Create a High-Powered, Easy to Use and Secure Ecommerce Site

How do we keep this site running? This post may contain affiliate links — the cost is the same to you, but we get a referral fee. Compensation does not affect rankings. Thanks!

Lady shopping onlineThink of back in the day when you needed to hire a web designer or web master – the archaic guru that spoke in code and impressed you with a flashy website that did everything from sell your products to make your coffee…or did it? Was it all hype and promise, and when it came down to it, after having shelled out your hard-earned cash, you learn that the website is so complex that you need to hire them again and again to make updates, fixes, add products, and to keep it working and online? It’s time to kiss the old web days goodbye.

Enter Stage Left: Drupal, the CMS

In steps Drupal – a powerful open source (a community of developers that contribute to the development of software on a non-profit basis) Content Management System (CMS for short – an interface that allows a non-technical person to manage and update their website) that lets you create powerful websites and functionality with the click of a button (We Rock Your Web is running Drupal). For more on Drupal, browse our Drupal articles or checkout the official Drupal website,

Enter Stage Right: Ubercart, the Shopping Cart

Drupal can be extended via “plug-ins” or “add ons” named modules. Of all the ecommerce or shopping cart modules available, we’ve found Ubercart to be by far the most stable, reliable, feature packed and easy to use.

Ubercart installs in a couple of steps and allows you to sell products on your Drupal site. It goes beyond the simple implementation a site like Paypal provides and lets you setup product attributes (like selling digital file downloads (such as mp3 tracks), recurring fees such as magazine subscriptions, and more), shipping (retrieve real-time UPS shipping quotes) and tax specifications (specify tax rules based on billing or shipping profiles, product weight, dimensions, and more). But best of all, it allows you to integrate your own payment gateway, such as, so you can keep shoppers on your site and offer them a seamless checkout experience.

Merchant Bank Account and Payment Gateway

Once you’ve installed Drupal and the Ubercart module, you’ll want to contact your local bank and apply for a merchant account. This will let you accept online payments into your bank account. Ask them if they support as a payment gateway. integrates effortlessly with Ubercart, and lets you get up and running instantly, accepting credit cards (Visa, Mastercard, American Express, Discover) on your website, as well as electronic checks (via

Securing Your Server and Transactions

As an online merchant, you have the responsibility of keeping your customer’s financial data secure. In the industry, this is referred to as meeting PCI compliance. First, you’ll want to protect your customers’ credit card data as it passes from your website to your payment gateway ( Ask your host to install an SSL certificate (typically under $100/ year). You’ll also want to install the Drupal module secure pages, which will help you manage your SSL setup with your Drupal pages, making your customers’ shopping experience more efficient as only those pages that require it are encrypted (encrypted web pages typically load slower as a result of the encryption process).

As a final step to satisfying PCI compliance, you may want to consider signing up for’s CIM offering (Customer Information Manager). It lets you create payment profiles for customers. Credit card data is stored on secure servers, and all you need to do to complete a transaction is reference a customer’s payment profile.

What is an Annual PCI Compliance Fee? For those that already have merchant accounts setup, you may notice an additional $90/ year or so fee that has been pinned on your bill. This is done by merchant banks to help insure against liability should one of their merchants (ie. you) be subject to credit card fraud. Despite all the security measures you take, if you’re a high volume merchant, there’s still the likelihood of occasional credit card fraud taking place. It may not even be your fault, but this annual PCI compliance fee will help cover everyone’s butt in the event of a costly incident.

What About Paypal?

Paypal is a viable payment alternative for merchants that are just beginning, or have very low volume. The problem with Paypal is that if you want functionality equivalent to the Drupal + Ubercart + setup we mention above, you’ll need to shell out $30/ month for a Paypal Pro account, and an additional $20/ month to support recurring fees (ie. subscriptions to a product, or to bill someone a recurring hosting fee for example). That puts the monthly total very close to what you’ll typically pay with a fully loaded merchant account setup ($8/ month gateway fee, $20/ month for CIM, $10/ month for, $10/ month to your merchant account provider for statement processing/ service fees, $7.50 ($90/12) PCI compliance fee = $55.50/ month).

Merchant Account Vs. Paypal

Although Paypal transaction fees initially appear higher, you’ll find that with your merchant account transaction fees will usually only be slightly less. So unless you’re a high volume merchant, don’t go with a merchant account only because transaction fees are lower. The real reasons to go with a merchant account over Paypal are:

  • Transaction management and reporting capabilities are more powerful, and much faster, in the interface than they are on, which can load slowly and be a hassle to use.
  • Deposits are made directly into your bank account. This makes accounting easier than if your Paypal account is the middle man between your bank and credit card accounts.
  • The shopping experience on your website is seamless – there is no interaction with Paypal.
  • Unless you’re paying for Paypal Pro ($30/ month), customers will be required to sign up for a Paypal account, which can be a huge hassle and barrier to a purchase.
  • Typically merchant account customer service will be easier to reach and more responsive than Paypal customer service, which we’ve found to be lacking, especially for non-Pro users.

That being said, our recommendation is to provide both payment methods as an option (since some people prefer the inherent security of using Paypal and not needing to enter their credit card information on random websites). Ubercart lets you do this with the click of a button (customers will be presented with the option to pay via the payment methods you’ve selected, which may include credit cards, bank account/ eCheck, Paypal, COD, and more).

Drupal and Ubercart – An Ecommerce Match Made in Heaven

At the end of the day, you’re getting a free (open source = free) website content management system that is powerful (you can sell products, host video and audio streams, manage events and registrations, user permissions, forums, and more), well-known (several Fortune 500 websites run Drupal, and so does the White House website), and highly supported (the Drupal community is one of the fastest growing CMS communities in the world, with millions of users and hundreds of thousands of members and developers).

And you’re getting a free shopping cart module that rivals some of the most expensive ones out there. You can use Drupal + Ubercart to sell a combination of highly complex products with efficient and comprehensive back-end reporting and management tools. What are you waiting for?

Note that this article is more of a broad overview of the whole process. We leave the detailed installation steps to the manuals that come with each respective product. However, if you get stuck or have questions about a particular step, please comment below and we’ll do our best to help.

Rock on!

Alex bring a series of in-depth articles on search marketing and content management systems as well as troubleshooting tips to We Rock Your Web's collection. He is an avid tennis player, nature enthusiast, and hiker, and enjoys spending time with his wife, friends, and dogs, Bella and Lily.

Leave a Reply

3 Comments on "Create a High-Powered, Easy to Use and Secure Ecommerce Site"

Usman Kokab
Usman Kokab

Right! no body should say “E-Commerce Needs to Be Difficult” due so many CMS resources where we needs to redevelop our projects. You have made good picture for the redevelopment projects in eCommerce. It is true website CMS development has eased to maintain and manage our website content without paying any more to the developers and/or designers as earlier and we can easily make changes in our website as we need even in eCommerce projects due to the CMS systems. All CMS systems are valuable, but I love Magento. Thanks


iLead Digital, Magento Development Company


If you can just get ACH going with your clients/ merchants, do that. E-commerce merchants and service providers keep raising their rates. It’s totally ridiculous. I’m thinking about simply moving back to Paypal regular (free version).


Really good tutorial! I will definitely consider some of its points while creating my first e-commerce site.


Send this to a friend