How to Respond to a Chargeback or Dispute

This post covers some methods to deal with chargebacks – when a member disputes their charge for membership.

In some cases, a chargeback is actually fraud, whether it is a stolen credit card or PayPal account login. What I’d like to talk about now is a misuse of chargebacks: when a member is grumpy or lying about payment fraud just to get their money back.

What are chargebacks and disputes?

A chargeback or payment dispute is when a customer denies the payment.

Even if you offer a refund policy, there will be some number of customers that decide to simply call their bank and initiate a dispute. This could be because of (actual) fraud, dissatisfaction with their purchase, or they are just a despicable person who got their goods and don’t want to pay for it.

Your merchant account or payment gateway will let you know that someone is disputing a payment. You will then have a window of time to respond to the dispute and “make your case” for why the chargeback is not valid. If the chargeback is not ruled in your favor, the value of the disputed transaction as well as a merchant or gateway-imposed “fee” will be deducted from your account. See Chargeback Fees by Gateway »

First, locate the user’s membership account and disputed order.

My first step when dealing with a chargeback is to locate the user’s membership information and get some background.

  1. Go to Memberships > Orders in the WordPress admin.
  2. Search for the disputed order using the gateway’s “transaction ID”, or the “Invoice ID” on the order.
  3. If you don’t have a transaction ID, you can try searching for the user by Name or Email Address (the data you get about a dispute varies by gateway).
  4. Open the user’s profile in a new tab.
  5. Open the disputed order in the current tab.

Now, be an investigator.

In most cases, a membership site is a “virtual product”. This makes disputing a chargeback a bit more difficult—how do you prove you delivered what they have purchased?

  • Search your email program to see if the user had communicated anything with you directly, either prior to purchase or after.
  • If your membership site has any engagement methods, such as a forum or comment forms, see if the user has participated in these things.
  • Do you have an email newsletter? If so, access the user’s record in the email marketing tool you use to see if they have opened your messages.

    That’s a pretty high engagement rate for someone who “hasn’t received” my product.
  • You can also use the Visits, Views and Logins Report under Memberships > Reports to present activity for the individual user. Have they been logged in and using your site?
  • Better yet, if you are using the Better Login, View, Visits Report, you will have even more data about the user’s activity on your site.

    Wow, sure looks like you have been using your membership?!

Was it actual fraud?

If your investigating makes you 99% sure it was a stolen payment method used for purchase, just accept the dispute. It stinks. You’ll pay a fee. But it was actually fraud, and you don’t really have any recourse for this case.

You can prevent some fraudulent charges using the methods outlined in this post.

It isn’t fraud – I want to fight this dispute!

If your investigating leads you to believe this person just wants their money back, you should respond to the dispute and make a case for why it isn’t a fraudulent purchase.

Before I begin the process of fighting a dispute, I always email the member directly. I’ll ask them to withdraw the dispute and communicate that I will refund their money [how-to].

This never works. Most often I get no reply. But occasionally, I’ll get a weird reply like “I just didn’t have enough money so I said this was fraud.” Luckily, you can use this in fighting your dispute, so even if they don’t withdraw their dispute, you’ve gotten some more ammunition to win your case.

Responding to a Dispute

The method to respond to a dispute varies by gateway, but in general you will be asked to write a statement and provide supporting documents about the purchase. In the case of a physical good, they will ask for proof of shipment (and you may even have proof of delivery depending on the shipment method).

For all other purchases (digital goods, downloads, access, subscriptions, etc.), proving that the charge was not fraudulent is a little more involved.

First, write a statement that clearly describes the situation:

This user purchased a membership that includes access to a private forum. The user participated in several discussions as well as personal email communication with me. Please refer to the included documents with proof of these interactions.

Additionally, I am including files that show all details this user entered when creating their membership. Their name and email address as communicated to me matches that on the dispute and the payment method used.

Then, take screenshots and create PDFs of EVERYTHING

The supporting documents I generally include are:

  • A PDF “print” of the user record in the WordPress dashboard.
  • A copy of the membership confirmation email I receive as admin when they made purchase.
  • Copies of any direct communication they made with me.
  • Copies of any proof of participation on my site (comments, forum replies, contact form submissions, etc.)
  • A copy of the email marketing service’s details about their email opens.
  • A copy of your refund policy, if offered, that would show they had another method to get their money back.

Now you wait.

After submitting your evidence, the payment gateway or merchant will communicate with the user’s bank to make your case. This can take anywhere from a week to two months.

I hope the dispute is sided in your favor!

In most cases, the seller will lose the dispute.

The person filing the dispute has far more protections in place than you. And in most cases they are being defended by a credit card company fully motivated to make them happy. Even when your payment gateway does their part in presenting your evidence, more often then not the seller will lose the dispute, pay the fee, and have the funds returned to the buyer.

There is some comfort in knowing that you did your best to provide honest information about the charge and to defend yourself from this type of abuse. I’m sorry you didn’t win.

What’s next?

When you lose a dispute, make sure you remove the membership level for the user. And if you are feeling particularly upset about it, you can use one of these methods to block users from logging in, selecting or changing membership.

You can even write them a really nasty email. Just don’t send it. Just go read Jason’s post on dealing with hate.

Dealing with Haters and the Stress They Cause

Entrepreneurship is hard. To run a successful business takes knowledge, skill, and money. It also takes a certain kind of personality to persist through the innumerable issues many entrepreneurs struggle with. Some business owners struggle financial risks, competition, failures, and more failures. Some struggle with the responsibility of providing for one’s family and employee’s families.

There’s one more thing many business owners struggle with: hate. No one was talking much about this, but as our business grew, I found I was unprepared to deal with the increasing amount of hate mail and negative interactions happening online around our company and products.

I thought I was coping well, but in reality the stress was getting to me. Work wasn’t fun anymore, and the stress was bleeding into my personal life. I found myself more angry and quick tempered around my wife and kids.

I’m not alone. In conversations with other entrepreneurs, this topic of dealing with hate mail and negative communications often comes up. I notice some people are avoiding certain business models or business opportunities all together for fear of becoming a target of hate. Our community needed tools and support to deal with the hate that is a natural part of doing business with large numbers of people. Below I’ll share some of things I’ve put into practice to deal with hate and the stress it causes.

What are some things you do that can invite hate?


Getting hate? That’s a good indicator that you are working on something that people are passionate about. Because anything worth doing is going to upset someone.

At this time, there are over 50,000 websites running Paid Memberships Pro. The 80/20 rule we use to decide on features is only going to satisfy… wait for it… 80% of them. There will always be features that some users believe are the “most important” features. Even if we provide addons or code gists to account for a certain feature, some will feel the feature should be included in the core plugin, or easier to find, or set to a different default.

You can’t help everyone.

When we were doing consulting work with about 30 clients per year, if a client needed our help with something, we could find a way to help them. We’d work a weekend, stay up late, call in a favor. Now with 50,000 users and 5,000 customers, we can’t possibly help everyone as much as they need. We get dozens of emails every day, and within those emails are plenty of people we have the ability to help but we just don’t have the time. We do the best within the services we offer and try to point them in the right direction to get help from our partners or others, but some of these people are going to get upset.

And some of these users, customers, and potential customers are going to be so upset that they’ll post negative reviews, email us mean things, or even threaten us with legal, financial, or physical harm.

What are some things you do that can prevent hate?

Before I cover a few tips about how to handle hate that comes your way, let me first share a few tips on how to avoid some of the hate.

  1. Offer a 100%, no questions, money-back guarantee.
  2. Process refunds quickly.
  3. Manage expectations in your copywriting.

I cover these topics a bit more in our posts About Refunds and Our 100% Money-back Guarantee and Great Advice for Decreasing Refund Rates.

Managing expectations is hard. There is a fine line between managing expectations and talking people out of buying your product. One thing you definitely can do is keep expectations in mind when processing a negative review or email. Could you have realistically prevented this hate mail without negatively impacting your other customers or revenue.

Dealing with Hate You Can’t Prevent

Here are some general steps I take whenever dealing with an emotionally charged email, review, or support request.

  1. Look for constructive criticism.
  2. Write a first draft. Delete it.
  3. Put yourself in hater shoes.
  4. Reply professionally.

Look for constructive criticism.

Even the most hateful of emails and reviews can be parsed for constructive criticism. The messenger may be a complete douchebag, but it’s still okay to learn from it. Maybe there is a bug to fix. Maybe you could update your documentation to make something more clear. Maybe you could update your sales copy to fix expectations.

Don’t like feel you have to take Mr. or Mrs. Hateful’s advice just because they are screaming. Be counscious whenever the “squeaky wheel” is getting the grease. Ideas you parse from negative feedback might be a good or bad. Process it like you would any other feedback.

Write a first draft. Delete it.

Open a blank notepad (that you can’t accidentally submit) to write your reply. The first draft should just be livid and dig into how much of a loser this person is for wasting your time… etc etc. Then delete it. Maybe others won’t need to unload like this, but I find it helps me a lot. It makes it much easier then to step back and address the message objectively.

Put yourself in hater shoes.

Your first response is going to be to lash back or get defensive. That’s why you delete your first draft. After that, take a moment to try to understand why the person is so upset. Some people are just rotten and evil, but maybe they are just having a really bad day. Until proven otherwise, give the user the benefit of the doubt.

One thing that opened my eyes a lot with regards to the hate mail we get is when I realized that we are selling more than just payment software. In a lot of ways we are selling a dream. People dream of using our software to make money, start a business, quit their day job, or to grow their associations in order to push forward their goals of social change. Heavy stuff. They spend hours or days trying to set up Paid Memberships Pro, run into problems, and then reach out to us… just to have to wait a few days for a response or be told they need to spend money they weren’t ready to spend. It is frustrating.

I also think about the “professional hagglers” who’ve been trained by bad customer service over the years to believe that loud threats are the best way to get someone’s attention. Sometimes “flipping the script” on these folks and treating them like human beings goes a long way to calming them down enough so you can help in the way you are willing to help.

Reply professionally.

No matter how irate the original message is, make sure that your reply is controlled and professional. With public posts in particular you will want to address the underlying concerns and issues behind the message. Even if it’s likely the poster has moved on (or you want to encourage them very much to move on), reply for the sake of anyone else who might stumble upon the post. Always reply to bad reviews or comments.The public will see a very irrational negative post, followed by your very rational reply. If your average reviews and publicity are generally positive, your replies will temper the occasional negative post.

Dealing with Stress

So now you might know how to pull useful feedback out of a hateful email. You’ve learned some tips for avoiding some of the hate mail. And you’ve learned a rough system for handling and replying to the hate mail. Even if you try your best to do this with robotic repetition, reading hateful words with your morning coffee is a bad way to start the day. You’re likely to get defensive and experience a nice little rush of adrenaline that could set you off balance for the rest of the day.

In addition to the typical stresses of running a business, as far as my mind and body are concerned I’ve been doing the equivalent of a hostage negotiation 2 to 3 times a week for the past few years. Here are some things I do to manage the stress:

  1. Mediate
  2. Isolate
  3. Use the Buddy System
  4. Engage Happy Customers


I’m not a prolific mediator, but even 5 minutes of calm mindfulness every other day or so (I use the app) gives me a kind of super power. When I started meditating regularly I became better able to slow down, to recognize my natural emotional reactions as just emotions that will pass, and to step outside of myself a little bit so I could process hate mail and negative comments without taking it personally.

Meditating has also helped me in my personal life. Regular meditation helps to curb your knee jerk reactions when managing unruly kids, and it helps in the same way with unruly users and customers.


I try not to read contact form email while I’m still getting your kids ready for school. I don’t check the reviews before a meeting or a coding session. In general, I make sure I’m ready whenever I wade into the inboxes and forums where hate lurks.

After dealing with support or another piece of stressful work, I try to have a buffer before I move onto anything else in life. I’ll take a walk, play a quick video game, or meditate for 5 minutes or so.

Use the Buddy System.

For a while, I had been shielding Kim from the worst of the communications coming into our business. As I started to struggle with things, I handed contact form duties off to her. She started to process the wide range of email coming in, from good-natured questions, to slightly annoying requests, to the full on hate mail. A week or so in, she looked at me with a horrified face like “you’ve been dealing with this all along?”

We have a larger support team now, and most of them bear the incoming hate at some level. The worst cases still get escalated to me, but since the smaller issues are handled by my team I’m in a better state when I work on the cases I do address.

Our team chat is now also a place we can use to vent, get stuff off our chest, and just generally laugh at how surreal customer support can be.

If you don’t have a team of your own, you can search for other business owners going through the same thing. The Supporting WordPress Products Facebook Group is a great example of a place where business owners come together to help each other through sharing advice and also just being there to listen.

Engage Happy Customers

Unhappy customers are going to be so much more likely to post something in public than customers that don’t run into issues. Every once in a while, and also as part of some of our automated reminders, we try to prompt happy customers to post a review or testimonial. We will often follow up to successfully closed tickets with a request to share an honest review of our plugin on the repository. And every once in a while, we make an ask to our mailing list for folks to write reviews and testimonials. We get a lot of positive feedback from these asks, and the positive reviews on help to diminish the 1 star reviews there. (For each 1 star review we get, we need 3 five star reviews to maintain a 4+ star rating.)

Besides getting some nice things written about us and helping with Internet points, reaching out to happy customers also reminds us why we’re doing this. It feels good to engage with people who are benefiting from our hard work.

In Summary

The amount of hate you have to deal with day to day will scale with the size of your business, and you may not be ready for it.

There are some things you can do to avoid some of the hate, like 100% money-back guarantees and clear copywriting. However, you won’t be able to stop it all.

When hate comes in, look for constructive criticism, discard your first drafts, try to empathize, and reply professionally.

To help with the stress of dealing with this hate, meditate, isolate, use the buddy system, and engage with happy customers.

These kinds of posts are difficult for me, because I fear what our own unhappy customers will think of this. I’m ready for it. But I do hope that my experience here is useful to other businesses working to keep their customers as happy as possible while also staying sane and productive.

Let me know if you have any thoughts or tips with regards to dealing with negativity with your customers.

Link to a User’s “User Page” in a Navigation Menu

The User Pages Add On creates a unique page for each Member after checkout, giving the Admin access to write and share customized content for each specific member. Version .5.3 of the add on now includes the option to add this page as a link in your menus.

Adding the Menu Item

All of the User Pages are created under one “Top Level Page” that is assigned under Memberships > User Pages. This “Top Level Page” is the item you will add to your WordPress Menu.

  1. Navigate to Appearance > Menus.
  2. Select the appropriate menu to edit.
  3. Locate your top level user page in the “Pages” box (you can see which page you have assigned under Memberships > User Pages).
  4. Add the page to your menu.
  5. Save the menu.

The add on will automatically detect the logged in user’s page and redirect them to that location when they attempt to access the “Top Level Page”.

If you navigate to this page as the administrator, however, you will be shown a list of all users with a link to their User Page for view and editing. To test the feature as a member, see this post for some methods to preview your site as a member.

What else can I do with User Pages?

Here’s a post that covers how to pre-populate the page created for the member with default content or a specific page template (determined by your theme or child theme).

View the Tutorial

Other uses for this page may be dashboard-like content, such as showing a member their latest topics on your bbPress forum, their member badge, or maybe a custom form to share data, files, or other information.

Show a Post, Page or Category’s Required Membership Levels in the Dashboard “All” Views

Below are three code recipes that will add a column to the All Posts, All Pages, or Categories screens in the WordPress Dashboard. This is an easy way to see how your content is being restricted for members.

Remember, you can lock posts and pages using the “Require Membership” meta box or lock a category under the Memberships > Membership Levels > Edit Level screen.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

New Report to View Membership Level Changes (Upgrades or Downgrades)

Add a custom report to the Memberships > Reports dashboard that displays a report of your membership site’s upgrades/downgrades.

See this blog post on custom reports to learn how to add the custom code to your site.

This page requires a PMPro Core Account or higher.

Already have an account? Login Now »

New to this site? Register Now »

Exporting Your Members List: Default Data and Adding New Columns

This post covers how to export your Members List to CSV. We’ll cover the default columns included in the export, as well as a method to add additional user data to the file.

Access the Members List Export

The “Export to CSV” feature of Paid Memberships Pro is located on the Memberships > Members List admin page. Here you will see your full Members List, which can be filtered based on several features, including Membership Level, Status, or via search. The exported CSV file is based on the active filter in the current view. If you would like to add additional data to this admin page or allow for more detailed filtering, see:

Default Fields Included in the Members List Export

The basic CSV export will include these fields:

  • id
  • username
  • firstname
  • lastname
  • email
  • billing firstname
  • billing lastname
  • address1

  • address2
  • city
  • state
  • zipcode
  • country
  • phone
  • membership
  • initial payment

  • fee
  • term
  • discount_code_id
  • discount_code
  • joined
  • expires

Adding Additional Data to the Export

There are a few methods to add data to your CSV export.

The easiest method applies to fields that are created via the Register Helper Add On. The code that adds your additional fields will simply need to be updated with attribute memberslistcsv => true. See detailed information on adding fields via Register Helper here.

If you need to add fields that were not created via Register Helper, you will need a custom function that uses the hook: pmpro_members_list_csv_extra_columns . For example, the code recipe below demonstrates how to add fields from the wp_users or wp_usermeta tables as well as fields added via BuddyPress. There may be other custom tables you need to pull in data from, in which case you’d need to access the user information in another way (dependent on the plugin you are trying to interact with).

The Code Recipe

This code recipe requires a PMPro Core Account or higher.

View Membership Options

Lock or Unlock Posts Based on Age and Post Date

Here are few methods to override a post’s membership requirements to members (and non-members) based on specific timeframes your configure. While some of this could be done manually, these functions make the restrictions automatic.

Hide Old Posts to New Members

This existing recipe allows you to hide anything posted prior to a member’s join date. You may want to do this if your content is more serial in nature or if you want members to only receive access to content that comes out while they are subscribed.

View the Recipe

Allow Non-Members to View Restricted Posts Based on Timeframe

This recipe to allows a window of time that restricted posts are “unlocked”. This is good for allowing search engines to index your content as well as to entice new members to join by allowing a “taste” of what they will get when subscribing for the full history of content. For example, if you’re a podcaster, you could make your newest content public and your library of podcasts older than 30 days are restricted.

The posts must still be locked to the allowed membership levels, either via a category that is restricted on the level OR specifically via the post’s “Require Membership” settings.

The recipe is designed to open posts from the last 30 days. You can customize this for your own timeframe (7 days, 1 day, etc.).

This code recipe requires a PMPro Core Account or higher.

View Membership Options

Unlock Restricted Posts for Non-Members Based on Timeframe

This recipe to removes the membership requirements for posts older than 18 months (or your specified timeframe). This is also useful for sites with a large number of posts to allow the search engines to index lots of content, without giving away access to your newer, more timely articles.

The posts must still be locked to the allowed membership levels, either via a category that is restricted on the level OR specifically via the post’s “Require Membership” settings.

The recipe is designed to open posts that are older than 18 months. You can customize this for your own timeframe (3 months, 6 months, etc.).

This code recipe requires a PMPro Core Account or higher.

View Membership Options

Need to Customize Further?

The recipes above could be modified to unlock or lock posts only in certain levels, only to members of other allowed levels or only for posts in specific categories. PMPro Core or Plus Members can open a topic in our Members Forum for help with these recipes.

On Time Zones and Off By One Day Errors

Some sites report “off by one day” errors when calculating end dates on new orders and memberships. What this looks like on the front end is setting someone’s end date to January 31, 2017 and then having it show up as January 30, 2017. Or expiration is set to happen at 12:00am, but it happens at 10:00pm instead.

This post covers some common reasons why this is happening and a collection of ways to set the various time stamp settings in your web stack.

What’s really going on?

In most cases, “off by one day” errors occur when your web server, database server, and/or WordPress install are disagreeing about which timezone to use for calculating dates.

Getting everyone to “agree” on the time zone varies depending on your setup, specifically if you are on shared hosting and have limited access to your server. In this case you may not be able to configure the time zone for one or more of the services listed below. That being said, making some or all of the suggested updates can help to resolve these time zone errors.

Settings In WordPress

To change the timezone in WordPress go to Settings –> General in the admin dashboard. You can also set the date format here, which is used by PMPro when displaying dates.

Settings In CentOS/Linux

Here is an article explaining how to change your timezone in CentOS. Use the correct timezone file (browse around the /usr/share/zoneinfo directory), but generally you should run these two commands when logged in as root. (Note: don’t copy the #)

# mv /etc/localtime /etc/localtime.bak
# ln -s /usr/share/zoneinfo/America/New_York /etc/localtime

Settings In Apache/PHP

Typically you need to add or edit a line in your php.ini document. Here is a list of timezones at

date.timezone = “America/New_York”

Settings In MySQL

Log into MySQL as root and run this query: (More information on time zones in MySQL.)

SET time_zone = ‘America/New_York’;


Making sure that all of these settings are in sync will usually fix any “off by one day” errors going forward. Some issues will be fixed immediately after changing these settings. Other issues will still happen since the timestamps in the database were set when time zones were out of sync. You’ll have to run queries in your database to update time/date fields after your time zones have been set correctly.

Some hosts or server setups will have different methods for changing the time zones as above. Searching the knowledge base of your host or opening a support ticket there may help. If you find a new solution related to above, feel free to comment and we’ll try to expand on the information here to cover as many scenarios as we can.

If you are still having issues related to dates and time stamps, please post to our member forums and we can help you fix things for your specific setup.

Always Show the Discount Code Field

If you’re using any of the recipes to require discount codes or have a large percentage of your members using codes during registration, here’s a quick CSS snippet to always show this field at the top of your Membership Checkout page.

The CSS Code Recipe

#other_discount_code_p {display: none;}
#other_discount_code_tr {display: table-row !important;}

Copy and paste this into your active theme (or child theme’s) style.css file or a stylesheet for PMPro Customizations (our recommended method).

The Result (Screenshot)

Protect Your Membership Site from Spam and Abuse Using reCAPTCHA

reCAPTCHA is a service provided by Google that aims to block abusive, automated traffic. Paid Memberships Pro allows you to easily integrate this service on your membership checkout process. This post covers when and why to use reCAPTCHA, how to create your reCAPTCHA account and configure it for your membership site.

When and why to use reCAPTCHA

By default, Paid Memberships Pro uses a “honey pot” technique to catch most automated spammers. This method relies on a hidden form field that valid visitors cannot see, but an automated “bot” visitor will attempt to populate, thereby throwing an error on checkout form submission.

For this reason, we generally recommend that site owners only activate reCAPTCHA for free levels if they are seeing a problem with spam signups. Your paid levels require a credit card (or successful PayPal checkout), so there is less opportunity for spammers to get in — they aren’t going to spend real money spamming your site.

Recently, we’ve seen a different kind of user who WILL use credit cards to create invalid accounts on your site: people testing stolen credit cards. These attackers are using your membership checkout form as a “credit card validator” to test different names, addresses, card numbers, zip codes, and CVV numbers. Once they find the right combo that is successful on your site, they can then use that validated card to make purchases elsewhere.

If this is happening to you, you may want to activate reCAPTCHA for all memberships.

Payment Gateway Fraud Detection

Your payment gateway has built in fraud detection that will monitor repeated attempts with similar data. But no fraud detection process is 100% perfect and some charges will get through. Sure the cash that comes into your account looks nice, but these charges are inevitably going to be refunded or, if you don’t catch them in time, charged back. See this post on chargebacks for more information.

If you are using as your payment gateway, inquire about the free Advanced Fraud Detection Suite, which enables you to set up “rules” for types of transactions that appear fraudulent.

Additionally, Stripe allows you to customize the default fraud detection via custom risk evaluation rules configured in your Stripe account.

Is this happening to me?

The easiest way to confirm if your membership checkout form is being used for fraudulent checkout attempts is via your payment gateway’s “charges” dashboard. For example, if you are using Stripe, your “Payments” dashboard shows all attempted charges. If you see a large number of charges labeled “failed” you may be at risk. We’d advise turning on reCAPTCHA for all memberships in this case.

How reCAPTCHA works (for my members)

The Membership Checkout page will include a new section that looks like the image below:

If the user is logged in to a Google service, such as Gmail or Drive, they will simply need to check the box labeled “I’m not a robot”. Google’s reCAPTCHA service will validate them and this is (most often) the only step needed.

Anyone that the service identifies as “suspicious” will have to solve a visual puzzle to get through. These range from “pick all the pictures with a number in them” or “select all the images of a cat”. Here’s the “test” I got when getting a screenshot of the process for this post. If you fail the first test, you’ll be given another test. At most, I’ve had to complete two screens of image identification before successful validation.

Humans will be able to solve the puzzle, but a bot will not.

Sign up for reCAPTCHA. Get your API Keys.

  1. Click here to sign Up for reCAPTCHA.
  2. Under “Register a new site”, enter your site’s name as the label. This is only used to identify the site in your reCAPTCHA dashboard.
  3. Select “reCAPTCHA 2” for the setting Choose the type of reCAPTCHA. Jason is looking into adding support for the Invisible reCAPTCHA.
  4. Under “Domains”, list the domain name of your membership site. You may want to include both the “www” and “non-www” domains (i.e. and
  5. Agree to the terms, and, optionally, opt-in to receive reports.

After submitting the form, you will be redirected to view the Keys for this reCAPTCHA site. Under the heading “Adding reCAPTCHA to your site”, toggle to display the “Keys”. The keys you will need for Paid Memberships Pro are the Site Key and the Secret Key. You do not need to do anything with the “client-site” or “Server side” integration.

Configure Paid Memberships Pro to use reCAPTCHA

  1. Navigate to Memberships > Advanced Settings in your WordPress admin.
  2. Under “Use reCAPTCHA?” select either to use for free memberships only or for all memberships.
  3. Enter your Site Key in the reCAPTCHA Public Key field.
  4. Enter your Secret Key in the reCAPTCHA Private Key field.
  5. Save the Settings.

Now test it!

We always recommend running a test membership checkout after making changes to your Paid Memberships Pro settings (even if you only test a free membership level signup or use a discount code to make your paid level free). reCAPTCHA does rely on JavaScript as well as successfully copied/pasted keys in order to work. This FAQ published by Google identifies common errors or issues if you are not able to successfully validate using reCAPTCHA.

Closing Thoughts

If you think your membership checkout has been used as a “credit card validator” but an attacker, you should actively locate any successful charges and process a refund immediately. This will save you from the chargeback fee imposed by your payment gateway when the rightful card owner identifies the fraudulent charge.

In our case, the charges all used the same email domain, so I simply did a search in our Members List (and All Users list) for that “” to isolate the members. See this post on how to process a refund for more help.