I consider WordPress malware because it's doing all of these calls to each plugin creator and the various big tech participants, but in a way that slows your VPS machine.  So it's not serving you or the visitor, it's serving the software creator to benefit them.  They want to monetize your data and are willing to hurt you to do so.

In fact, even the "simplystatic" plugin for WordPress had 20+ javascript calls on the final product.  So they could not even just display the text and pics

Local hosting means it works without internet using "hugo server" where you go to "localhost" in a browser

As far as woocommerce, it depends on how much data you're looking to collect from the customer.  If you're okay with fields for email, name, address then Opencart, Abantecart, or one of the other similar ones in that family, that hook up to BTCPay or fiat processors.