This plugin makes it possible to display your ActBlue Embed forms on your WordPress site by dropping a contribution form link in any WordPress editor.
- Adds an ActBlue Form editor block, which can accept contributions from your own site.
- Adds an ActBlue Buttons editor block, which creates a button that will open a form in a modal.
- Registers a custom oEmbed provider for ActBlue embed forms
- Adds the
actblue.jsscript tag to all of your pages to power analytics and conversion features
This plugin was designed and built in collaboration with Upstatement.
ActBlue is a nonprofit organization dedicated to empowering small-dollar donors. Its online fundraising platform makes it easy for grassroots supporters to make their voices heard and helps thousands of Democratic campaigns, progressive organizations, and nonprofits build people-powered movements.
WordPresss mission to democratize publishing and embrace of open source has led it to be adopted by individuals and organizations of all shapes and sizes. The downside of this ubiquity, when paired with the ease of its famous five-minute install, is that its a frequent target of attacks and malware.
Additionally, use of the ActBlue Contributions plugin increases your responsibilities as a WordPress site operator/administrator. Your site will act as a conduit through which contributions flow. It is possible that a malicious WordPress plugin may hijack and redirect those contributions or contributor personal information to a malicious site other than ActBlue, so you must exercise increased care when configuring and operating your site.
Here are a few tips to minimize the risks associated with using the ActBlue Contributions plugin with WordPress:
Keep it secure
- If youre not using a fully managed service like wordpress.com, make sure youre using a trusted WordPress hosting provider with a proven track record of security. Look for hosts that have a dedicated support team, provide SSL, manage WordPress updates, and proactively scan for vulnerabilities, misconfigurations, and attacks.
- Use HTTPS URLs for your entire site, especially WordPress core files (starting with
wp-). ActBlue embeds wont work on non-HTTPS URLs.
- Protect access to the WordPress Dashboard by using strong passwords and Two-Factor Authentication (2FA)
- Limit the number of admin users by using user roles
- Limit login attempts to prevent account credential brute force attacks
- Disable file editing from within the WordPress Dashboard
- Keep a WordPress activity log and web request logs and review them regularly for unexpected events. These may be an indication that an admin is behaving maliciously, or that an attacker has gained access to an admin account.
- Be wary of email messages requesting that you log into your WordPress account (i.e. phishing attacks) and/or upload plugins manually
- Protect against denial-of-service and other attacks by putting up a Web Application Firewall (WAF) such as Cloudflare in front of your site.
- Set up routine audits of your site codebase using a malware scanning plugin such as WordFence, iThemes Security, or Sucuri Security.
- Continuously back up up your site through your hosting provider or a plugin like VaultPress or UpdraftPlus.
Be careful when installing third-party themes or plugins
- Only install plugins from trusted sources like the official WordPress.org plugin repository.
- Do your due diligence does it work with the latest version of WordPress? Has it been updated in the last two years? How many people are using it and are they happy with it? All of these questions are easily answered by reviewing the WP.org plugin listing and support forum.
- Minimize the number of installed plugins on your site.
Keep it up-to-date
- Enable automatic updates for WordPress core and third-party plugins or themes.
- Make sure custom theme or plugin components are tested against new WordPress releases.
- Make sure your server OS and system packages like PHP and MySQL are up-to-date. A good managed hosting provider like Kinsta and SiteGround will handle all of this for you.