Best E-Commerce Frameworks Compared: A Practical Guide for Swiss SMEs

Choosing an E-Commerce Platform Is a Business Decision, Not a Technical One

When a business owner in Lugano or anywhere in Switzerland decides to sell products online, the first question is usually "which platform should I use?" And the answer they get depends entirely on who they ask. A WordPress developer will recommend WooCommerce. A Shopify partner will recommend Shopify. A digital agency that builds custom solutions will recommend something headless.

None of them are lying. But none of them are giving you the full picture either. The right e-commerce framework depends on your product catalog size, your transaction volume, your budget, your team's technical capability, and your growth plans. This guide lays out the facts so you can make that decision with clear eyes.

We will compare eight options: WooCommerce (WordPress), Shopify, Magento/Adobe Commerce, PrestaShop, Saleor (headless), Medusa.js (headless), Snipcart, and Stripe integrated with a static site. For each, we cover cost, scalability, security, ease of use, customization, and hosting requirements. At the end, you will find a total cost of ownership comparison over three years.

The Two Fundamental Approaches: Hosted vs Self-Hosted

Before we look at individual platforms, you need to understand the difference between hosted and self-hosted e-commerce. This single distinction shapes everything else.

Hosted Platforms (SaaS)

Shopify is the best-known example. You pay a monthly fee, and the platform handles servers, security updates, SSL certificates, PCI compliance, and uptime. You configure your store through a web interface, choose a theme, install apps, and start selling. You do not touch server infrastructure.

The trade-off: you are limited to what the platform allows. Custom checkout flows, unique database structures, or integration with legacy systems can be difficult or impossible. You also pay transaction fees on top of your monthly subscription (unless you use Shopify Payments).

Self-Hosted Platforms

WooCommerce, Magento, PrestaShop, Saleor, and Medusa.js all fall here. You download the software, install it on your own server (or a managed hosting provider), and you are responsible for everything: updates, security patches, backups, SSL, server configuration, and PCI compliance.

The trade-off: you have complete control. You can customize anything, integrate with any system, and you own your data fully. But you also own every problem that comes with it.

WooCommerce (WordPress)

What It Is

WooCommerce is a free, open-source plugin for WordPress. It turns any WordPress site into an online store. It powers roughly 28% of all online stores worldwide, making it the single most popular e-commerce platform by installation count.

Cost

The plugin itself is free. But "free" is misleading. You need hosting (CHF 10-50/month for shared, CHF 50-200/month for managed WordPress hosting), a domain, an SSL certificate (often included with hosting), a premium theme (CHF 50-200 one-time), and likely several paid extensions for payment gateways, shipping calculations, and invoicing. Expect CHF 1,500-5,000 in the first year for a properly configured store, including development time.

Security

This is where WooCommerce gets complicated. WordPress is the most targeted CMS on the internet, as we have covered in our analysis of WordPress vulnerabilities. Every plugin you add increases your attack surface. WooCommerce stores handle payment data, which means the security stakes are higher than a regular blog. You need to keep WordPress core, WooCommerce, your theme, and every plugin updated constantly. Missed updates are how most WooCommerce stores get compromised.

Best For

Businesses that already have a WordPress website and want to add a small to medium product catalog (under 5,000 products). Businesses with a developer or agency relationship who can maintain the installation. Businesses that need deep content marketing integration (blog + shop on the same platform).

Watch Out For

Performance degrades with large catalogs and high traffic unless you invest in proper hosting and caching. Plugin conflicts are common. PCI compliance is your responsibility.

Shopify

What It Is

Shopify is a fully hosted e-commerce platform. You sign up, pick a plan, configure your store, and start selling. It handles hosting, security, PCI compliance, and infrastructure scaling.

Cost

Plans start at USD 39/month (Basic), USD 105/month (Shopify), and USD 399/month (Advanced). Shopify Plus for enterprise starts at approximately USD 2,000/month. On top of this, you pay transaction fees of 2.9% + 30 cents per transaction on the Basic plan (lower on higher tiers), unless you use Shopify Payments. Most stores also buy a premium theme (USD 180-350 one-time) and several paid apps (USD 10-100/month each).

Security

Shopify handles PCI DSS Level 1 compliance for you. Your store runs on Shopify's infrastructure, which is monitored and patched by their team. You cannot install arbitrary server-side code (Liquid templates are sandboxed). This dramatically reduces the attack surface. The main security risk with Shopify comes from third-party apps that request broad permissions.

Best For

Businesses that want to start selling quickly without technical overhead. Businesses without a dedicated development team. Businesses that prioritize reliability and uptime over customization. Most Swiss SMEs selling physical products with a catalog under 10,000 items will find Shopify more than sufficient.

Watch Out For

You are locked into Shopify's ecosystem. Migrating away is painful. Liquid (Shopify's template language) has a learning curve. The app ecosystem can become expensive quickly, and some apps are poorly built.

Magento / Adobe Commerce

What It Is

Magento is an open-source e-commerce platform now owned by Adobe. The open-source version (Magento Open Source) is free. Adobe Commerce (formerly Magento Commerce) is the paid enterprise version with cloud hosting and additional features.

Cost

Magento Open Source is free to download, but you will spend significantly on development and hosting. A properly built Magento store typically costs CHF 20,000-100,000+ in initial development. Hosting for Magento requires robust infrastructure: CHF 100-500/month minimum for a VPS or dedicated server. Adobe Commerce licensing starts at approximately USD 22,000/year.

Security

Magento has a mixed security track record. Critical vulnerabilities have been found repeatedly (Magecart attacks specifically targeted Magento stores for years, as we discussed in our article on web skimming in e-commerce). The platform requires diligent patching. On the positive side, it has a mature security architecture with role-based access control, two-factor authentication, and built-in security scanning.

Best For

Large catalogs (10,000+ products), complex pricing rules, multi-store setups, B2B commerce with custom quoting, businesses with dedicated development teams. If you need a store that integrates with ERP, PIM, and CRM systems, Magento's architecture supports that well.

Watch Out For

Magento is resource-hungry. It needs PHP, MySQL, Elasticsearch, Redis, and Varnish to perform well. The complexity means higher development costs and longer timelines. For a small Swiss SME with 200 products, Magento is overkill.

PrestaShop

What It Is

PrestaShop is an open-source e-commerce platform particularly popular in Europe (especially France, Spain, and Italy). It offers a middle ground between WooCommerce's simplicity and Magento's feature depth.

Cost

The core platform is free. Like WooCommerce, the real costs come from hosting (CHF 20-100/month), modules (PrestaShop's marketplace has modules ranging from EUR 50-300 each), theme customization, and development. A typical PrestaShop store for an SME costs CHF 5,000-15,000 to build.

Security

PrestaShop has had its share of vulnerabilities. Third-party modules are a frequent attack vector. The platform requires regular updates and monitoring. It does not have the same size of security research community as WordPress, which means vulnerabilities can go undiscovered longer.

Best For

European SMEs familiar with the platform, stores with 500-10,000 products, businesses that need multi-language and multi-currency support (built-in and well-tested). PrestaShop's back office is available in Italian, French, and German, which is practical for businesses in Ticino and the rest of Switzerland.

Watch Out For

The module marketplace quality varies wildly. Some modules are abandoned or poorly coded. Migration from older PrestaShop versions (1.6 to 1.7, for example) is not straightforward.

Headless E-Commerce: Saleor and Medusa.js

What Headless Means

In a traditional e-commerce platform, the frontend (what the customer sees) and the backend (product management, orders, payments) are tightly coupled. Headless e-commerce separates them. The backend exposes an API (usually GraphQL or REST), and you build whatever frontend you want: a React app, a Vue.js site, a mobile app, or even a voice commerce interface.

This approach gives you total control over the customer experience, and it pairs well with the security advantages of static and Jamstack architectures.

Saleor

Saleor is a Python/Django-based headless e-commerce backend with a GraphQL API. It includes a dashboard for managing products, orders, and customers. You build the storefront separately using any frontend technology.

Cost: The open-source version is free. Saleor Cloud (managed hosting) starts at USD 300/month. Self-hosting requires a server capable of running Python, PostgreSQL, and Redis (CHF 50-200/month). Frontend development is separate and typically costs CHF 10,000-30,000.

Medusa.js

Medusa.js is a Node.js-based headless e-commerce engine. It positions itself as an open-source alternative to Shopify. It has a modular architecture where you can swap out payment providers, fulfillment services, and notification systems.

Cost: Free and open-source. Hosting requirements are modest: a Node.js server with PostgreSQL and Redis (CHF 20-100/month). Like Saleor, the frontend is built separately.

Security Advantage of Headless

Headless architectures have a significant security advantage: the admin interface and API are not exposed to the public internet by default. You can deploy the storefront as a static site on a CDN (as we explain in our guide to CDN benefits and security), making it nearly impossible to hack through the frontend. The API can be placed behind authentication and rate limiting. The admin dashboard can be restricted to specific IP addresses or accessed through a VPN.

Best For

Businesses with development teams that want full control over the customer experience. Multi-channel commerce (website + mobile app + marketplace). Businesses with unique checkout flows or product configuration needs. Companies planning to scale significantly and wanting an architecture that supports microservices.

Watch Out For

Both Saleor and Medusa.js are younger than WooCommerce or Shopify. The ecosystems are smaller, documentation can be thin in places, and you will rely on your development team for most customizations. This is not a "set it up over the weekend" option.

Snipcart: Adding E-Commerce to Any Website

What It Is

Snipcart is a JavaScript-based shopping cart that you can add to any existing website. You include a script tag, add HTML attributes to your product elements, and Snipcart handles the cart, checkout, and payment processing. It works with static sites, WordPress, any CMS, or even a plain HTML page.

Cost

2% transaction fee on all sales (minimum USD 10/month if your sales are below USD 500/month). No monthly subscription beyond the transaction fee for standard plans. The total cost depends on your sales volume.

Security

Snipcart handles PCI compliance. The checkout is rendered in an iframe hosted on Snipcart's servers, so payment data never touches your website. This is one of the safest options from a security perspective, especially when paired with a static site.

Best For

Small catalogs (under 100 products). Businesses that already have a website and want to add e-commerce without rebuilding. Developers using static site generators (Hugo, Eleventy, Astro) who want commerce capabilities. Selling digital products, event tickets, or services.

Watch Out For

Limited built-in inventory management. No native back office for complex order workflows. The 2% fee adds up at higher volumes (at CHF 500,000/year in sales, you are paying CHF 10,000/year to Snipcart).

Stripe + Static Site: The Minimalist Approach

What It Is

Stripe Checkout and Stripe Payment Links let you sell products directly through Stripe without a traditional e-commerce platform. You create products in the Stripe dashboard, generate checkout links or embed Stripe Checkout on your static site, and Stripe handles everything: payment processing, receipts, tax calculation (with Stripe Tax), and even subscription billing.

Cost

Stripe charges 2.9% + 30 cents per successful transaction in most European countries (rates vary). No monthly fee. Hosting for a static site is often free or under CHF 20/month (Netlify, Vercel, Cloudflare Pages). Total infrastructure cost is minimal.

Security

Outstanding. Stripe is PCI DSS Level 1 certified. Your static site has no server-side code to exploit, no database to breach, no admin panel to attack. Payment data is handled entirely by Stripe. This is the smallest possible attack surface for an e-commerce setup.

Best For

Businesses selling a small number of products or services (under 20). SaaS products. Consulting firms selling packages. Businesses that want the absolute minimum maintenance burden. If you are a consultant in Lugano selling three service packages, you do not need WooCommerce or Shopify. A clean static site with Stripe Checkout links will serve you well.

Watch Out For

No built-in product catalog browsing, filtering, or search. No inventory management. No customer accounts. This is a payment solution, not a full e-commerce platform. You will outgrow it if your catalog expands significantly.

PCI DSS: What Every Store Owner Must Understand

PCI DSS (Payment Card Industry Data Security Standard) is a set of security requirements for any business that processes, stores, or transmits credit card data. Non-compliance can result in fines, increased transaction fees, and liability in case of a data breach.

Here is how the platforms compare on PCI compliance burden:

Platform	PCI Compliance Responsibility	Your Effort
Shopify	Fully handled by Shopify	Minimal (SAQ A)
Snipcart	Handled by Snipcart + Stripe	Minimal (SAQ A)
Stripe + Static	Handled by Stripe	Minimal (SAQ A)
WooCommerce	Depends on payment gateway setup	Moderate to High (SAQ A-EP or SAQ D)
PrestaShop	Depends on payment module	Moderate to High
Magento	You + your hosting provider	High (SAQ D typically)
Saleor / Medusa.js	You + payment provider	Moderate (if using Stripe/Adyen redirects)

For Swiss SMEs without a dedicated security team, the PCI compliance burden alone can be a deciding factor. Hosted solutions and payment redirects (where the customer enters card details on the payment provider's page, not yours) dramatically simplify compliance. Our GDPR compliance guide covers the data protection side of running an online store.

Total Cost of Ownership: 3-Year Comparison

This table estimates the total cost over three years for a Swiss SME selling 500-1,000 products with monthly revenue of CHF 20,000. Costs include hosting, licensing, transaction fees, initial development, and ongoing maintenance.

Platform	Year 1	Year 2	Year 3	3-Year Total
WooCommerce	CHF 8,000	CHF 3,500	CHF 3,500	CHF 15,000
Shopify (Standard)	CHF 9,500	CHF 8,200	CHF 8,200	CHF 25,900
Magento Open Source	CHF 45,000	CHF 12,000	CHF 12,000	CHF 69,000
PrestaShop	CHF 12,000	CHF 4,000	CHF 4,000	CHF 20,000
Saleor (self-hosted)	CHF 25,000	CHF 6,000	CHF 6,000	CHF 37,000
Medusa.js	CHF 22,000	CHF 5,500	CHF 5,500	CHF 33,000
Snipcart	CHF 6,000	CHF 5,300	CHF 5,300	CHF 16,600
Stripe + Static	CHF 3,500	CHF 7,200	CHF 7,200	CHF 17,900

Notes on the table: Year 1 costs include initial design and development. WooCommerce appears cheapest over three years but does not include the cost of security incidents (and WooCommerce stores are statistically more likely to be compromised). Shopify's higher ongoing cost includes the platform handling security, hosting, and PCI compliance. Stripe + Static has low Year 1 costs but transaction fees accumulate. Magento's high Year 1 reflects the development investment required.

Decision Framework: Which Platform Should You Choose?

Choose Shopify if:

• You want to start selling within weeks, not months
• You do not have a development team and do not want to manage one
• Your catalog is under 10,000 products
• You value reliability and low maintenance over deep customization
• You are comfortable with recurring monthly costs

Choose WooCommerce if:

• You already have a WordPress site with significant content
• You have a developer or agency maintaining your site
• Your catalog is under 5,000 products
• You need tight integration between your blog/content and your store
• You understand and accept the security risks of CMS plugins

Choose a headless solution (Saleor, Medusa.js) if:

• You have an in-house development team or a strong agency partnership
• You need a unique customer experience that templates cannot deliver
• You plan to sell across multiple channels (web, mobile, marketplace)
• Performance and security are top priorities
• You are building a brand where the shopping experience is a differentiator

Choose Stripe + Static if:

• You sell fewer than 20 products or services
• You want the absolute minimum attack surface and maintenance
• Your "store" is really a service offering with a few pricing tiers
• You want to launch fast with near-zero infrastructure

Choose Magento only if:

• You have 10,000+ products with complex pricing, attributes, and categories
• You need B2B features (custom pricing per customer, quote workflows)
• You have budget for professional development and ongoing maintenance
• You need multi-store management from a single backend

What We Recommend for Swiss SMEs

For most small and medium businesses in Ticino and across Switzerland, the choice comes down to three realistic options:

1. Shopify for businesses that want to focus on selling, not on technology. The monthly cost is predictable, the platform is reliable, and the security burden is minimal.
2. A static site with Snipcart or Stripe for businesses with small catalogs that want maximum security and minimum maintenance. This pairs particularly well with the Jamstack architecture approach we described in our WordPress vs Jamstack comparison.
3. A headless solution for businesses with specific requirements that off-the-shelf platforms cannot meet, provided they have the budget and technical resources to support it.

WooCommerce is viable but carries security and maintenance overhead that many SMEs underestimate. PrestaShop is solid if you have European-market-specific needs. Magento is for enterprises with enterprise budgets.

If you are unsure which direction is right for your business, we are happy to discuss your specific situation. Get in touch for an honest assessment with no platform bias.