This plugin makes it possible to display your ActBlue Embed forms on your WordPress site by dropping a contribution form link in any WordPress editor.
- Adds an ActBlue Form editor block, which can accept contributions from your own site.
- Adds an ActBlue Buttons editor block, which creates a button that will open a form in a modal.
- Registers a custom oEmbed provider for ActBlue embed forms
- Adds the
actblue.jsscript tag to all of your pages to power analytics and conversion features
This plugin was designed and built in collaboration with Upstatement.
ActBlue is a nonprofit organization dedicated to empowering small-dollar donors. Its online fundraising platform makes it easy for grassroots supporters to make their voices heard and helps thousands of Democratic campaigns, progressive organizations, and nonprofits build people-powered movements.
WordPress’s mission to democratize publishing and embrace of open source has led it to be adopted by individuals and organizations of all shapes and sizes. The downside of this ubiquity, when paired with the ease of its famous five-minute install, is that it’s a frequent target of attacks and malware.
Additionally, use of the ActBlue Contributions plugin increases your responsibilities as a WordPress site operator/administrator. Your site will act as a conduit through which contributions flow. It is possible that a malicious WordPress plugin may hijack and redirect those contributions or contributor personal information to a malicious site other than ActBlue, so you must exercise increased care when configuring and operating your site.
Here are a few tips to minimize the risks associated with using the ActBlue Contributions plugin with WordPress:
Keep it secure
- If you’re not using a fully managed service like wordpress.com, make sure you’re using a trusted WordPress hosting provider with a proven track record of security. Look for hosts that have a dedicated support team, provide SSL, manage WordPress updates, and proactively scan for vulnerabilities, misconfigurations, and attacks.
- Use HTTPS URLs for your entire site, especially WordPress core files (starting with
wp-). ActBlue embeds won’t work on non-HTTPS URLs.
- Protect access to the WordPress Dashboard by using strong passwords and Two-Factor Authentication (2FA)
- Limit the number of admin users by using user roles
- Limit login attempts to prevent account credential brute force attacks
- Disable file editing from within the WordPress Dashboard
- Keep a WordPress activity log and web request logs and review them regularly for unexpected events. These may be an indication that an admin is behaving maliciously, or that an attacker has gained access to an admin account.
- Be wary of email messages requesting that you log into your WordPress account (i.e. phishing attacks) and/or upload plugins manually
- Protect against denial-of-service and other attacks by putting up a Web Application Firewall (WAF) such as Cloudflare in front of your site.
- Set up routine audits of your site codebase using a malware scanning plugin such as WordFence, iThemes Security, or Sucuri Security.
- Continuously back up up your site through your hosting provider or a plugin like VaultPress or UpdraftPlus.
Be careful when installing third-party themes or plugins
- Only install plugins from trusted sources like the official WordPress.org plugin repository.
- Do your due diligence — does it work with the latest version of WordPress? Has it been updated in the last two years? How many people are using it and are they happy with it? All of these questions are easily answered by reviewing the WP.org plugin listing and support forum.
- Minimize the number of installed plugins on your site.
Keep it up-to-date
- Enable automatic updates for WordPress core and third-party plugins or themes.
- Make sure custom theme or plugin components are tested against new WordPress releases.
- Make sure your server OS and system packages like PHP and MySQL are up-to-date. A good managed hosting provider like Kinsta and SiteGround will handle all of this for you.
- Upload the
actbluedirectory to the
- Activate the plugin through the ‘Plugins’ menu in WordPress.
How do I create an embeddable contribution form?
Embeddable contribution forms are currently available to admins of 501(c)(3) and 501(c)(4) nonprofit organizations.
How do I customize the behavior of my contribution form?
You can customize the behavior of your form through the ActBlue platform.
You can learn more about available customization options in the embed support guide.
How do I get help?
If you’re having issues with the plugin, please log in with your WP.org account and open a ticket in the plugin support forum.
- Tested up to WordPress 6.0
- Updates dependencies
- Tested up to WordPress 5.8.1
- Provide data-ab-source attribute to actblue.js script tag
- Compatibility with WordPress 5.7
- ActBlue buttons can pre-select an amount in the form modal that opens
- ActBlue buttons changes style on click, to demonstrate that a form modal is loading
- Adds refcode support for buttons and embeddable forms
- Reports plugin version to ActBlue on embed
- Updates readme with current features.
- Adds a custom Gutenberg block for ActBlue contribution buttons.
- Adds a custom Gutenberg block for ActBlue contribution form embeds.
- Adds the ActBlue script to public-facing pages.
- Adds the ActBlue oEmbed endpoint to the list of allowed providers.