ActBlue Support: Your guide to running a grassroots fundraising program and donating online using ActBlue’s digital tools.

ActBlue Support - return to the home page

WordPress Plugin for Nonprofits Using Embeddable Forms and Buttons

In this article:

  1. Using the Plugin for Embeddable Forms
  2. Customizing Forms for the Plugin
  3. Using the Plugin for Embeddable Buttons
  4. Customizing Buttons for the Plugin
  5. Security for WordPress Plugins

We know many nonprofits host their websites on WordPress, so to make fundraising as easy as possible, we’ve created a WordPress plugin for our embeddable contribution forms and buttons! You can download the “ActBlue Contributions” plugin in the WordPress plugin directory. This plugin enables 501(c)(3) and 501(c)(4) fundraisers to embed a contribution form or button on their WordPress websites in a matter of seconds, instead of having to edit their websites’ source code. The plugin requires WordPress version 4.5 at least, and is currently tested up to version 5.5.3. 

Please Note: ActBlue’s embeddable forms and buttons are only available for admins of 501(c)(3) and 501(c)(4) nonprofit organizations. If you are an admin for a 501(c)(3) or (c)(4) and also a political group, you will only see the embed option on your 501(c)(3)’s or (c)(4)’s Dashboard.

Using the Plugin for Embeddable Forms

After downloading the “ActBlue Contributions” plugin in the WordPress directory here, you have multiple options for embedding your form. First, you can simply copy and paste your embed form’s URL in the WordPress editor. After hitting “Enter” or “Return,” the embed form will appear:  

You can also search for the “ActBlue Embed” block within the WordPress editor: 

Select “ActBlue Embed” to open the embed block. Just paste your embed form’s URL in the block and click the “Embed” button to finish! 

Customizing Forms for the Plugin

Most of the customizations in the ActBlue form editor for your embeddable form will automatically work with the WordPress plugin: our Spanish language option; custom inputs; recurring settings, promotions, and upsells; preset donation amounts; custom email receipt text; and Smart Boost upsells. These can be found in the “Form customization,” “Recurring settings,” “Preset donation amounts,” “Thanks and receipt,” and “Post-donation upsells” tabs of the form editor: 

If you would like to set a custom fixed height for your embed form, which is found in the “Embed Generator” tab of the form editor, you will have to select the “Generate Embed” button and manually add the HTML snippet that appears in the pop-up to your WordPress site.

In the settings of your WordPress ActBlue Embed block, you can add a refcode, which will allow you to easily track where your donations are coming from and collect useful data

Using the Plugin for Embeddable Buttons

Embeddable buttons are donation buttons you can insert into your webpage that launch a pop-up modal where the remainder of the contribution takes place. Embeddable buttons are a great option when your webpage has limited space, like in a navigation bar, menu, or hero area. This is what the modal will look like:

To use the WordPress plugin for embeddable buttons, first download our “ActBlue Contributions” plugin on WordPress here. Then search for the “ActBlue Buttons” block within the WordPress editor: 

Once you open the ActBlue Buttons block, you’ll see the default WordPress button tools, with an added section for “ActBlue Settings.”

Simply paste an embed form’s URL in the block and click the “Connect” button to finish! 

Once you publish your changes to WordPress, clicking on the button on your site will launch an ActBlue modal where donors can give. 

Customizing Buttons for the Plugin

To make these buttons as easy as possible to use, you customize their appearance using the WordPress button tools! You can find more information about WordPress’ button customizations here.

To customize the contribution form that appears in the modal after a donor clicks one of these buttons on your site, go to the form editor for your embeddable form. In the “Form customization,” “Recurring settings,” “Preset donation amounts,” “Thanks and receipt,” and “Post-donation upsells” tabs of the form editor, you can customize your form with our Spanish language option; custom inputs; recurring settings, promotions, and upsells; preset donation amounts; custom email receipt text; and Smart Boost upsells.

You can also pick a donation amount to be automatically selected when donors land on the contribution form modal using the WordPress button tools, as seen here:

Please note that unlike our regular embeddable buttons that you add directly to your website’s source code with HTML, the WordPress plugin does
not support any of the customizations in the “Embed Generator” tab of the form editor. The recurring options and button amounts found there are set in the other tabs of the form editor as described above, and the button style is set using WordPress’ button tools. 

If you would like to add a refcode, you can do so in the settings of your WordPress ActBlue Buttons block:

Security for WordPress Plugins

WordPress’s mission to democratize publishing and embrace of open source has led it to be adopted by individuals and organizations of all shapes and sizes. The downside of this ubiquity, when paired with the ease of its famous five-minute install, is that it’s a frequent target of attacks and malware.

Additionally, use of the ActBlue Contributions plugin increases your responsibilities as a WordPress site operator/administrator. Your site will act as a conduit through which contributions flow. It is possible that a malicious WordPress plugin may hijack and redirect those contributions or contributor personal information to a malicious site other than ActBlue, so you must exercise increased care when configuring and operating your site.

Here are a few tips to minimize the risks associated with using the ActBlue Contributions plugin with WordPress:

Keep it secure

  • If you’re not using a fully managed service like wordpress.com, make sure you’re using a trusted WordPress hosting provider with a proven track record of security. Look for hosts that have a dedicated support team, provide SSL, manage WordPress updates, and proactively scan for vulnerabilities, misconfigurations, and attacks.
  • Use HTTPS for your entire site, especially WordPress core files (starting with wp-). ActBlue embeds won’t work on non-HTTPS URLs.
  • Protect access to the WordPress Dashboard by using strong passwords and Two-Factor Authentication (2FA)
  • Limit the number of admin users by using user roles
  • Limit login attempts to prevent account credential brute force attacks
  • Disable file editing from within the WordPress Dashboard
  • Keep a WordPress activity log and web request logs and review them regularly for unexpected events. These may be an indication that an admin is behaving maliciously, or that an attacker has gained access to an admin account.
  • Be wary of email messages requesting that you log into your WordPress account (i.e. phishing attacks) and/or upload plugins manually.
  • Protect against denial-of-service and other attacks by deploying a Web Application Firewall (WAF) such as Cloudflare in front of your site.
  • Set up routine audits of your site codebase using a malware scanning plugin such as WordFence, iThemes Security, or Sucuri Security.
  • Continuously back up up your site through your hosting provider or a plugin like VaultPress or UpdraftPlus.

Be careful when installing third-party themes or plugins

  • Only install plugins from trusted sources like the official WordPress.org plugin repository
  • Do your due diligence — does it work with the latest version of WordPress? Has it been updated in the last two years? How many people are using it and are they happy with it? All of these questions are easily answered by reviewing the WP.org plugin listing and support forum.
  • Minimize the number of installed plugins on your site.

Keep it up-to-date

  • Enable automatic updates for WordPress core and third-party plugins or themes.
  • Make sure custom theme or plugin components are tested against new WordPress releases.
  • Make sure your server OS and system packages like PHP and MySQL are up-to-date. A good managed hosting provider like Kinsta and SiteGround will handle all of this for you.

Learn More

Back to Top