Gerard Llanas Logo
● Freelance · WordPress / WooCommerce

STOREFRONTS

Multiple WooCommerce builds. Theme, SEO, blog & a custom verification plugin.

Two production WooCommerce stores delivered end-to-end — from a blank WordPress install to a tuned, indexed, content-rich shop. One of them ships with a bespoke WordPress plugin that gates restricted products behind DNI/NIE verification, GDPR-safe.

Visit zeroshot.esPlugin repo
From zero to liveHosting, WP setup, WooCommerce config, payments, shipping, taxes.
Technical SEOSchema, sitemaps, perf budgets, on-page tuning & indexing.
Custom pluginDNI/NIE gating, GDPR-safe, HPOS-compatible. Blocks & classic checkout.
02 / Builds

Two stores. Same playbook.

Both sites started from an empty WordPress install. Same end-to-end playbook: provisioning, theme baseline, catalog modelling, checkout tuning, SEO foundation and a content engine. Only one is publicly linked here — the other ships behind a private NDA.

Live

zeroshot.es

WooCommerce store with the bespoke DNI/NIE verification plugin wired into checkout. Botiga theme, custom SEO and blog.

Visit site
NDA

Local retail #2

Same end-to-end build for a second local business. Cannot publicly link — same patterns, same stack, different vertical.

Reference on request
OSS

DNI/NIE plugin

Born inside zeroshot.es, extracted as a reusable WordPress plugin. GPL v2, GDPR-safe, HPOS-ready.

GitHub
03 / Craft

Theme. SEO. Content.

Where I spent most of the time wasn't the cart — it was making the store findable, fast and pleasant to read. Custom Botiga theming, a technical SEO pass and a maintained blog stack.

Botiga theme tuning

  • Header / footer rebuild for brand identity
  • Product card & archive layout overrides
  • Cart & checkout polish — block + classic
  • Typography, colour tokens, dark accents

Technical SEO

  • Schema.org product / breadcrumb / FAQ markup
  • XML sitemaps, robots, canonical hygiene
  • Core Web Vitals — image, font & script budget
  • On-page tuning per product category

Blog engine

  • Editorial categories & tag taxonomy
  • Featured image / OG image pipeline
  • Related-products embeds in posts
  • Author / editorial workflow
04 / Custom Plugin

DNI/NIE gating at checkout.

Some products in zeroshot.es can't be sold without verifying the buyer's identity. WooCommerce doesn't ship that — so I built it. A WordPress plugin that injects a required upload field into the checkout (classic and the new Blocks checkout) whenever the cart contains a flagged product.

DNI / NIE uploadJPG · PNG · WebP · PDF · up to 5MB
Drag & dropNative file picker + DnD area
Cart-awareField appears only when needed
Verified onceSaved per user — no re-uploads later
● Both checkouts supportedClassic PHP hooks + a JS injector for WooCommerce Blocks. Same validation rules, one source of truth.
DNI/NIE upload field injected into the WooCommerce checkout
05 / Admin Flow

Orders wait. Admin verifies. Done.

Orders containing gated products land in On hold automatically. The order page gets a meta box rendering the uploaded document (image inline, PDF as download) with Verify / Reject actions. On verify, the order moves to Processing and the file is wiped from disk — GDPR by default.

  1. 1
    Cart triggers fieldCustomer uploads DNI + consents to GDPR clause.
  2. 2
    Order on holdStatus auto-pauses until human review.
  3. 3
    Admin verifiesInline preview, one-click Verify or Reject.
  4. 4
    File auto-deletedVerified user flagged — no re-uploads, no stored doc.
● HPOS-compatibleBuilt against WooCommerce's High-Performance Order Storage — works on both legacy posts and the new orders table.
WooCommerce order page showing DNI verification meta box with Verify / Reject actions
06 / Security & GDPR

Personal data, treated like it matters.

The whole point of the plugin is handling ID documents — everything else flows from that. Files never live in a publicly-reachable path, only valid MIME types pass, consent is explicit, and verified docs are erased on the spot.

● Defense in depthUploads land outside the web root, served via an authenticated AJAX endpoint that re-checks admin caps on every request.
Out of web root

Files stored under /uploads with a hard .htaccess deny — no direct URL access.

Strict validation

MIME + extension check, 5MB cap, executable types rejected, unique timestamped filenames.

Explicit consent

Customer must tick a GDPR clause before the upload field accepts a file. No tick, no submission.

Auto-erase on verify

On successful verification the file is physically deleted; only a boolean “verified” flag is kept on the user.

07 / Stack

Built on what works.

WordPress + WooCommerce as the platform, Botiga as the theme base, custom PHP for the verification layer. No bloated builder, no unnecessary plugins.

WordPress
WooCommerce
PHP 7.4+
Botiga Theme
WC Blocks
HPOS
MySQL
JavaScript
AJAX
.htaccess
Schema.org
GDPR
● Status — Live in production · Plugin open source

Ship the store.

These projects forced me to think like a shop owner first — what sells, what ranks, what the buyer trusts — then like an engineer. The plugin proves the second half: when WooCommerce stops short, you build the rest.

Live store

zeroshot.es — full WooCommerce build, theme, SEO and DNI gating wired into checkout.

Open source plugin

GPL v2 WordPress plugin. Drop in, configure flagged products, done.

Same playbook

Reused across two local-business stores — provisioning to production in weeks, not months.

Visit zeroshot.esPlugin repoAll projects