As part of my preparation for a webinar on RSVPMaker, I have been working on satisfying some longstanding requests from users of the plugin to simplify the PayPal setup and the setup of the RSVP form itself. These improvements are in version 3.7, just released.
Just the other week, I heard from a wedding planner who wanted to prompt users for a meal choice for themselves and any guests — and including those choices for guests was not something RSVPMaker handled well until now.
Another bit of motivation is related to my WordPress for Toastmasters project, which is based on extensions to RSVPMaker. It used to be that enabling PayPal support required manually editing and uploading a configuration file. But now I’m hosting sites on behalf of Toastmasters clubs in a WordPress multisite setup where it wouldn’t be practical for those who want to add PayPal support FTP access. So I’ve provided a little PayPal Setup wizard on the RSVPMaker settings screen to streamline the process.
Note on Security
The reason I didn’t simplify PayPal setup before now is justified paranoia: I didn’t want to be responsible for someone getting unauthorized access to your PayPal account. I still don’t. This is why I don’t store your PayPal credentials in the WordPress database. From time to time, WordPress has been known to be hacked.
While nothing is completely secure, the file system is a little more secure than the database — if an attacker has FTP access to your site, you’re already in big trouble. The PHP file containing your user credentials is set up to prevent someone from browsing to it and viewing the contents. By giving it a random filename, rather than calling it “paypal_constants.php,” I also make it less likely that an attacker will find it in the first place.
If you do have FTP access to your site, one thing you may want to do for extra security is move the file to a location outside of web root. For example, instead of storing it in /home/rsvpmaker/public-html/wp-content/uploads/2016/02/stringofjibberish.php I might put it above the public-html directory in /home/rsvpmaker/.
If you prefer to create the configuration file manually, a sample is available here: