FAQ
Answers about setup, security, the magic-link flow, PRO features, and pricing.
The basics
What does this plugin do?
It adds a branded login page for the Stripe Customer Portal on your WordPress site. Customers enter their email, receive a secure magic-link by email, and are redirected to the Stripe-hosted Customer Portal where they manage subscriptions and payment methods.
Does this plugin replace Stripe Billing or WooCommerce?
No. It adds a WordPress login entry point for the Stripe Customer Portal. Your Stripe products, subscriptions, and billing logic remain in Stripe.
Is the Stripe Customer Portal still hosted by Stripe?
Yes. The plugin provides the login surface on your WordPress site. After authentication, customers are redirected to the Stripe-hosted Customer Portal to manage billing, subscriptions, and payment methods.
Setup & configuration
How do I get my Stripe Secret API key?
Log into your Stripe Dashboard, go to Developers → API keys, and copy your Secret key. Paste it into the Stripe Portal settings page in WordPress admin.
Can I customize the login URL?
Yes. The endpoint URL is configurable from the settings page (e.g. /customer-portal/). The slug is length-capped at 64 characters to keep the rewrite engine fast.
Can I embed the login form on any page?
Yes. Use the shortcode [login-stripe-customer-portal] on any page or post. In 1.1 you can also drop [lscp-message] on a dedicated thank-you page to render the inline success/error message there.
Can I restrict login to existing Stripe customers only?
Yes. A toggle in settings limits access to existing Stripe customers. With it off (the default) a Stripe customer is auto-created the first time a magic link is redeemed for a new email — the settings description states this explicitly so there’s no surprise.
Security & privacy
How does the magic-link login work?
A customer enters their email. The plugin issues a secure token, hashes it with SHA-256 before storing, and emails a one-hour login link. Clicking the link verifies the token, marks it used, and hands off to the Stripe-hosted Customer Portal.
Can the login page be abused as an email-enumeration oracle?
No. The form response is constant for valid, invalid, and unknown email addresses, and the wording is mode-aware (it doesn’t falsely imply existence). A per-email + per-IP rate limiter (5 requests / 10 minutes) further blocks scraping attempts.
What happens to my Stripe key on uninstall?
Uninstalling cleans up every plugin option and transient. Your Stripe Secret Key does not linger in wp_options after the plugin is removed.
Is the plugin GDPR-ready?
The plugin registers a personal-data exporter and eraser with WordPress Privacy Tools (Tools → Export Personal Data / Erase Personal Data), so subject-access and deletion requests can be fulfilled through the standard WordPress flow.
PRO & pricing
What ships in 1.1 PRO that isn’t in the free version?
PRO 1.1 unlocks: branded magic-link email templates (6 designs), the login-form styler with template library, WooCommerce / MemberPress / LearnDash integration ("Manage Billing" buttons + WP-user ↔ Stripe-customer bridge), a Stripe-webhook listener with rules-based WordPress role automation, multi-Stripe-account support, and agency white-label.
Do PRO licenses auto-renew?
Yes — PRO is annual and auto-renews through Freemius. Cancel renewal any time from your Freemius account; the plugin keeps working until the end of the paid term.
What’s the refund policy?
30 days, no questions asked. Email support and reference your Freemius order; the refund goes back to the payment method used.
Still have a question?
Documentation answers most setup questions; the WordPress.org support forum is open for everything else.