Keeping it simple is really the way to go with any tool that you introduce into your system. Every plugin you introduce complicates your existing setup and increases the chance that something will not be compatible. For this reason, I chose to keep this down to an absolute minimum. I chose these tools because they’re major players so a) they have a lot of documentation b) they play well together c) they’re flexible and can perform multiple functions. Before I found these, I was using a bunch of different plugins, some that were pretty obscure and didn’t get updated regularly, and it wasn’t long before I started running into compatibility problems. Don’t do that to yourself.
Main site or separate site?
You could build this system as a part of your main site if you’re not going to be collecting sensitive information and are trying to cut down on licenses and hosting costs. If you’re managing simple orders, you can keep it on your main site. If you’re collecting a lot of lead data you need to keep secret from your competitors and maintain the privacy of your clients, you should created a separate WordPress install on a secret URL that can only be accessed by certain IP addresses. Ideally, you should keep your system on a local server, which will keep it more secure and will enable it to loan faster, plus you’ll save on hosting.
If you’re adept at handling your own backups and setting up a test environment for rolling out new features, any host will do. I’ve used inexpensive shared hosting from Bluehost and it does the job.
Personally, for larger systems, I like to invest in WP Engine for the peace of mind. If you’re putting all your data in one place and your site is hacked or you inadvertently take down your site and experience the white screen of death, you can restore your site with a few clicks. For a non-developer or technically challenged person, this will save your ass. You can also create a staging environment easily so you can experiment and break things without affecting your users. Also, their page load times are incredible. If you’re using your system a lot, those few seconds will make a difference as you go from page to page processing orders and whatnot.
You can do this several different ways:
If you want to get your hands dirty and get it for free, you can install a free SSL cert from Let’s Encrypt.
If you want to get less dirty, but get something a little less secure but still free, you can use CloudFlare. Here’s the tutorial I followed on how to set up HTTPS on WordPress for free.
Or there’s my favorite, pay your host to do it. For my host, WP Engine, it’s $50 a year for standard SSL. I could get an SSL cert from somewhere else, but then I’d need to upgrade my plan, so for a lot of sites, I just keep it simple and let them do it.
In theory, you could use any theme. I’ve always built mine on the Genesis Framework because I’m most familiar with it, I can trust the quality of the code and it has a lot of customization options built in. If you opt for a non Genesis theme, I recommend going with a popular theme with a lot of documentation.
If you’re creating your workflow system as an extension of your current theme, keep in mind that if you add functionality in the functions file of your theme (such as creating custom post types) they will disappear if you change themes. For this reason, I recommend making your changes in a plugin.