M-Pesa is Kenya’s top mobile money service. WordPress powers millions of sites. Integrating M-Pesa lets you accept payments easily. This guide shows step-by-step methods. It’s SEO-optimized for “M-Pesa WordPress integration.” Use plugins or code. Perfect for WooCommerce stores or membership sites.
Why Integrate M-Pesa with WordPress?
Customers love M-Pesa. Over 50 million Kenyans use it daily. It boosts sales for e-commerce. No credit cards needed. Supports STK Push for smooth checkouts.
Key benefits:
-
Instant payments.
-
Low fees.
-
Mobile-first.
-
Works in Kenya and beyond.
SEO tip: Add keywords like “M-Pesa WooCommerce plugin” naturally.
Prerequisites Before Starting
Gather these first:
-
Active WordPress site.
-
WooCommerce plugin (for stores).
-
Safaricom Daraja API account.
-
Business Paybill or Till number.
-
Hosting with PHP 7.4+.
Register at developer.safaricom.co.ke. It’s free for sandbox testing.
Method 1: Use Free WordPress Plugins
Plugins make integration simple. No coding required. Top options below.
Recommended Plugins Comparison
| Plugin Name | Free? | WooCommerce? | STK Push | Sandbox | Support |
|---|---|---|---|---|---|
| M-Pesa Open API | Yes | Yes | Yes | Yes | Basic |
| Woo M-Pesa Gateway | Yes | Yes | Yes | Yes | Community |
| Daraja M-Pesa | Paid | Yes | Yes | Yes | Premium |
Install from WordPress.org or GitHub.
Steps for Plugin Installation
-
Log into WordPress dashboard.
-
Go to Plugins > Add New.
-
Search “M-Pesa” or upload ZIP.
-
Install and activate.
-
Test in sandbox mode.
Example: For M-Pesa Open API:
-
Navigate to WooCommerce > Settings > Payments > M-PESA.
-
Enter credentials.
-
Enable gateway.
Get M-Pesa Daraja API Credentials
Visit developer.safaricom.co.ke.
-
Sign up or log in.
-
Create new app.
-
Select Lipa na M-Pesa Sandbox.
-
Note Consumer Key and Secret.
-
Generate Passkey (for production).
-
Go live after approval.
Sandbox simulates payments. Use test phone: 254708374149. PIN: 000000.
Configure Plugin Settings
Enter details in plugin:
-
Consumer Key.
-
Consumer Secret.
-
Paybill/Till Number.
-
Passkey.
-
Callback URL (auto-generated).
-
Confirmation URL.
Save changes. Set to test mode first.
Pro Tip: Use shortcode plugins like IntaSend for non-Woo sites. Add [mpesa] buttons anywhere.
Test M-Pesa Integration
Testing prevents live issues.
Steps:
-
Enable sandbox.
-
Add product to cart.
-
Checkout with M-Pesa.
-
Enter test phone.
-
Check STK Push on phone.
-
Confirm payment.
-
View order status.
Troubleshoot errors:
-
Invalid credentials? Regenerate keys.
-
No STK? Check callbacks.
-
Timeouts? Verify webhooks.
Go Live: Production Setup
Ready for real money?
-
Switch to production API.
-
Update Passkey.
-
Disable sandbox.
-
Test live transaction (small amount).
-
Monitor dashboard.
Safaricom approves in 1-3 days. Fees: 1-2% per transaction.
Custom Integration Without Plugins
For full control, code it yourself. Uses Daraja API STK Push.
Required Files
Create in theme: functions.php or custom plugin.
API Credentials Table
Sample PHP Code for STK Push
Add to functions.php:
function initiate_mpesa_stk($phone, $amount, $account) {
$consumer_key = 'YOUR_KEY';
$consumer_secret = 'YOUR_SECRET';
$passkey = 'YOUR_PASSKEY';
$business_shortcode = 'YOUR_SHORTCODE';
// Get access token
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, "https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials");
curl_setopt($curl, CURLOPT_HTTPHEADER, array('content-type:application/json'));
// Add auth headers...
$response = curl_exec($curl);
$token = json_decode($response)->access_token;
// STK Push
$data = [
'BusinessShortCode' => $business_shortcode,
'Password' => base64_encode($business_shortcode . $passkey . time()),
'Timestamp' => date('YmdHis'),
'TransactionType' => 'CustomerPayBillOnline',
'Amount' => $amount,
'PartyA' => $phone,
'PartyB' => $business_shortcode,
'PhoneNumber' => $phone,
'CallBackURL' => home_url('/mpesa/callback/'),
'AccountReference' => 'Order' . rand(1000,9999),
'TransactionDesc' => 'Payment'
];
curl_setopt($curl, CURLOPT_URL, 'https://sandbox.safaricom.co.ke/mpesa/stkpush/v1/processrequest');
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($data));
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Authorization: Bearer ' . $token, 'Content-Type: application/json'));
$result = curl_exec($curl);
curl_close($curl);
return $result;
}
Handle callbacks in a page template.
Security Note: Sanitize inputs. Use nonces.
WooCommerce-Specific Setup
WooCommerce is popular. Plugins shine here.
-
Install WooCommerce.
-
Add M-Pesa gateway plugin.
-
Go to WooCommerce > Settings > Payments.
-
Enable M-Pesa.
-
Drag to top for priority.
Custom checkout fields:
-
Phone number (mandatory).
-
Auto-fill from billing.
Advanced Features
-
Paywalls: Restrict content post-payment. Use code snippets.
-
Subscriptions: Pair with Woo Subscriptions.
-
Multi-site: Network activate plugins.
-
Hooks: Customize with
woocommerce_payment_complete.
Shortcode example:
[mpesa amount="1000" phone="required" description="Buy Now"]
Common Issues and Fixes
| Issue | Cause | Fix |
|---|---|---|
| No STK Push | Wrong URLs | Check sandbox/production |
| Callback Fail | Permalinks | Flush rewrite rules |
| Invalid Token | Expired key | Regenerate |
| Currency Mismatch | KES only | Set Woo to KES |
Clear cache. Check error logs.
Security Best Practices
-
HTTPS mandatory.
-
Store keys in wp-config.php.
-
Validate callbacks with Safaricom result codes.
-
Log transactions.
-
Comply with Data Protection Act.
Regular updates prevent hacks.
Costs Involved
| Item | Cost |
|---|---|
| Plugin | Free – KSh 5,000 |
| Daraja API | Free |
| Safaricom Fees | 0.5-2% |
| Hosting | KSh 500/mo+ |
ROI: Higher conversions pay off fast.
Mobile Optimization
M-Pesa users are mobile. Ensure:
-
Responsive theme.
-
Fast load times.
-
AMP support.
-
One-tap STK.
Test on Android/iOS.
Final Tips for Success
Start small. Test thoroughly. Monitor analytics. Offer support chat.
Track metrics:
-
Conversion rate.
-
Abandoned carts.
-
Average order value.
Scale to subscriptions or apps later.
This setup works in 2026. Update for API changes