With another great year coming to a close I thought it might be helpful to share the insights and some short comings with PrestaShop I have noticed in the last year. PrestaShop is a great platform, it probably has one of the most powerful feature sets of any ecommerce platforms, but at the same time it has its short comings as well.
Change Password Handling
We are coming into 2015 and passwords are still being sent out in plain text. Granted, they are not stored in plain text, they are stored salted and hashed; but still they are sent out in plain text. This is considered insecure on so many levels. No platform serious about security sends out passwords in plain text anymore. You expose your site and your customers main in the middle type attacks and also risk their payment security. As more payment modules get a deeper integration with PrestaShop, this becomes even more troubling. Several modules support storing tokenized cards now, so this poses an even greater risk as time goes on.
As far as I know there are not any open attacks on the version of Swift that PrestaShop uses, but I would not bet that one could not be made. The version is about 7 years old and does not properly support TLS the current standard for mail connections. What does that mean for you? PrestaShop has an SMTP feature that you will never be able to use. It will never connect to services like Mandrill or Gmail, because their connection types are not supported. There is a module from Bellini Services that does upgrade the version, you can get it here, but why even have the option present if it will never properly work?
Focus on Speed
Stop Adding new Functionality, Fix what is Broken
If you look at the change logs from version to version of PrestaShop you will notice that there are always new features added. I am of the opinion that new features only need to be added in major versions, unless it was a detrimental omission. But still, new features keep popping up and submitted bugs just get closed. It seems no real effort is put into trying to reproduce bugs anymore, and if the bug is a hard fix, it is just labeled a feature request and abandoned until someone’s feet are held to the fire. This is bad practice and it needs to stop.
Upgrades are still a pain to be honest. It should not be this way. One of the main reasons that upgrades are an issue is the ever changing roadmap of PrestaShop. The development flow has taken on an illogical process and continues to be just plain messy. The database schema is not the same from subversion to subversion, new features are added and old ones taken away from subversion to subversion. It is almost like an every man for himself development team. Some one gets a new idea and adds it, someone finds a feature to hard to fix, and takes it out. This madness needs to stop and a roadmap needs to be published.
Restoring Previous Features
When the update to 1.5 from 1.4 happened, several features went missing. Then when the update to 1.6 from 1.5 happened, even more features went MIA. What I imagine happened was during the rewrite, the features were to time consuming to add back in, so they were left out. You can no longer edit the .htaccess file from PrestaShop, there is no way to change the legend on product images, and a host of other basic features that were lost. Some time needs to be spent on bringing the product pack up to what it was, not adding new features that are useless to most shops.
Re-Factor the Default Template
It was nice that PrestaShop adopted bootstrap, but the implementation of it was not friendly at all. The CSS it overly bloated with selectors that are not used, or selectors that could be refactored to use existing selectors. I am all for having each element on a page having a selector, but even so, that does not mean the selectors have to be used. They can be unused but available allowing for modification at a later date. The CSS in 1.6 is so bloat that it will not run on IE without CCC enabled, even with it enabled there are still errors. The the theme needs to be taken back apart and put back together with better CSS usage and less bloat in the CSS files.
Keep People Out of Code
I have tried to stress this one so many times, but it always falls on deaf ears. The reason Shopify has taken hold is that it empowers users to make simple changes without having to be coding experts. The same thing with WordPress as well. PrestaShop needs to quit relying on 3rd party modules to handle what should integrated features. Features like this add no processing overhead to the frontend of the shop, but they add a richness and ease of use to the end user. There needs to be basic modules for editing the .htaccess, robots.txt, css files, and adding code to the header and footer template files. These are no brainers that would make PrestaShop more readily adopted by end users.
In saying all of this, PrestaShop is a great platform, I just want to see it grow into a better platform that is adopted by more businesses. It has the power, and the features that business needs, it just needs some minor tweaks to get back on the right path of delivering what the market wants and needs.
About the Author: Lesley Paone
Lesley has worked in e-commerce for over a decade, and is the founder of dh42. Starting out with PrestaShop and brancing out into other platforms like Shopify. He loves all things e-commerce and loves a challenge, in his spare time he helps moderate several forums on SEO, e-commerce, as well as the PrestaShop forum. If you have any questions for him about any of his articles just use our contact form to contact him.