Adds a "Donate to author" link on the Plugins screen. Safe to update \u2014 no database changes.<\/p>","1.1.29":"
Plugin Check cleanup: removed a prohibited Plugin Check cleanup: activator migration now uses the WordPress meta APIs instead of direct database queries, and login-handler ignore annotations were re-anchored. Tested up to WordPress 7.0. Safe to update \u2014 no database changes.<\/p>","1.1.27":" Prefix lengthened to After logout, users are now returned to the dashboard login page ( Fixes the logout button being covered by the mobile bottom navigation bar. The bottom nav now hides while the slide-out menu is open, so the "Log Keluar" button is fully visible. Safe to update \u2014 no database changes.<\/p>","1.1.24":" Fixes the mobile logout button being hidden behind the phone's browser bar. The slide-out menu now sizes to the visible viewport so the "Log Keluar" button is always reachable. Safe to update \u2014 no database changes.<\/p>","1.1.23":" Adds a clear full-width "Log Keluar" (logout) button to the dashboard sidebar and fixes a mobile layout issue where the sidebar footer could be hidden behind the browser\/navigation bars. Safe to update \u2014 no database changes.<\/p>","1.1.22":" White-labels the "forgot password" and "reset password" screens to match the branded login page. WordPress's secure reset routines are unchanged. Safe to update \u2014 no database changes.<\/p>","1.1.21":" Adds a branded login page for the frontend dashboard Adds white-labeling for the Bendahari role: hides the WordPress admin bar on the frontend and blocks PluginCheck follow-up: six PluginCheck follow-up pass: table\/column identifiers in pending-poller and activator now use PluginCheck compliance pass: PHP namespace renamed Security fix: public REST endpoint WordPress.org compliance pass \u2014 all inline CSS\/JS now properly enqueued, IP sanitization hardened, Chart.js updated to 4.5.1, third-party service URLs corrected. Recommended for all users. Safe to update \u2014 no database changes.<\/p>","1.1.14":" Security hardening for reports endpoint (strict date validation + SQL identifier escaping). Recommended for all users. Safe to update \u2014 no database changes.<\/p>","1.1.13":" Important fix for Elementor users: campaign visibility toggles now actually work. Also bundles Chart.js locally and makes Google Fonts opt-in for WordPress.org \/ GDPR compliance. Safe to update \u2014 no database changes.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3564043,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3564043,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3564043,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3564043,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":{"masjid-donation\/donation-button":{"name":"masjid-donation\/donation-button","title":"Masjid Donation"}},"tagged_versions":["1.1.29","1.1.30"],"block_files":[],"assets_screenshots":{"screenshot-1.png":{"filename":"screenshot-1.png","revision":3564043,"resolution":"1","location":"assets","locale":"","width":1280,"height":800},"screenshot-2.png":{"filename":"screenshot-2.png","revision":3564043,"resolution":"2","location":"assets","locale":"","width":800,"height":1280},"screenshot-3.png":{"filename":"screenshot-3.png","revision":3564043,"resolution":"3","location":"assets","locale":"","width":800,"height":1280},"screenshot-4.png":{"filename":"screenshot-4.png","revision":3564043,"resolution":"4","location":"assets","locale":"","width":800,"height":1280},"screenshot-5.png":{"filename":"screenshot-5.png","revision":3564043,"resolution":"5","location":"assets","locale":"","width":1280,"height":800},"screenshot-6.png":{"filename":"screenshot-6.png","revision":3564043,"resolution":"6","location":"assets","locale":"","width":1280,"height":800},"screenshot-7.png":{"filename":"screenshot-7.png","revision":3564043,"resolution":"7","location":"assets","locale":"","width":1280,"height":800},"screenshot-8.png":{"filename":"screenshot-8.png","revision":3564043,"resolution":"8","location":"assets","locale":"","width":1280,"height":800}},"screenshots":{"1":"Frontend donation button with live statistics and donor wall.","2":"Donation modal \u2014 amount selection step.","3":"Donation modal \u2014 donor details step.","4":"Frontend dashboard \u2014 overview page.","5":"Frontend dashboard \u2014 campaigns management.","6":"Frontend dashboard \u2014 settings page.","7":"Elementor widget with full configuration panel.","8":"Setup wizard on first activation."}},"plugin_section":[],"plugin_tags":[232767,8222,31427,617,10546],"plugin_category":[45],"plugin_contributors":[266078],"plugin_business_model":[],"class_list":["post-314204","plugin","type-plugin","status-publish","hentry","plugin_tags-bayarcash","plugin_tags-charity","plugin_tags-chipin","plugin_tags-donation","plugin_tags-masjid","plugin_category-ecommerce","plugin_contributors-eskillsproductions","plugin_committers-eskillsproductions"],"banners":{"banner":"https:\/\/ps.w.org\/masjid-donation\/assets\/banner-772x250.png?rev=3564043","banner_2x":"https:\/\/ps.w.org\/masjid-donation\/assets\/banner-1544x500.png?rev=3564043","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/masjid-donation\/assets\/icon-128x128.png?rev=3564043","icon_2x":"https:\/\/ps.w.org\/masjid-donation\/assets\/icon-256x256.png?rev=3564043","generated":false},"screenshots":[{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-1.png?rev=3564043","caption":"Frontend donation button with live statistics and donor wall."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-2.png?rev=3564043","caption":"Donation modal \u2014 amount selection step."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-3.png?rev=3564043","caption":"Donation modal \u2014 donor details step."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-4.png?rev=3564043","caption":"Frontend dashboard \u2014 overview page."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-5.png?rev=3564043","caption":"Frontend dashboard \u2014 campaigns management."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-6.png?rev=3564043","caption":"Frontend dashboard \u2014 settings page."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-7.png?rev=3564043","caption":"Elementor widget with full configuration panel."},{"src":"https:\/\/ps.w.org\/masjid-donation\/assets\/screenshot-8.png?rev=3564043","caption":"Setup wizard on first activation."}],"raw_content":"\n Masjid Donation Manager<\/strong> is a complete donation management system built specifically for masjids, surau, and Islamic charitable organizations in Malaysia. It supports multiple campaigns, two popular Malaysian payment gateways (ChipIn Asia and Bayarcash), and ships with a frontend dashboard so the masjid committee can manage everything without ever touching wp-admin.<\/p>\n\n The plugin is bilingual-friendly \u2014 the user-facing strings are in Bahasa Malaysia by default, and all strings pass through This plugin relies on third-party services to process donations. Connection to a gateway only happens when a donor actually clicks \"Pay\" on the donation form \u2014 no data is sent at any other time, and no data is ever sent to the plugin author. By using this plugin you (and your donors) are accepting the terms and privacy policies of whichever gateway you enable.<\/strong><\/p>\n\n What it is: a Malaysian payment gateway by CHIP IN Sdn. Bhd. used to process FPX, e-wallet and card payments.<\/p>\n\n What is sent and when: when a donor initiates a donation through a campaign that uses ChipIn Asia, the plugin sends the donor's name, email, phone number, donation amount, currency (MYR) and a unique reference (donation_id) to ChipIn's API to create a payment session. The donor's browser is then redirected to ChipIn to complete payment. After payment, ChipIn calls our webhook with the transaction status. No donor card \/ bank details ever touch your WordPress server.<\/p>\n\n API endpoint contacted: What it is: a Malaysian Shariah-compliant payment gateway by Web Impian Sdn. Bhd. used to process FPX, DuitNow QR and DuitNow Online Banking payments.<\/p>\n\n What is sent and when: when a donor initiates a donation through a campaign that uses Bayarcash, the plugin sends the donor's name, email, phone number, donation amount, currency (MYR), a unique reference (donation_id \/ order_number) and a selected payment channel to Bayarcash's API to create a payment intent. The donor's browser is then redirected to Bayarcash to complete payment. After payment, Bayarcash calls our webhook (and POSTs to the return URL) with the transaction status. No donor card \/ bank details ever touch your WordPress server.<\/p>\n\n API endpoints contacted (depending on the \"Mod\" selected in Tetapan \u2192 Bayarcash<\/em>):<\/p>\n\n The sandbox URLs are only contacted when the merchant explicitly selects sandbox mode for testing; live installations never reach the sandbox hosts.<\/p>\n\n What it is: the Poppins font family hosted by Google Fonts, used for the donation button UI and the frontend dashboard.<\/p>\n\n What is sent and when: this connection is disabled by default<\/strong>. If \u2014 and only if \u2014 the masjid administrator enables \"Muat Google Fonts\" in Tetapan \u2192 Keselamatan \u2192 Privasi & Sumber Luar<\/em>, the visitor's browser will fetch the Poppins font family from All donation records remain in your own WordPress database. No data is ever transmitted to the plugin author.<\/p>\n\n This plugin processes the following personal data of donors:<\/p>\n\n This data is:<\/p>\n\n Donors may request anonymization or deletion of their record at any time. The frontend dashboard includes a one-click anonymization tool for the masjid administrator.<\/p>\n\n This plugin does not<\/strong> send any data to the plugin author or to any third party other than the payment gateway the donor actually transacts with.<\/p>\n\n\n The plugin itself is free and GPL-licensed. However, the payment gateways (ChipIn Asia, Bayarcash) charge their own transaction fees according to their pricing \u2014 please see their respective websites for current rates.<\/p><\/dd>\n Both work well. ChipIn Asia is generally easier to onboard for smaller organizations and supports FPX, e-wallets and cards. Bayarcash is widely used by Malaysian masjids and supports FPX and DuitNow QR. You can also enable both and pick per campaign.<\/p><\/dd>\n The current version requires at least one payment gateway to be configured because donations flow through online checkout. A pure offline \/ cash-receipting mode is on the roadmap.<\/p><\/dd>\n This was a bug in versions prior to 1.1.13 \u2014 please update. Both toggles are now respected as widget-level overrides regardless of the campaign-level setting.<\/p><\/dd>\n In two custom tables in your WordPress database \u2014 The plugin gives you the tools you need: donor anonymization, configurable data-retention period, and external resources (Google Fonts) are opt-in only. You are still responsible for your own privacy notice and for telling visitors what you collect and why.<\/p><\/dd>\n Deactivate the plugin, then click Delete<\/strong>. The uninstall routine will drop the custom tables, remove the dashboard page, delete plugin options, remove custom roles and capabilities, and remove all campaign posts. This is irreversible \u2014 back up your donation data first.<\/strong><\/p><\/dd>\n Yes. All user-facing strings use the Not yet. The current scope is one-off donations only. Recurring is on the roadmap pending gateway support.<\/p><\/dd>\n\n<\/dl>\n\n\n Released: 28 May 2026<\/em><\/p>\n\n Released: 23 May 2026<\/em><\/p>\n\n Released: 23 May 2026<\/em><\/p>\n\n Released: 23 May 2026<\/em><\/p>\n\n Released: 22 May 2026<\/em><\/p>\n\n Released: 22 May 2026<\/em><\/p>\n\nsuppress_filters<\/code> argument and added justified ignores to the activation-time page lookup. Safe to update \u2014 no database changes.<\/p>","1.1.28":"masjiddm<\/code> for WordPress.org compliance; a one-time migration copies existing settings, campaign data and permissions automatically. Auth-page CSS\/JS now enqueued. Safe to update \u2014 your data is preserved.<\/p>","1.1.26":"\/masjid-admin\/<\/code>) instead of the site homepage. Safe to update \u2014 no database changes.<\/p>","1.1.25":"\/masjid-admin\/<\/code> so logged-out users no longer hit the WordPress wp-login.php<\/code> screen. Secure in-place login via wp_signon()<\/code> with nonce protection. Safe to update \u2014 no database changes.<\/p>","1.1.20":"\/wp-admin\/<\/code> access, so treasurers can't tell the site runs on WordPress. Administrators are unaffected. Safe to update \u2014 no database changes.<\/p>","1.1.19":"NonceVerification.Missing<\/code> warnings on Dashboard_Ajax<\/code> export\/treasurer handlers cleared with inline phpcs:ignore<\/code>; uninstall.php<\/code> phpcs:enable<\/code> scoped so it doesn't lift the variable-prefix suppression. Safe to update \u2014 no database changes.<\/p>","1.1.18":"%i<\/code> placeholders; file-level PHPCS suppressions consolidated and re-anchored; targeted ignores added for the mdm_*<\/code> prefix sniff. Safe to update \u2014 no database changes.<\/p>","1.1.17":"MDM\\<\/code> \u2192 MasjidDM\\<\/code>, bootstrap function and one hook re-prefixed, sanitization made statically traceable, wp_redirect()<\/code> \u2192 wp_safe_redirect()<\/code>, date()<\/code> \u2192 gmdate()<\/code>. Safe to update \u2014 no database changes.<\/p>","1.1.16":"GET \/campaign\/{id}<\/code> no longer returns per-campaign gateway credentials. Recommended for all users; rotate any gateway API keys if your site is publicly accessible. Safe to update \u2014 no database changes.<\/p>","1.1.15":"__()<\/code> so they can be translated.<\/p>\n\nKey Features<\/h4>\n\n
\n
\/masjid-admin\/<\/code> page lets the masjid committee (administrator and the included \"Bendahari Masjid\" role) view donations, manage campaigns, send receipts and pull reports without learning wp-admin.<\/li>\n[masjid_donation id=\"1\"]<\/code>, [masjid_donor_wall id=\"1\"]<\/code>, [masjid_donation_stats id=\"1\"]<\/code>, [masjid_campaigns_list]<\/code>.<\/li>\nExternal services<\/h3>\n\n
ChipIn Asia (CHIP) \u2014 payment gateway<\/h4>\n\n
https:\/\/gate.chip-in.asia\/api\/v1\/<\/code> (the same hostname is used for both sandbox and live; mode is selected per-account on ChipIn's side).<\/p>\n\n\n
Bayarcash \u2014 payment gateway<\/h4>\n\n
\n
https:\/\/console.bayar.cash\/api\/v2\/<\/code> and https:\/\/api.console.bayar.cash\/v3\/<\/code><\/li>\nhttps:\/\/console.bayarcash-sandbox.com\/api\/v2\/<\/code> and https:\/\/api.console.bayarcash-sandbox.com\/v3\/<\/code><\/li>\n<\/ul>\n\n\n
Google Fonts (optional, opt-in)<\/h4>\n\n
fonts.googleapis.com<\/code> on any page that displays the donation button, dashboard, or thank-you template. When disabled (the default), the plugin falls back to system fonts and no requests are ever made to Google.<\/p>\n\n\n
Privacy Policy<\/h3>\n\n
\n
\n
wp_masjid_donations<\/code> and wp_masjid_donation_logs<\/code>).<\/li>\nAutomatic installation<\/h4>\n\n
\n
Manual installation<\/h4>\n\n
\n
.zip<\/code> file.<\/li>\n.zip<\/code> file and click Install Now<\/strong>.<\/li>\nAfter activation<\/h4>\n\n
\n
yoursite.com\/masjid-admin\/<\/code>.<\/li>\n\n
[masjid_donation id=\"X\"]<\/code> where X is your campaign ID.<\/li>\n<\/ul><\/li>\n<\/ol>\n\nSystem requirements<\/h4>\n\n
\n
\n
Do I need to pay anything to use this plugin?<\/h3><\/dt>\n
Which payment gateway should I choose?<\/h3><\/dt>\n
Can I run the plugin without a payment gateway, for cash donations?<\/h3><\/dt>\n
My Elementor \"Papar Statistik\" \/ \"Papar Dinding Penderma\" toggles don't seem to do anything.<\/h3><\/dt>\n
Where is the donation data stored?<\/h3><\/dt>\n
wp_masjid_donations<\/code> (or your prefix) and wp_masjid_donation_logs<\/code>. No data ever leaves your server except what is transmitted to your chosen payment gateway at the moment a donor checks out.<\/p><\/dd>\nIs the plugin GDPR \/ PDPA compliant?<\/h3><\/dt>\n
How do I uninstall completely?<\/h3><\/dt>\n
Can I translate the plugin?<\/h3><\/dt>\n
masjid-donation<\/code> text domain. Drop a .mo<\/code> file into wp-content\/languages\/plugins\/<\/code> named masjid-donation-{locale}.mo<\/code>.<\/p><\/dd>\nDoes this plugin support recurring \/ subscription donations?<\/h3><\/dt>\n
1.1.30<\/h4>\n\n
\n
1.1.29<\/h4>\n\n
\n
suppress_filters => true<\/code> argument from the campaign lookup in the prefix-rename migration (it is prohibited by the performance sniff and was redundant \u2014 get_posts()<\/code> already defaults it internally).<\/li>\nphpcs:ignore<\/code> annotations with justifications to the dashboard-page meta lookup in Page_Provisioner::find_existing_page()<\/code>. The meta_key<\/code> \/ meta_value<\/code> query runs only during activation \/ page-provisioning \/ self-heal (never on a front-end request) and returns a single row, so the SlowDBQuery warning does not apply.<\/li>\n<\/ul>\n\n1.1.28<\/h4>\n\n
\n
$wpdb<\/code> queries. Per-campaign meta is now copied through get_posts()<\/code> \/ get_post_meta()<\/code> \/ update_post_meta()<\/code> and donor phone numbers through get_users()<\/code> \/ get_user_meta()<\/code>, clearing the WordPress.DB.DirectDatabaseQuery<\/code> (DirectQuery \/ NoCaching) warnings.<\/li>\n$_POST<\/code> reads now carry their phpcs:ignore<\/code> annotations on the exact access lines, resolving the reported ValidatedSanitizedInput.InputNotSanitized<\/code> (the password is intentionally passed raw to wp_signon()<\/code>) and NonceVerification.Missing<\/code> (the login POST is nonce-verified before the field is read) warnings.<\/li>\nTested up to<\/code> bumped to WordPress 7.0. Trimmed the 1.1.22 upgrade notice under the 300-character limit.<\/li>\n<\/ul>\n\n1.1.27<\/h4>\n\n
\n
mdm<\/code> (constants MDM_<\/code>, options\/meta\/hooks\/capabilities mdm_<\/code>, the localized script objects mdmData<\/code> \/ mdmDash<\/code> \/ mdmBlockData<\/code>) to the 8-character masjiddm<\/code> prefix, satisfying the WordPress.org guideline requiring a distinct prefix of at least four characters. A one-time, non-destructive migration runs on upgrade and copies every existing setting, per-campaign meta, donor phone number and role capability from the old mdm_<\/code> keys to the new masjiddm_<\/code> keys, so existing installations keep all of their data and treasurer permissions. Legacy scheduled cron events are cleared and re-registered under the new names.<\/li>\n<style><\/code> block, inline <script><\/code>, or a Google Fonts <link><\/code> tag. Their CSS now lives in assets\/css\/auth.css<\/code> and the password show\/hide behaviour in assets\/js\/auth.js<\/code>; both are registered and enqueued with wp_register_style()<\/code> \/ wp_enqueue_style()<\/code> \/ wp_register_script()<\/code> \/ wp_enqueue_script()<\/code> and flushed into the self-contained document with wp_print_styles()<\/code> \/ wp_print_scripts()<\/code>. The optional Poppins font is enqueued (still opt-in) instead of hard-coded as a <link><\/code>.<\/li>\n<\/ul>\n\n1.1.26<\/h4>\n\n
\n
\/masjid-admin\/<\/code>) instead of the site homepage. Since they're logged out at that point, they land on the branded login page \u2014 keeping the whole experience self-contained and white-labeled.<\/li>\n<\/ul>\n\n1.1.25<\/h4>\n\n
\n