.

Set requirements for modern development methods

If you are to get a good delivery, modern development methods are extremely important, and requirements should be set after the provider’s internal processes. This can be crucial for the project’s long-term success and can protect you as a client from many expensive problems.

Version management

Most serious modern providers use versioning. This means that every change can be monitored and followed. Additionally, it creates opportunities for multiple employees to work on the same project simultaneously without destroying each other. Today, GIT is normally used, but SVN is also a widely used system in the WordPress community.

Local development environments

When you develop, you want to follow a strict process where the individual developer works on their computer in a copy of the “real” environment that you will use later. This allows several developers to collaborate simultaneously. Suppose you do not use local development environments. In that case, it can be problematic for several people to work simultaneously. It slows down the process and significantly increases the risk of encountering obstacles.

It is also essential to ask questions about how this is managed. How long is the set-up time per person? Some providers may have 4-8 hours of set-up time for a development environment, while others may have 30 minutes. Although it may seem insignificant in the project work, it can result in enormous future costs.

VPN and deployment environments

After the developers have worked in their local environments, what they have built must be shown to you as a client for approval. This is often done in separate environments and with a database that is as similar as possible to what it will look like when it is “finished”. These can be referred to as “test environments”, “development environments” or “staging environments”, but most often they have approximately the same function.

Under no circumstances may these environments be open to the Internet, regardless of whether the content on the website is secret or not. If they are out in public, they can be exposed to attacks during the development process. They can also be indexed by search engines – which can be a disaster for your digital marketing. For these reasons, we recommend that the sites are only accessible via VPN.

Builds and component management

When working in larger groups, it is important to have a process that separates standardized process measures – builds – from the individual’s computer. These measures need to be taken as part of the overall infrastructure, otherwise, it will be very difficult for several people to cooperate. These builds can then be used to, for example, optimize and analyze code on an ongoing basis in order to create high quality in the ongoing work.

In these builds, component management is often an important principle. This is usually done with a software called Composer, which is a structured and modern way to ensure that all components used in the project are downloaded and signed from the correct source.

In addition to this, the builds can consist of a number of other process measures such as the implementation of SASS  or performance improvements such as webpack. As long as there is a process with an existing documented standard or versioning, you can be pretty sure that it will turn outright.

Deploy tool

When code is deployed, it is advantageous if it is put into deployed in a controlled and automated way. This is especially important if you have a high load and need to deploy code to many parallel environments simultaneously. Having an automated process also reduces the risk of errors being made.

A tool that you want to have here is primarily Capistrano, but there are also many other techniques, such as Deployer, Rocketeer, Ansible etc.

Automated tests

When changes are implemented in a complex project, changes in one end can have consequences in five others. To ensure that this does not happen, it is vital that there are automated tests that ensure that it is simply not possible to commission things that make essential functions unusable or malfunction.

Visual comparison tests

A small change can cause small errors in all sorts of places. It can be very difficult – if not impossible – for a person to discover if these minor adjustments have created errors somewhere. Therefore, visual comparison tests. tests are very helpful. You take screenshots of the website in various screen formats before and after the change – and then you examine the potential differences. These differences are then presented in a report to the developer, who then can decide if they were intentional or mishaps. 

Doing so prevents errors from making their way out to your customers, which could cause a loss of income or hurt your reputation.

GDPR

GDPR (General Data Protection Regulation) is the EU’s new data legislation that regulates how personal data may be stored. Personal data is a relatively broad concept and actually includes most things that can be traced back to a person – including e-mail addresses.

It is not only important that the provider knows how the legislation works, but also of the utmost importance that the provider handles personal data correctly. For example, it is not allowed to copy data from the production environment to a test environment without anonymizing the user data in between. Working with a web agency that does not have this process could expose your company to multiple risks.

Set requirements for terms of delivery

One of the most important things to clarify is when delivery can take place. Here it is important to keep in mind that you, as a client, must also have adequate bandwidth to get fast delivery. It will be near impossible to set an exact schedule early in the project, but an approximate guideline based on your business needs is of course necessary.

Terms of payment

Depending on you and the provider’s liquidity, it may be important to have slightly more extended periods on each invoice. 30, 60, or 90 days? It should be clear early so that it does not become a problem in the future.

Reporting requirements

Do you have an internal client who has permission to make decisions about new functions and not just to prioritize within the project? Then it is especially important that there are requirements regarding reports. It is crucial to be able to, through meeting protocols, follow when additions are made and what is prioritized in the project.

Placing demands on further development and maintenance

Once the project is completed, it will proceed to be put in a type of further development/management phase. Here is where you start working actively with the tools to see the fruit of your investment.

In this phase, it is important to continually iterate and evaluate to ensure that as much value as possible is added to the organization. This usually requires multifaceted knowledge. With the help of data analysis, statistical tools, and user tests (along with listening to customers and prospects), you can obtain information that indicates if something needs to be clarified or changed.

This process is essential as it helps you raise ROI and lower your cost to achieve your set goals.

Operation and technical management

When the project is complete, it will be put into operating mode. The potential problem is that the company running the operation may have poor control and understanding regarding how the application is to be operated as they often have no involvement in the development of the application. 

Modern development methods require a streamlined work process, which means that the separation between those who develop the application and those who operate it can be dangerous. An agile and thorough collaboration is required for the application to be able to scale in a good way and add the intended value to the organization.

SLA

The most important question you can ask yourself when searching for an operating company is which SLA levels apply and what response time you can expect when something goes wrong. Additionally,  it’s also important to request information on penalty is also important. An SLA without penalty requirements is a useless SLA. A reasonable SLA is a basic requirement and is just as important as the design of the solution. If the provider cannot provide a sensible SLA, it is a good idea to opt-out.

Load balancing

If the solution is to cope with visitors’ eventual scaling, load balancers must be put into place in the operating solution. This means that the traffic load is balanced out between several different servers so that the site does not go down when there is a large amount of traffic.

Cache and performance optimization

In order for the application to be fast and able to handle a lot of traffic, there is a need for cache and continuous performance optimization. However, usually, it is very difficult for someone who has not been particularly familiar with the project to optimize performance easily.

Log monitoring

When visitors enter the website, the website generates logs. Furthermore, as PHP is updated or new versions of WordPress & WooCommerce are added, minor issues may arise. There may also be built-in bottlenecks that have been difficult to detect during the ongoing development work that makes the website extremely slow or simply stop working under certain specific conditions. This should be taken very seriously as it can hurt a company’s affairs, reputation, and financials.

On a thousand uses of the site, this may only happen once, causing the errors to hide in a mountain of data. With the help of log monitoring, it is possible to follow up patterns and deviations in the enormous amount of data in a smooth way.

Security scan

When it comes to critical security updates, these need to be posted quickly. Therefore, it is important that there is an automated solution in place to check and warn if there are security flaws in the components used on the website. We recommend WPScan Vulnerability Database.

Technical maintenance

With open-source code, you use open components. This is an incredible strength that gives you a lot more for your money compared to choosing proprietary systems. This means that there are often security updates and feature updates that are free of charge. However, these updates must be installed and checked carefully before they are added to ensure the functioning of the website or E-commerce is not compromised.

How do you narrow down possible providers?

Finding potential providers to be part of the procurement can be challenging. In the vast majority of cases, you work with an agency, but if you have a sufficiently large organization, you may work with an internal team of developers and need reinforcement from an expert resource that guides the internal team correctly.

There are more aspects to looking for a good provider than just googling “web agency UK”. When you make the selection, be more specific. Is it an E-commerce you want to do? Google “WooCommerce Web Agency”. Is it a marketing website? Google “WordPress Web Agency”. Doing this and combining it together with the recommended providers in WooExperts can be a good starting point for your procurement.

Geography, legal, and language

Today, the Internet and digitalization have created an everyday life where it is possible to collaborate over long distances. This has created opportunities that were not possible before, regardless, there are some things that are still worth considering.

Is it possible to meet the provider in a physical meetings?

Even though collaborations today work well over large physical distances and physical meetings are not needed to the same extent, it is still valuable to be able to be seen in person.

If the provider has a greater distance than 200 km to the nearest office, physical meetings can be cumbersome to arrange, which definitely is something to keep in mind.

What legal applies if something goes wrong?

If a provider is abroad, it might not act under the same legal framework as you. For example, this can affect how personal data and sensitive data are stored and handled at the company. In Europe, from May 25th, 2018, all companies must comply with the EU’s rules on data protection, GDPR (General Data Protection Regulation). This means that choosing a provider outside the EU who does not fully grasp your legal requirements and legislation can cost your company enormous sums in fines.

In practical terms, GDPR implies many different things, but as an example, the provider must anonymize order data when managing it to the various environments in an automated way.

What language does the provider communicate in?

What often goes wrong in a project, no matter how well the requirements are written, is always communication. Therefore, it is important to be proactive in preventing as many possible problems in communication as possible. This is easiest to do by setting requirements for what language the provider should communicate in.

Does the provider have the right range of services and size?

An important aspect when choosing a supplier is whether the supplier’s range of services is compatible with what you want to do and whether the supplier is able to deliver throughout the full life cycle. This is usually related to the company’s size,  as very small suppliers and individual freelancers do not have the opportunity to spend the time and energy on process and competence development that a larger company has the opportunity to do.

Does the agency have a multifaceted knowledge?

Different agencies specialize in different things. To have a pleasant project, it is beneficial if the agency has many different competencies. Even though it may be the case that the system administrator or the AdWords expert won’t implement much in your particular project, it is still valuable for the future that the provider has this expertise.

Does the agency do a little bit of everything?

Does the agency have a clear focus, or do they just do a little bit of everything? It is not uncommon to see providers working with EpiServer, WooCommerce, Magento, and Umbraco. There may be a danger in choosing a supplier with too diverse a range, as the risk is the spread creates limited platform competence.

Does the agency seem to be the right size for you?

For companies that need to be light-footed and able to act quickly on the outside world changes, bandwidth is important. If you run a small business, it is often natural to look for another small business. Smaller companies are often very responsive and easy to work with and it is often possible to negotiate a good price as there is no great overhead in the organization. The disadvantage here is often that you rarely have a well-developed work process for the entire life cycle – you are good at a few things and not so good at others.

Does the provider have the right experience?

Experience can be expressed in a couple of different ways. It can be anything from how many years in the industry a company has, to what types of customers they are used to working with.

Estimates and spikes

Many of the requirements can take considerable time to investigate and may therefore not always be estimated by the provider. That the provider does not know does not have to be an expression that they do not have experience and competence, but may instead be because they want to make the right solution rather than inventing a number taken out of thin air. Doing smaller surveys, so-called “spikes” is a common way of working. After a selection has been made so that you have narrowed it down to 1-2 suppliers, do not be afraid to give them time to perform a paid survey – it can often pay off.

Look for similar projects in their portfolio

When examining the supplier’s experience, the first thing you can look at is to see if there are similar projects among the company’s previously completed projects. WordPress and WooCommerce are incredibly flexible and modular software and can be used for various applications. If you are looking for an agency that, for example, specializes in WooCommerce E-commerce, this is an aspect you should consider, if you are looking for a web agency that focuses on WordPress LMS implementations, this is something you should look for.

About Certifications, Partnerships and Reputation

WordPress and WooCommerce are built on open source. This means that just because a supplier themselves claim to be experts, it does not have to be true. Every time someone mentions that you are an expert, you should take this with a pinch of salt and check if it is actually true.

Certifications and partnerships

In practice, there are no certifications in WordPress and WooCommerce. What is available, however, is WooExperts, which is the partner program for WooCommerce experts. It is not possible to enter this program without being approved by Automattic, the company that runs WooCommerce and WordPress. This affiliate program is the only one that is similar to a certification that can be obtained in our industry and should be taken very seriously. It is simply safer to choose a supplier that you know has been approved by Automattic.

Number of Open Source projects

Another aspect you should look at is how many open-source projects the provider has been involved in. The first thing to look for when purchasing a WordPress or WooCommerce project is whether the company has contributed improvements to either WordPress or the WooCommerce core. If they have done this, it often means that they have a very deep knowledge of the software.

The next thing to look for is how many Plugins and Themes the provider has made available. This is easily checked by looking for a wordpress.org profile or a corporate Github account. The advantage of examining the wordpress.org profile is that it is possible to see an estimate of how many users a specific plugin has. Normally you can say that if the provider has one or more plugins with many users, they are used to making well-tested solutions that at the same time add a lot of value to its users. These are qualities that you probably want to take advantage of.

Last in line is to examine how many projects they have engaged in outside of WordPress and the WooCommerce sphere. Maybe there is an interesting project that uses exciting technology or is groundbreaking? The fact that it is published means that the supplier is not afraid of being examined by others, even on their side projects.

Participation in industry meetings

Within WordPress and WooCommerce, there are official industry meetings. These are called WordCamps and WooConfs. These are sanctioned by the WordPress foundation and follow strict requirements and guidelines for using the brand. As such, they usually have committees that decide who is allowed to give lectures based on their perceived value to the audience. Having lectured or arranged such an industry meeting is a strong merit.

Conclusion

Choosing the right provider can be extremely difficult. We hope that this guide will help you in the procurement jungle and that you will find a supplier who will help you take your WordPress E-commerce to the skies.

Good luck with your E-commerce!