Executive Summary
Following a website migration to Kinsta, cocinoNcasa required a series of technical adjustments to optimize the checkout flow, resolve security vulnerabilities, and streamline the user experience for their subscription-based meal service.
The project was divided into two phases: Phase 1 focused on high-priority functionality and “Silent Checkout” for weekly recipes, while Phase 2 addressed security headers, 2FA, and UI/UX refinements.
Client:
cocinoNcasa
Country:
Spain
Industry:
Food-Tech / E-commerce Subscriptions (B2C)
Core Objective:
To reduce friction in the weekly recipe selection process for existing subscribers while hardening platform security and implementing strict regional delivery controls following a site migration.
Project Scope & Objectives
Checkout Optimization
Simplify the recipe management process to reduce friction for existing subscribers
Security Hardening
Security Hardening: Implementation of HSTS headers, resolution of DMARC/SPF email alignment issues, and transitioning to a robust 2FA system.
Technical Maintenance
Upgrading the environment, and resolving intermittent REST API errors.
Geographic Restrictions
Limiting delivery services to specific provinces (Valencia/Alicante) and validating postal codes at checkout.
Challenges & Solutions
1
The “Silent Checkout” for Weekly Recipes
Challenge: Subscribers had to go through a full multi-step checkout for their weekly recipe selection.
Solution: Developed a custom QuickCheckout.php script integrated into the core recipe management plugin.
Outcome: Reduced a 3-step process to a near-instant transaction, significantly improving the UX for recurring customers.
2
Security & Authentication
Challenge: The existing Really Simple Security (RSS) plugin was generating false positives, and the 2FA via email was unreliable.
Solution: The security infrastructure was fortified by migrating HSTS and SSL management to Kinsta’s server-level tools, and streamlining administrative protection through a transition from the bloated RSS plugin to a lightweight 2FA solution.
3
Regional Shipping Logic
Challenge: The site allowed orders from all of Spain, despite the service only covering Valencia and Alicante.
Solution: The solution involved implementing a unified geographic restriction system within the child theme that limits province selection to specific regions, validates postal codes through a global function, and replaces standard WooCommerce errors with user-friendly redirects to the delivery zones page.
Final Results
Performance
Successfully upgraded the live environment to PHP 8.3 with zero downtime or plugin conflicts.
UX Improvements
Removed redundant inputs to declutter the checkout UI, corrected CSS issues, and localized all system messages into Spanish.
Data Integrity
Unified the postal code validation logic into a single source of truth within the child theme, making future updates (adding new zones) easier for the client to manage.
Conclusion
The project succeeded through an iterative “Staging-to-Live” workflow. By using Kinsta’s APM tool, the team was able to dismiss “Health Check” false positives and focus on actual server bottlenecks, ensuring the site remained fast and secure.
By moving security logic (SSL/HSTS) to the server level and replacing heavy “all-in-one” plugins with specialized code, the site achieved better performance and lower maintenance costs.
Very professional support. They have been patient throughout the whole process, very competent and diligent to help. Everything was handled quickly and with competence. Great team.
PABLO T.
