Wordpress Plugin

The Wordpress plugin requires API access to your Supporting Cast account. You can get an API token automatically by following these instructions.

• You must be logged into your Supporting Cast Admin before you start.
• Go to the Supporting Cast settings page inside of your Wordpress admin
• Click the "Generate new API token" Button
• Enter your Supporting Cast URL when prompted.
• If you are logged in, you will see the following message. Press "Authorize" to get an API Token.
• You should see the following success message when you are finished.

The Wordpress plugin allows your customers to signup and pay through the Supporting Cast API gateway.

Credit Card & Android Pay

In order to accept payments, Stripe must be configured in your Supporting Cast Admin. Once you connect your Stripe account, payments will automatically be enabled in Wordpress.

Apple Pay

In order to accept Apple Pay, You will need to add your Wordpress domain in the Stripe Apple Pay settings. The required authentication file is automatically handled by the Wordpress plugin for you.

Please note that Apple Pay is only available on secure (https://) websites. If the button is still not visible after verifying your domain with Stripe, make sure your website has SSL enabled.

Force SSL

Credit card payments should only be accepted via secure connection. By default, the 'Only certain shortcodes' option is selected to ensure your customers' payment information remains secure.

We recommend switching to one of the 'All Pages' options once you are sure SSL is working correctly on your site.

This option does not enable SSL on your server. You are responsible for ensuring SSL is configured correctly and a valid SSL certification for your domain is installed. Enabling 'Force SSL on all pages' before properly configuring your server will make your site inaccessible.

Hyper Strict Transport Security (HSTS)

If you are currently viewing the site via SSL, you will also be given the option to enable Hyper Strict Transport Security (HSTS Overview). HSTS tells the web browser to ONLY use secure connections when communicating with your server.

After testing HTST with a low value (1 minute, then 1 hour) to ensure everything is working correctly, you can increase it to 1 or 2 years and then apply to have it added to the HSTS Preload List. Always start with a low value and test for several weeks before increasing. Browsers will not allow non-SSL connections again until after your HSTS settings is removed and the specified amount of time has passed.

By default, Wordpress shows a bar at the top of your site whenever a user is logged in. You can disable this bar in the Supporting Cast settings.