WordPress Plugin for Nonprofits Using Embeddable Forms and Buttons

Disclaimer: ActBlue user roles and permissions  dictate what users can do on our platform. If the tools or features mentioned in this article are unavailable to you, please speak to your Dashboard Admin(s) about updating your permissions. 

In this article:

1. Using the Plugin for Embeddable Forms
2. Customizing Forms for the Plugin
3. Using the Plugin for Embeddable Buttons
4. Customizing Buttons for the Plugin
5. Security for WordPress Plugins

Many nonprofits and campaigns host their websites on WordPress, so to make fundraising as easy as possible, we have a WordPress plugin for our embeddable contribution forms and buttons. You can download the “ActBlue Contributions” plugin in the WordPress plugin directory . This plugin enables groups to embed a contribution form or button on their WordPress websites in seconds instead of editing their websites’ source code. The plugin requires WordPress version 4.5 or newer. 

Please note that embeddable forms and buttons are only available for 501(c)(3) and 501(c)(4) nonprofit organizations and federal campaigns.

Using the Plugin for Embeddable Forms

After downloading the “ActBlue Contributions” plugin in the WordPress directory here , you have multiple options for embedding your form. First, you can copy and paste your embed form’s URL into the WordPress editor. After hitting “Enter” or “Return,” the form will appear:  

You can also search for the “ActBlue Embed” block within the WordPress editor:

Select “ActBlue Embed” and paste your embed form’s URL in the block. Click “Embed."

Customizing Forms for the Plugin

Most ActBlue form customizations will work with the WordPress plugin:  

• Spanish language option
• Custom inputs
• Recurring settings
• Promotions
• Upsells
• Preset donation amounts
• Custom email receipts
• Smart Boost upsells

These features are in the tabs of the form editor: 

If you want to set a custom fixed height for your embed form, which is in the “Embed Generator” tab of the form editor, you need to select the “Generate Embed” button and manually add the HTML snippet that appears in the pop-up to your WordPress site.

In the settings of your WordPress ActBlue Embed block, you can add a refcode, which allows you to easily track and collect data on where donations are coming from. 

Using the Plugin for Embeddable Buttons

Embeddable buttons are donate buttons you can insert into your webpage that launch a pop-up modal where a donor finishes the donation process. They are a great option when your webpage has limited space, like in a navigation bar, menu, or hero area.

Download the “ActBlue Contributions” plugin on WordPress  to use the plugin for embeddable buttons. Search for the “ActBlue Buttons” block within the WordPress editor: 

Open the ActBlue Buttons block to see the default WordPress button tools, with an added section for “ActBlue Settings.”

Simply paste an embed form’s URL in the block and click “Connect.”

Once you publish your changes to WordPress, clicking on the button on your site will launch an ActBlue modal where donors can give.

Customizing Buttons for the Plugin

You can customize button appearance using the WordPress button tools. Find more information about WordPress button customizations here.

To customize the contribution form in the modal, go to the form editor for your embeddable form. 

Most ActBlue form customizations will work with the WordPress plugin:  

• Spanish language option
• Custom inputs
• Recurring settings
• Promotions
• Upsells
• Preset donation amounts
• Custom email receipts
• Smart Boost upsells

These features are in the tabs of the form editor: 

You can also pick a donation amount to be automatically selected when donors land on the contribution form modal using the WordPress button tools.

Unlike our regular embeddable buttons that you add directly to your website’s source code with HTML, the WordPress plugin does not support customizations in the “Embed Generator” tab of the form editor. Recurring options and button amounts found there are set in the other tabs of the form editor as described above, and you can set button style using WordPress button tools. 

Add a refcode in the settings of your WordPress ActBlue Buttons block:

Security for WordPress Plugins

WordPress’s mission  to democratize publishing and embrace open source  has led to its adoption by individuals and organizations of all types. When paired with the ease of its famous five-minute install , the downside of this ubiquity is frequent attacks and malware.

Using the ActBlue Contributions plugin also increases your responsibilities as a WordPress site operator/administrator. Your site will act as a conduit through which contributions flow. A malicious WordPress plugin may hijack and redirect those contributions or donor data to a site other than ActBlue. You must exercise increased care when configuring and operating your site.

Here are a few tips to minimize the risks associated with using the ActBlue Contributions plugin with WordPress:

Keep it secure

• If you’re not using a fully managed service like wordpress.com, use a trusted WordPress hosting provider  with a proven security track record. Look for hosts that have a dedicated support team, provide SSL, manage WordPress updates, and proactively scan for vulnerabilities, misconfigurations, and attacks.
• Use HTTPS  for your entire site, especially WordPress core files (starting with wp-). ActBlue embeds won’t work on non-HTTPS URLs.
• Protect access to the WordPress Dashboard using strong passwords  and Two-Factor Authentication  (2FA).
• Limit the number of admin users by using user roles .
• Limit login attempts  to prevent account credential brute force attacks.
• Disable file editing  from within the WordPress Dashboard.
• Keep WordPress activity  and web request logs and review them regularly for unexpected events. These may indicate suspicious admin activity or that an attacker has access to an admin account.
• Be wary of email messages requesting that you log into your WordPress account (i.e., phishing attacks ) or upload plugins manually.
• Protect against denial-of-service and other attacks by deploying a Web Application Firewall (WAF) such as Cloudflare  in front of your site.
• Set up routine audits of your site codebase using a malware scanning plugin such as WordFence , iThemes Security , or Sucuri Security .
• Regularly back up your site via a hosting provider or plugin like VaultPress  or UpdraftPlus .

Be careful when installing third-party themes or plugins

• Only install plugins from trusted sources like the official WordPress.org plugin repository . 
• Do your due diligence — does it work with the latest version of WordPress? Has it been updated in the last two years? How many people are using it, and are they happy with it? Find answers to these questions by reviewing the WP.org plugin listing and support forum.
• Minimize the number of installed plugins on your site.

Keep it up-to-date

• Enable automatic updates  for WordPress core and third-party plugins or themes.
• Make sure you test custom theme or plugin components against new WordPress releases.
• Ensure your server OS and system packages like PHP and MySQL are up-to-date. A strong hosting provider like Kinsta  and SiteGround  will handle this for you.

Learn More

• • https://wordpress.org/support/article/hardening-wordpress/
  • https://kinsta.com/blog/wordpress-security/
  • https://sucuri.net/guides/wordpress-security/
  • https://www.wpbeginner.com/wordpress-security/
  • https://www.wpwhitesecurity.com/guide-choose-right-plugin-wordpress/

The amount of support that the ActBlue Customer Service Team can provide is dependent on the permissions that you have. Check with your entity Admin about your assigned role. 

If you have any questions, please contact our support team  using the email address you use to access your ActBlue account.