Online Payments and Donations in WordPress

We work with a lot of non-profits and one of the things we are asked most often is how to set up online donations. Here are some of the questions we get asked, along with our completely biased opinions.

online payments using wordpress

Can I use my existing merchant account on my website?

Possibly, but we don’t recommend that. Your merchant card services provider can probably offer you an online solution, but there will be extra fees. And only go down this path if you like PCI Compliance. If you don’t know what PCI Compliance is, then trust us, you won’t like it. It’s easier to choose a solution like Stripe or PayPal which handles all PCI Compliance for you.

PayPal vs. Stripe?

Hands down, Stripe.

The big distinctions…

Both charge 30 cents + 2.9% per transaction (PayPal offers non-profits a 2.2% rate)

PayPal Standard: no monthly fee, but you cannot run transactions on your website. Your customers must jump out to PayPal to pay.

PayPal Pro: $30/month to be able to run transactions on your website. You need an SSL certificate.

Stripe: no monthly fee. Essentially the same as PayPal Pro but without the monthly fee. You need an SSL certificate.

Stripe and PayPal Pro are similar products, except PayPal Pro costs $30/month, where Stripe is free.

I don’t have an SSL certificate

SSL certificates cost $99/year and take a web designer about an hour to set up. Lately, most hosts will give you a free SSL certificate with your account. With an SSL certificate, you can process payments and donations directly on your website. Even if you don’t process transactions on your website, you still should have an SSL certificate. Here’s why.

But PayPal gives us a non-profit rate.

Yes, that’s very clever of them. You use their solution (which makes them money), and they save you 70 cents on a $100 donation. Most non-profits argue that PayPal is better because it’s cheaper. I disagree for a thousand reason. Yes, PayPal offers non-profits a 2.2% per transaction rate vs. 2.9% for regular businesses.

And charges you a monthly fee to run transactions on your site

In order to run donations on your website, you’ll have to upgrade to PayPal Pro, which is $30/month. Stripe has no monthly fee and offers the same solution.

And costs you donations if you don’t upgrade to their Pro solution

Don’t make your customers work to give you money. More donations equal more money. More on this below.

And costs you development time

You pay your web designer an hourly rate, right? Stripe is just faster and easier to work with.

And causes you frustration

Stripe’s dashboard is intuitive and easy to use. I can’t say the same about PayPal’s.

NOTE: since publishing this post, a client of ours emailed Stripe and asked if they offer a non-profit rate, and here was their response

Thanks for reaching out about this, and for your interest in Stripe!

I’m pleased to report that Stripe very proudly supports non-profit organizations, and am happy to explore these options with you. We’re currently testing how we can best support US non-profits, and we’d love to offer you our new beta pricing model:

– 2.2% + $.30 for non-American Express transactions
– 3.5% for all American Express transactions

But PayPal is easier to set up

PayPal gives you the option to paste a “Buy Now” button on any pages. That’s easy, but it’s not pretty and it doesn’t make me want to click it.

Isn’t Stripe just for developers?

No. My teenage daughter is a photographer and manages all her online website payments through Stripe. She can build forms, connect them to Stripe, issue refunds, set up recurring payments, etc. Yes, she’s young and grew up with technology, but she doesn’t listen to a word I say, and she’s managed to work out Stripe, with very little help from me. Plus, she hates math and programming of any kind and hasn’t needed any of those skills to work it out.

How do I connect Stripe to my website?

The GravityForms plugin is your friend. We have a developers license so our clients use it for free. But, even if you had to pay $59/year for it, it’s completely worth it.  This is what we use on our website to take online payments.

Stay tuned for our next blog post, along with a video tutorial, on how to set up GravityForms & Stripe.

Why does it matter if someone has to leave my site to donate?

Do not make your donors or customers leave your site to give you money… ever!

When you ask someone to click out to pay, there is a chance they won’t complete the transaction. They might get distracted. They were about to give you money, but now they just clicked out to PayPal’s payment portal, and can’t remember if they even have a PayPal account, which they don’t need, but aren’t sure about that either. And, they’re bored with this already, and no longer interested in figuring this out, and they’re also no longer on your website. They were about to donate $100, and since you have a PayPal non-profit rate, that would’ve cost you 30 cents + 2.2% (or $2.20). That same donation would’ve cost you 30 cents + 2.9% ($2.90) with Stripe. In trying to save 70 cents, you just lost your donor.

You work really hard to get people to your site, so keep them there.

We work with Blackbaud and want to use their donation form

I get that, and in that case, you probably should use their donation form instead. It’s not elegant, and it’s not fun to use, and Blackbaud charges non-profits an un-Godly amount of money for their, in my opinion, not very special solution. If you haven’t signed up with Blackbaud yet, please don’t. I can’t see how it’s worth that much money.

Is there any scenario in which you would recommend PayPal?

Yes. If you are already heavily invested in your PayPal account, are already paying $30/month for PayPal Pro, and you do a lot of volume, it’s a perfectly fine solution. It integrates seamlessly with GravityForms and is a much more robust solution than their free account.

In Conclusion

In my completely biased opinion, Stripe and GravityForms offer the cheapest, easiest, most flexible, and elegant solution you could possibly use.

Email Marketing Checklist

By Cindy Zuelsdorf, Kokoro Marketing

Does it take you a whole morning to write one marketing email? Use this checklist and write your next email in under 10 minutes.

Most of us write emails every day. But it can take way too long! And, it can be hard to know what the most important part of the email is, if there are words that should be avoided, and what to put in the first line… Read on to find out how to write a great email in just minutes.

1. What

There are three W’s I like to think of when working on a really great email. The first is what. What is the purpose of this email? Take 60 seconds and decide what do you want your customer to do after they read your email? What do we want them to do after this? There’s really going to be a call to action, something that you would like them to do Here are a few examples you can use:  read more on my website, call to make an appointment, watch this video, click to download the brochure…

Download the Complete Email Checklist here for free. (Bonus video included.)


The second W is “What’s in it for me?” When someone sees your email, they’re going to think, “Hey. What’s in it for me? Why should I read this?” My tip to you is to actually choose a particular person and write to them. Think of Chris at a particular business. Literally, write the email to just one person. The very first line of your email needs to be interesting to your reader. Then of course, we want to write in the first person. Write how you would talk to the person. Make it like a conversation. As you look at your email, ask yourself, is this email giving something to the reader or am I taking? We want to give.

 3. Wording

The third and final W is wording. A thing I like to do with wording is count the number of you and your versus I, we, and us. This sounds too easy, maybe too simple but it’s really powerful. If you only do one thing differently, this might be the one to choose. Doing this will completely change the tone of your emails, which in turn will change how it feels to the reader and make your communication really effective.

Next, with wording, it’s nice to personalize. Go ahead and put hello and then the person’s first name. I heard recently that most people, a lot of people scroll to the bottom of the email to see who it’s from. Be sure to include a from signature. There are three learning styles to consider in your email copy, visual, auditory, and kinesthetic. While we usually have all three, one is generally dominant for a particular person. Include words for visual, auditory, and kinesthetic in your email. You might already be familiar with this through neurolinguistic programming, and this idea of NLP.

For example, you could communicate an idea in three ways. You might say, “How does this look to you?” where look is the visual word. You might say, “How does that sound to you?” Where sound is the auditory word or you might say, “Does this seem like a fit to you?” where fit is that kinesthetic word. The idea is to use a mix of words in order to appeal to all of your readers.

Now, for the subject line, the most important part of your email. I love this quote from David Ogilvy, “Five times as many people read the headline as read the body copy.” When you’ve written your headline, you’ve spent 80 cents out of your dollar. His wisdom applies to our quest for the perfect email subject line

Now, how did all that of that sound to you? If you use even one of these best practices for your next email, you’ll see a change in your business. Let me know how it works for you and if you have any questions.

Download your free email checklist here. (Bonus video included.)

Google Sends Strong Message About HTTPS in Upcoming Google Chrome Release

At the end of the month, Google will release a new version of the Chrome web browser. In this release there will be a critical change in the way it displays sites that are not using HTTPS, or SSL. We were notified of this through WordFence, the security plugin we use on all our websites. There’s a good article about this on their blog.

What is HTTPS?

The ‘S’ at the end of HTTPS stands for ‘Secure’, meaning that communications between your browser and the website are encrypted. Browsers will display a lock icon in the address bar to show that HTTPS is in effect.

What does this mean for your site visitors?

If you are not using HTTPS on your website, this new release is going to be confusing for your site visitors on Chrome. Your website will have a message in the url bar that says “Not Secure” on pages that collect credit cards or login information.

Do you need to upgrade to HTTPS?

If your site doesn’t take credit card payments, and doesn’t give your customers the ability to login, this won’t affect you right away. However, you should still consider upgrading to HTTPS, because it is quickly becoming the new standard.

Google has been moving this direction since 2014 when they started giving a small rankings boost to sites with HTTPS. As of now, this is only a minor boost, but experts predict Google will strengthen this signal to encourage all sites to go HTTPS. The most recent Chrome update is a strong indicator of this.

If your site is not currently using HTTPS, most hosts offer SSL certificates. It’s generally an extra $100/year to add an SSL certificate to your hosting package.

This update needs to be coordinated with your web designer, because there are number of changes that need to be made to your WordPress site. Google has a good article about steps you need to take to implement SSL on your site.

Google Announces Crack Down on Intrusive Mobile Pop-Ups

Last week Google announced a crack down on intrusive mobile pop-ups starting in January.

I heard about this through the HubSpot Marketing blog in this article about Google’s algorithm change.

They wrote “pages with mobile pop-ups — or what Google is calling “interstitials” — probably won’t be ranking as highly when these algorithmic changes take effect on January 10, 2017.”

What do this mean to you? We have a number of clients using Sumo Me’s List Builder, and we use it on our website (see example).

sumo me pop up

If you use this plugin you will want to login to Sumo Me, and in the List Builder settings go to Display Rules, and make sure there is a rule for “Don’t Show on Mobile Devices” (see below).

sumo me mobile devices

On our website, I am thinking of switching to Sumo Me’s Smart Bar or Scroll Box instead (see below).

sumo me grown your list

Google’s main reason for the algorithm change is user experience, and let’s face it, pop ups that cover the page content are annoying. They are good tools for growing your list, but I think it’s time to switch to less obtrusive methods.

Lessons Learned about Liquids, MacBooks, and Backups

On Friday I took the train to the Bay Area with my daughter, and my metal water bottle in my backup leaked and one edge of my MacBook Pro got a little wet… and it’s now at the Apple Repair Center being repaired.  Don’t worry about your files, I had a current back up of everything!

Here are some of the lessons I learned about liquid spills in a MacBook:

  • Never let your laptop come within a few feet of liquid of any kind. I am going to order a water proof sleeve for my laptop to use when I am traveling. While I used to sit on the couch and drink tea and work on my laptop, I will never do that again… ever.
  • The fastest and easiest way to make an Apple Genius Bar appointment is by using the Apple Store App. You can see openings at multiple stores in case you are willing to drive anywhere.
  • Apple will ship your laptop to your house after repairing it, free of charge. Just ask.
  • The cost to repair a liquid spill is a flat fee price based on the model of your laptop. So a drop of liquid costs the same as an entire drink.
  • The flat fee for my MacBook Pro Retina was $755.
  • Apple Care does not cover liquid spills. They are considered an out-of-warranty repair.
  • Your credit card company may offer extended warranties for anything purchased using their card. Thank you Chase Ink Plus for covering my entire out-of-warranty incident.
  • Time machine and backups are essential, and not backing up is like having sex without birth control… great if you are prepared for a child, but know there are natural consequences.

If you are interested here is our MacBook backup system:

  • We run daily backups to time machine using a usb drive. There are days I don’t back up, but never more than a week.
  • Then once a month we back up each computer to a different drive using Carbon Copy Cloner. This is a nice insurance policy if you don’t trust time machine. Plus, it is a different type of backup, and drives can fail, so think of it as double insurance.
  • We store our monthly back up drives outside of our house. That way if our house burns down, or our laptops or drives are stolen, we haven’t lost more than 30 days of files.
  • When we travel with our laptops, we bring our usb drives, and run a current back up on our offsite drives before we go. While on the road, we separate laptops and backups so they are always in different suitcases.
  • We upload all our favorite photos to our Amazon Cloud Drive. You can upload UNLIMITED photos for free if you have Amazon prime account. That alone is worth the fee!
  • I pay $9.99 a month for Adobe Photoshop and Lightroom in the cloud, and use Lightroom to organize all my photos.
  • Then, I connect Lightroom to Amazon photo storage so I can automatically upload my photos. This gives me an in-the-cloud, and third, backup of all my photos.

Prevent Brute Force Attacks on Your Website

We’ve recently seen quite a few failed brute force attacks on clients’ websites. What that means is that a computer somewhere (seems like mostly Russia) will try to login repeatedly using different passwords until it gets in or is denied by security software.

You should check your site to see if you have a security plugin installed to protect against this. In the site admin section look under Plugins > Installed Plugins. If you see the plugin Bullet Proof Security listed then you should be fine.

If you don’t have it installed contact us and we can do it for you, or if you’d rather give it a try yourself you can get it here (it’s free).

Update Gravity Forms to Keep Your Site Secure

Recently we’ve been asked to assist with a few sites that have been hacked. If you use the Gravity Forms plugin to handle your site’s forms (like a contact form) please make sure to update to the most current version. It turns out that there was a vulnerability with older versions of the plugin that gave hackers a way into the site.

To update Gravity Forms (or all of your plugins) click Plugins in the left hand navigation in the site admin area. Plugins in need of an update will be highlighted in orange (unless your version of WordPress is also in need of an update). From there all you need to do is click the Update link.

While you’re at it, it’s probably a good idea to update WordPress too.

The Best Times to Post on Social Media

I just viewed a great slideshare created by TrackMaven on the best times to post on social media.

My favorite takeaway from the slideshare was the best time to schedule blog posts, which can be summed up with “when everyone else isn’t posting them,” or weekends, early in the morning, and late at night.

This makes sense to me because during the work day I get so many blog post notifications in my email that I often save them to read later (and often never get to them). But then there’s the single post that shows up outside of the work hours that I often read on the spot.

Here’s the summary of what they learned about their own blog posts.

They discovered that their blog posts were more effective on Weekends.  The 13% of posts published on weekends rake in the most social shares. Blogs posted on Saturdays have the greatest share of social interactions (18%). TrackMaven Posts are most effective at night from 9PM-midnight EST. Blogs posted between 10-11PM see the most interactions. Secondary Peaks: 4-6AM, 7-8PM, and 1-2AM.

View slideshare here, or go to

You Can Never Have Too Many Backups!

As the title says… you can never have to many backups. Most of the WordPress sites we do are hosted with Bluehost and they do routine backups of their servers, but they also don’t make any guarantees:

“For its own operational efficiencies and purposes, Bluehost from time to time backs up data on its servers, but is under no obligation or duty to Subscriber to do so under these Terms. IT IS SOLELY SUBSCRIBER’S DUTY AND RESPONSIBILITY TO BACKUP SUBSCRIBER’S FILES AND DATA ON BLUEHOST SERVERS, AND under no circumstance will Bluehost be liable to anyone…”

Ultimately, as a website owner, you should know how to backup your own website. So if you want to be sure to have a backup when you need one you should log into your site’s control panel and download a backup. The instructions that follow are for Bluehost but they should be very similar for most other hosts.

Go to click on the blue “Control Panel Login” button in the top right corner. After entering your username and password, or domain name and password, you’ll be in the Control Panel.

About half-way down under the heading “Files” is an icon and a link to “Site Backup and Restore”.

Now you’ll see a number of backup choices, some of which are “Pro Only”, for an annual fee you gain a little more flexibility, but if you just want to backup everything it’s not necessary. Click on “Full cPanel Backup”

Next you’ll see a couple different versions of your site, daily, weekly or monthly. Most likely you’ll want the most recent, so click Daily.

Next you’ll be asked to select a “Archive Type”, .tar or .zip, either will work. Click “Start Archiving”, after it’s done you’ll get a link to download the file.

Depending on the size of your site and your connection speed downloading the file could take a little while.

That’s it, now you just have to remember to do it, regularly.

How To Use The New Facebook Timeline For Brand Pages

This is a great article in which will tell you everything you need to know about updating your business facebook page with the new facebook timeline.

I just updated our Winter Street Design Group facebook page… not everything on the list, but a few quick changes, and published it.

Even if you don’t have time to give it your full attention, at least preview it sometime in the next 30 days so you aren’t surprised later!