Online Payments for GAA Wordpress Site

BarneyMc · 02-02-2015 10:04am #1

I manage a GAA website built in Wordpress for a club - www.clontibretoneills.com and was asked to look into automating the annual registration fee collection. It could also be useful for ad-hoc transactions during the year.

We've only about 250 members so can anyone recommend a solution for very low transactions like this? Thanks.

Johnny Jukebox · 02-02-2015 10:08am

One option would be to add an e-commerce style cart to Wordpress (like woocommerce for example).

You could then plug a merchant provider into woocommerce to take card payments (like Stripe for example) and also use PayPal. You would need a digital certificate to use Stripe.

BarneyMc · 02-02-2015 10:41am

Thanks for your swift reply Johnny. Do you know what annual costs this will involve?

Johnny Jukebox · 02-02-2015 12:34pm

BarneyMc wrote: »

Thanks for your swift reply Johnny. Do you know what annual costs this will involve?

Paypal and Stripe are transactional so you only pay on the individual transactions. See their web sites for details.

The cert costs about 300-400 dollars per year as I recall.

Wordpress/woocommerce are free and you can of course pay for support from a variety of sources.

Graham · 02-02-2015 12:45pm

Johnny Jukebox wrote: »

Paypal and Stripe are transactional so you only pay on the individual transactions. See their web sites for details.

The cert costs about 300-400 dollars per year as I recall.

Wordpress/woocommerce are free and you can of course pay for support from a variety of sources.

From the Stripe recommended SSL providers, certs start at $9/year

Johnny Jukebox · 02-02-2015 1:01pm

Graham wrote: »

From the Stripe recommended SSL providers, certs start at $9/year

True - but I used the recommendation of Stripe which is DigiCert.

Last thing I want is an SSL alert popping up a in users browser after they've decided to purchase.

BarneyMc · 02-02-2015 1:19pm

Johnny Jukebox wrote: »

True - but I used the recommendation of Stripe which is DigiCert.

Last thing I want is an SSL alert popping up a in users browser after they've decided to purchase.

Sorry for all these questions but are you saying the cheaper option mentioned a few posts back may not be very reliable? $300-400 seems a bit steep for our setup with such few transactions envisaged. Thanks.

Graham · 02-02-2015 1:26pm

Johnny Jukebox wrote: »

True - but I used the recommendation of Stripe which is DigiCert.

Last thing I want is an SSL alert popping up a in users browser after they've decided to purchase.

If you look at the other recommendation from Stripe it's $9 and I've yet to see an SSL alert from a less expensive cert. The $9 cert is a Comodo positive SSL which has about 99.3% browser acceptance rates.

Kenny Logins · 02-02-2015 1:28pm

Why not Paypal subscription?

Graham · 02-02-2015 1:32pm

Kenny Logins wrote: »

Why not Paypal subscription?

PayPal would be worth looking at in general for a low level of transactions like this. The technical overhead required to implement PayPal subscriptions may not be worth it for a small amount of transactions like this unless the OP finds a WP plugin that already supports PayPal subscriptions easily.

Johnny Jukebox · 02-02-2015 1:52pm

Graham wrote: »

If you look at the other recommendation from Stripe it's $9 and I've yet to see an SSL alert from a less expensive cert. The $9 cert is a Comodo positive SSL which has about 99.3% browser acceptance rates.

Yes, I read their advice - they say;

<quote>
You should buy an SSL/TLS certificate from a good certificate provider. We recommend DigiCert—their certificates have very wide acceptance (and in particular should work well on mobile browsers, where many other certificate providers fall short). NameCheap is another good option. Their certificates have slightly lower acceptance rates, but their basic certificates cost only $10 to $20.
</quote>

which I interpreted as a recommendation for DigiCert over and above NameCheap. There is a huge difference in the price between the 2 and I went for DigiCert on the basis that you get what you pay for.

M.T.D · 02-02-2015 1:52pm

You could just put PayPal buttons on your subscriptions page that link to your account on PayPal.
If you have different membership types (prices) use a different button for each.

If you go over €2,500 you need to verify your PayPal account (same ID as for a bank account).
The person paying does not have to have a PayPal account.
The transaction is done on Paypal so no SSL cert needed (but they look reassuring so the Comodo one will do).
You do not get the card details so less security/privacy problems.
Downside paypal take 3.5% approx but it is less hassle than taking cash

You can also offer payment by BACs straight into the club account (no fees)

We have set up several sites this way and for low number or seasonal transactions it works well.

Johnny Jukebox · 02-02-2015 1:53pm

Graham wrote: »

PayPal would be worth looking at in general for a low level of transactions like this. The technical overhead required to implement PayPal subscriptions may not be worth it for a small amount of transactions like this unless the OP finds a WP plugin that already supports PayPal subscriptions easily.

woocommerce supports PayPal out of the box but you need to set yourself up as a seller on PayPal (not so hard) and then configure API keys back into woocommerce.

You will need a bank account to receive funds from PayPal sales.

Kenny Logins · 02-02-2015 2:06pm

Graham wrote: »

PayPal would be worth looking at in general for a low level of transactions like this. The technical overhead required to implement PayPal subscriptions may not be worth it for a small amount of transactions like this unless the OP finds a WP plugin that already supports PayPal subscriptions easily.

Paypal has this setup already, all you need to do is set your details and paste a few lines of code. I can't think of any easier way of doing this..

BarneyMc · 02-02-2015 2:30pm

Thanks all for your help with this.

So the best solution for this low level transaction model is to setup a Paypal account and simply link to this via a hyperlink on my page?

Graham · 02-02-2015 2:37pm

Kenny Logins wrote: »

Paypal has this setup already, all you need to do is set your details and paste a few lines of code. I can't think of any easier way of doing this..

Cool, can't say it's something I've looked into much. Never been a fan of auto re-belling from a consumer side.

Kenny Logins · 02-02-2015 2:57pm

Graham wrote: »

Cool, can't say it's something I've looked into much. Never been a fan of auto re-belling from a consumer side.

No. Can't say I'm completely happy with receiving notification emails after Paypal has paid a subscription.

Talisman · 02-02-2015 3:33pm

SSL certs will soon be free. Let's Encrypt is a new certificate authority that's due to launch in the summer.

Be wary of cheap certs from current providers - a lot of them are generated with SHA1 which will be obsolete in the next year or so. Google announced last September that Chrome will warn users about SHA1 certificates which are valid until 2016 and beyond.

SHA1 Deprecation: What You Need to Know

Graham · 02-02-2015 3:42pm

We could be in danger of terrifying the OP into reverting back to the chequebook if we're not careful.

RainyDay · 02-02-2015 3:46pm

Teamer.net have some kind of payment option - haven't looked at it myself, but it could be easier and more secure than building your own.

Talisman · 02-02-2015 4:18pm

Graham wrote: »

We could be in danger of terrifying the OP into reverting back to the chequebook if we're not careful.

The truth is SSL is not 100% secure and the advances in processor speeds have meant that theoretical vulnerabilities have become the basis for real world exploits with increasing frequency in recent times. SSL is only as strong as it's weakest link and the recent exploits have attacked the HTTP stack.

HTTP 1.1 has been with us since 1996 and was last updated in 1999 which is scary. The working group responsible for maintaining and updating the spec did nothing for years and the BREACH exploit reported in 2013 seemed like the kick up the ass they needed. Since then they issued six RFC documents for the protocol but under the right conditions SSL is still very much exploitable today.

Kenny Logins · 02-02-2015 4:19pm

No need for an SSL cert.

Chief87 · 02-02-2015 4:26pm

The $9 cert is fine I use it on my site. It has the standard encryption.

You can also use a realex plugin if you have a merchant account or wanted to go that route.

If you decide to use paypal only then you won't need a cert at all.

Talisman · 02-02-2015 4:27pm

Johnny Jukebox wrote: »

which I interpreted as a recommendation for DigiCert over and above NameCheap. There is a huge difference in the price between the 2 and I went for DigiCert on the basis that you get what you pay for.

Namecheap are just a reseller and offer equivalent certs (Comodo, GeoTrust etc.) at a cheaper price.

You pay a premium price for DigiCert because they offer "$1,000,000 cover". People buy for this reason and don't look at the fine print which says it's $1,000 per incident, so in effect the level of cover is the same as other cert providers. You don't always get/need what you pay for.

Most reputable providers have 99.9% browser support. Using cheap certs from the likes of GoDaddy is where you encounter problems.

Graham · 02-02-2015 5:05pm

Talisman wrote: »

The truth is SSL is not 100% secure and the advances in processor speeds have meant that theoretical vulnerabilities have become the basis for real world exploits with increasing frequency in recent times. SSL is only as strong as it's weakest link and the recent exploits have attacked the HTTP stack.

HTTP 1.1 has been with us since 1996 and was last updated in 1999 which is scary. The working group responsible for maintaining and updating the spec did nothing for years and the BREACH exploit reported in 2013 seemed like the kick up the ass they needed. Since then they issued six RFC documents for the protocol but under the right conditions SSL is still very much exploitable today.

OP is looking to collect a few quid from his fellow GAA members, he's not opening a bank. Technically you are absolutely correct, practically it's just not relevant to the OP.

BarneyMc · 02-02-2015 5:44pm

Hope I haven't started a Techie war here!

Anyway can we agree that my best bet is to simply open a PayPal account and link out to that?

Talisman · 02-02-2015 6:03pm

BarneyMc wrote: »

Hope I haven't started a Techie war here!

Anyway can we agree that my best bet is to simply open a PayPal account and link out to that?

Provided all the client information is handled on the PayPal side then you'll be okay. If the process uses PayPal callbacks to notify your site when a new order has been completed then this will need to use SSL.

BarneyMc · 02-02-2015 6:15pm

Talisman wrote: »

Provided all the client information is handled on the PayPal side then you'll be okay. If the process uses PayPal callbacks to notify your site when a new order has been completed then this will need to use SSL.

Can this notification be turned off so I'll not need SSL?

Kenny Logins · 02-02-2015 7:34pm

BarneyMc wrote: »

Hope I haven't started a Techie war here!

Anyway can we agree that my best bet is to simply open a PayPal account and link out to that?

Yep.

Graham · 02-02-2015 7:35pm

BarneyMc wrote: »

Anyway can we agree that my best bet is to simply open a PayPal account and link out to that?

Yep 2

BarneyMc · 02-02-2015 8:08pm

Thanks all, really appreciate it! :pac:

Online Payments for GAA Wordpress Site

Comments