Skip to main content

Daraja · Kopo Kopo · KCB Buni · Equity Jenga

M-Pesa WordPress Payment

Accept full M-Pesa payments on WordPress through Safaricom Daraja, Kopo Kopo, KCB Buni, or Equity Jenga — settled directly into your paybill, till, KCB account, or Equity account. Works for WooCommerce, services, downloads, invoices, booking fees, and custom payment forms.

Download plugin ZIPStart 24-hour trial

Version 1.7.0. Free for the first 24 hours, then KES 2,000 per year.

Provider options

Daraja, Kopo Kopo, KCB Buni, Equity Jenga

Settlement

Direct to your paybill, till, or bank account

Selling types

Products, services, downloads, invoices

License

24-hour trial, then KES 2,000/year

Who it is for

Built for sellers who need M-Pesa inside WordPress

The plugin works for shops and service businesses that want a direct M-Pesa flow through Daraja, Kopo Kopo, KCB Buni, or Equity Jenga — settling straight to their own paybill, till, or bank account, without sending customers to a separate checkout website.

WooCommerce stores

Collect the full order total for physical products, virtual products, and downloadable files.

Service providers

Create payment forms for consultations, bookings, repair work, retainers, or project milestones.

Invoices and quotes

Share a payment page for a specific quote, invoice, school fee, subscription, or one-off bill.

What is included

One plugin for store payments and custom forms

Install the ZIP, choose Daraja, Kopo Kopo, KCB Buni, or Equity Jenga, test the 24-hour trial, then activate the annual license when the payment flow is confirmed.

Download latest ZIPVersion 1.7.0

Four providers in one plugin: Safaricom Daraja, Kopo Kopo, KCB Buni, Equity Jenga

Direct settlement to your paybill, till, KCB account, or Equity account — no aggregator

WooCommerce gateway for full order totals

Shortcodes for custom WordPress payment forms

Support for products, services, downloads, invoices, and bookings

Callback, IPN, and status handling for completed payments

KCB Buni shared shortcode (522522) for merchants without their own paybill

Equity Jenga RSA-SHA256 request signing built in

24-hour free trial before buying the annual license

Providers

Pick the provider that matches where you want the money

Every provider runs through the same plugin UI. Switch any time, no code changes. KCB Buni and Equity Jenga are direct-bank-settlement options for merchants who want M-Pesa payments landing straight in their bank account.

Safaricom Daraja

Settles to
Your paybill or till
You need
Consumer Key, Consumer Secret, Shortcode, Passkey
Best for
Merchants with a Lipa na M-Pesa paybill or till

Kopo Kopo

Settles to
Your Kopo Kopo till
You need
Client ID, Client Secret, API Key, Till number
Best for
Merchants using Kopo Kopo for M-Pesa reconciliation

KCB Buni

Settles to
Your KCB bank account
You need
Consumer Key and Secret. Shared shortcode 522522 by default
Best for
Merchants who bank with KCB and want direct bank settlement

Equity Jenga

Settles to
Your Equity bank account
You need
API Key, Merchant Code, Consumer Secret, Account Number, RSA private key
Best for
Merchants who bank with Equity and want direct bank settlement

Setup path

Download, test, then license it

The trial is meant for developers and business owners to confirm provider credentials, callbacks, IPN webhooks, order status updates, and live STK Push behavior across any of the four providers before paying.

01

Install the ZIP

Upload the plugin from WordPress Admin, activate it, and open the Mocky M-Pesa settings tab.

02

Start the trial

Use the free 24-hour trial to connect Daraja, Kopo Kopo, KCB Buni, or Equity Jenga credentials and test real payment flows.

03

Go live

Buy the annual license when the integration is working correctly for your site.

Documentation

Setup, credentials, and developer integration

Step-by-step credential walkthroughs for every provider, plus the shortcode, REST endpoints, and PHP helper you can drop into custom WordPress code.

Get your provider credentials

You only need to set up one provider to take payments. Pick whichever matches where you want the money to land — paybill, till, KCB, or Equity — and follow the steps for that provider. The plugin handles the rest.

Safaricom Daraja

Open developer.safaricom.co.ke

Before you start

  • An active Safaricom paybill (Lipa na M-Pesa Online enabled) or till number registered to your business.
  • A Safaricom developer account (sign up free at developer.safaricom.co.ke).

Credentials and where to find them

  1. 01.Consumer Key

    Where: Daraja portal → My Apps → click your app → Keys tab → copy the value shown for Consumer Key.

    Looks like: A random 30–40 character alphanumeric string.

  2. 02.Consumer Secret

    Where: Same Keys tab as the Consumer Key — it appears right below it. You can also click Generate to rotate it.

    Looks like: A random 30–40 character alphanumeric string.

  3. 03.Business Shortcode

    Where: Your paybill or till number — printed on your Lipa na M-Pesa welcome letter from Safaricom.

    Looks like: 5- or 6-digit number, e.g. 174379 (sandbox) or your live shortcode.

  4. 04.Lipa na M-Pesa Passkey

    Where: Daraja portal → My Apps → click your app → APIs tab → expand Lipa Na M-Pesa Online → Test Credentials shows the sandbox passkey. Production passkeys are emailed by Safaricom once you go live.

    Looks like: A long 64-character hexadecimal string.

  5. 05.Transaction Type

    Where: Set in plugin settings: pick "CustomerPayBillOnline" for a paybill or "CustomerBuyGoodsOnline" for a till.

    Looks like: Dropdown choice in plugin settings — no value to copy.

Callbacks: Daraja STK callback with optional Safaricom IP allowlist for production.

Going live

  • Go-live requires submitting a Go-Live form on the Daraja portal with your business KYC documents.
  • Copy the callback URL shown in plugin settings into Daraja → My Apps → APIs → Lipa Na M-Pesa Online → callback URL.
  • Turn on the "restrict callbacks to Safaricom IP range" option in plugin settings before launch for extra spoof protection.

Kopo Kopo

Open app.kopokopo.com

Before you start

  • An active Kopo Kopo merchant account (sign up at kopokopo.com — KYC documents required for live mode).
  • Your Kopo Kopo Till number or Online Payment account number, for example K000000.

Credentials and where to find them

  1. 01.Client ID

    Where: Kopo Kopo Dashboard → Settings → API Keys → Create a new application → copy Client ID.

    Looks like: A random 30+ character string.

  2. 02.Client Secret

    Where: Same API Keys page as the Client ID — shown only once at app creation. Re-issue if you lose it.

    Looks like: A random 50+ character string.

  3. 03.API Key

    Where: Kopo Kopo Dashboard → Settings → API Keys → expand your app → generate or copy the API Key. Used as the webhook signing key.

    Looks like: A random 30+ character string.

  4. 04.Till / Online Payment account

    Where: Top-right of your Kopo Kopo dashboard, or on your Kopo Kopo welcome email. Format K######.

    Looks like: Letter K followed by 6 digits, e.g. K123456.

Callbacks: X-KopoKopo-Signature HMAC verification with the API key (Client Secret accepted as fallback for SDK compatibility).

Going live

  • Copy the callback URL from plugin settings into Kopo Kopo → Settings → Webhooks → add an Incoming Payments subscription.
  • Use the API Key as the webhook signing key on Kopo Kopo so X-KopoKopo-Signature matches. Plugin also accepts the Client Secret as a fallback for SDK compatibility.
  • Switch the plugin Environment to Production once your Kopo Kopo account is approved for live receipts.

KCB Buni

Open buni.kcbgroup.com

Before you start

  • An active KCB Kenya bank current account in your business name (this is the account that will receive M-Pesa settlements).
  • A Buni developer portal account (sign up free at buni.kcbgroup.com using your work email).
  • Optional: your own KCB paybill + passkey if you do not want to use KCB’s shared shortcode 522522.

Credentials and where to find them

  1. 01.Consumer Key

    Where: Buni portal → Apps → Add new app (or open an existing app) → subscribe it to MpesaExpressAPIService → open the Subscriptions tab → copy Consumer Key.

    Looks like: A random 30–40 character alphanumeric string.

  2. 02.Consumer Secret

    Where: Same Subscriptions tab as the Consumer Key. Click the "show" icon to reveal it, then copy.

    Looks like: A random 30–40 character alphanumeric string.

  3. 03.Shared shortcode (recommended)

    Where: Leave the "Use KCB shared shortcode" box ticked in plugin settings. Customers see paybill 522522 and funds land in your KCB account based on the credentials above.

    Looks like: No value to copy — handled by plugin settings.

  4. 04.Organization Shortcode (optional)

    Where: Only if KCB has provisioned a dedicated paybill for you. Provided by KCB on your paybill activation letter. Untick "Use KCB shared shortcode" in plugin settings to reveal this field.

    Looks like: 5- or 6-digit paybill number.

  5. 05.Organization PassKey (optional)

    Where: Only with a dedicated paybill. KCB emails the passkey when they activate the paybill. Paste into plugin settings under the Organization Shortcode field.

    Looks like: A long 64-character hexadecimal string.

Callbacks: STK callback and IPN settlement webhook handled on the same plugin URL.

Going live

  • To switch to production, raise a Go-Live ticket on the Buni portal with your KCB account number and business KYC.
  • IPN webhook registration is out-of-band: email buni@kcbgroup.com with subject "IPN URL registration" and include your plugin callback URL.
  • KCB returns to your callback URL in BOTH the immediate STK Push outcome and the final IPN settlement — the plugin handles both shapes on the same URL.

Equity Jenga

Open developer.jengahq.io

Before you start

  • An active Equity Bank Kenya account in your business name (this account receives the M-Pesa settlements).
  • A Jenga developer account (sign up free at developer.jengahq.io).
  • OpenSSL on your local machine to generate an RSA key pair — pre-installed on macOS and Linux, available on Windows.

Credentials and where to find them

  1. 01.Generate the RSA key pair

    Where: In a terminal run: openssl genrsa -out privatekey.pem 2048 && openssl rsa -in privatekey.pem -pubout -out publickey.pem. This creates two files in the current folder.

    Looks like: Two text files: privatekey.pem (keep private) and publickey.pem (upload to Jenga).

  2. 02.Upload the Public Key

    Where: Jenga portal → Profile → My Profile → scroll to Public Key → click Upload → choose publickey.pem → Save.

    Looks like: Confirmation that "Public key uploaded successfully".

  3. 03.API Key

    Where: Jenga portal → Apps → My Apps → click your app (or create one and subscribe to M-Pesa STK USSD Push) → Keys tab → copy the API Key.

    Looks like: A random 50+ character string.

  4. 04.Merchant Code

    Where: Jenga portal → Profile → My Profile → top of the page next to your business name.

    Looks like: 7- to 10-digit numeric merchant ID, e.g. 1234567890.

  5. 05.Consumer Secret

    Where: Same Keys tab as the API Key, listed under "Test" (sandbox) or "Live" (production). Copy the value shown.

    Looks like: A random 40+ character string.

  6. 06.Equity Account Number

    Where: Your Equity Bank current account number — printed on your Equity statements or seen in Equitel/EquityOnline.

    Looks like: 13-digit account number like 0170194290581.

  7. 07.Merchant Display Name

    Where: Set in plugin settings — shown to the customer on the M-Pesa STK prompt. Defaults to your WordPress site title if left blank.

    Looks like: A short business name, e.g. "Mocky Digital".

  8. 08.Private Key (PEM)

    Where: Open privatekey.pem in a text editor and copy the whole file content including the BEGIN/END lines. Paste into the Private Key field in plugin settings.

    Looks like: -----BEGIN PRIVATE KEY----- followed by ~25 lines of base64, ending with -----END PRIVATE KEY-----.

Callbacks: Jenga settlement callback keyed on transactionReference; no signature required.

Going live

  • Sandbox and production keys are different. Re-upload your production public key and re-copy production credentials when switching environments.
  • The plugin signs every STK Push request automatically with RSA-SHA256 using your private key — no additional setup needed.
  • Go-live requires Jenga’s commercial agreement and KYC. Submit on the Jenga portal under Go Live.

Use it in a page

The shortcode renders an M-Pesa checkout form anywhere in WordPress — perfect for service pages, invoices, downloads, and one-off payment links. The server stores the amount so visitors cannot tamper with it in the browser.

Shortcode
[mocky_mpesa_checkout amount="2000" reference="INV-1001" description="Invoice payment"]

Optional attributes: button, redirect_url, show_name, show_email.

Trigger from REST

Use the REST endpoints to start an STK Push from any frontend, mobile app, or other WordPress code. Calls are rate-limited per phone number and per IP, and identical requests within 90 seconds reuse the same pending transaction.

REST request
POST /wp-json/mocky-mpesa/v1/initiate
Content-Type: application/json
X-WP-Nonce: <nonce>

{
  "source": "custom",
  "phone": "0712345678",
  "amount": 2000,
  "reference": "INV-1001",
  "description": "Invoice payment",
  "customer_name": "Jane Customer",
  "email": "jane@example.com"
}
  • POST /wp-json/mocky-mpesa/v1/context — server-side checkout context (used by the shortcode).
  • POST /wp-json/mocky-mpesa/v1/initiate — sends the STK Push prompt.
  • GET /wp-json/mocky-mpesa/v1/status — polls for the final transaction outcome.
  • POST /wp-json/mocky-mpesa/v1/callback — provider webhook endpoint (already set by the plugin).

Trigger from PHP

The PHP helper is the fastest way to send an STK Push from a theme, custom plugin, or scheduled job. It picks up whichever provider is active in settings and writes the transaction to the same table WooCommerce uses.

PHP helper
$result = mocky_mpesa_stk_push(array(
    'phone' => '0712345678',
    'amount' => 2000,
    'reference' => 'INV-1001',
    'description' => 'Invoice payment',
    'customer_name' => 'Jane Customer',
));

// $result['transaction'] is the saved DB row.
// $result['response']['CheckoutRequestID'] links it to the provider.

For custom storefronts, compute the trusted total on the server before calling mocky_mpesa_stk_push() so visitors cannot reduce the amount in the browser.

Operational safeguards

Every STK Push goes through the same hardened pipeline regardless of provider: per-phone cooldown, per-IP hourly cap, idempotent initiation, signed license responses, provider callback verification, amount-mismatch rejection, and WP-Cron recovery for stuck pending transactions.

Questions

M-Pesa WordPress payment FAQ

These are the details buyers usually need before installing a payment plugin on a live WordPress site.

Does this M-Pesa WordPress payment plugin work with WooCommerce?

Yes. The plugin includes a WooCommerce payment gateway that sends an M-Pesa STK Push for the full WooCommerce order total using whichever provider you select — Safaricom Daraja, Kopo Kopo, KCB Buni, or Equity Jenga.

Which providers are supported?

Four providers in one plugin: Safaricom Daraja (settles to your paybill or till), Kopo Kopo (settles to your Kopo Kopo till), KCB Buni (settles directly to your KCB bank account), and Equity Jenga (settles directly to your Equity bank account). You pick one in the settings and switch any time.

Does it settle directly to my bank account?

Yes, with KCB Buni and Equity Jenga. KCB Buni routes M-Pesa payments straight into your KCB account, either through KCB’s shared shortcode (522522) or your own organization shortcode. Equity Jenga settles into your Equity account using its M-Pesa STK USSD Push API with RSA-SHA256 signed requests. No third-party aggregator handles your money.

Do I need my own paybill to use KCB Buni?

No. KCB provides a shared shortcode (522522) you can use out of the box. Customers see the KCB paybill on the M-Pesa prompt and funds settle to your KCB bank account. If you have your own KCB paybill plus a passkey, you can switch to dedicated-shortcode mode in plugin settings.

What do I need to use Equity Jenga?

An app registered at developer.jengahq.io with the M-Pesa STK USSD Push product subscribed, your Equity account number, an API key, merchant code, consumer secret, and a public/private RSA key pair. Upload the public key on the Jenga portal and paste the private key (PEM) into the plugin settings. The plugin handles signing each request.

Does it support Kopo Kopo?

Yes. You can configure the plugin to use Kopo Kopo for supported M-Pesa payment flows, with webhook signature verification using your Kopo Kopo API key.

Can I use it without WooCommerce?

Yes. You can use shortcodes or the REST endpoints to collect M-Pesa payments for services, downloads, invoices, booking fees, or custom WordPress payment pages. The same four providers are available outside WooCommerce.

Is there a free trial?

Yes. Developers can install the plugin and start a free 24-hour trial to test any provider — Daraja, Kopo Kopo, KCB Buni, or Equity Jenga — including credentials, callbacks, STK Push flow, and site setup.

How much is the license?

The plugin is sold as a self-hosted commercial plugin at KES 2,000 per year per domain after the 24-hour trial. All four providers are included in the same license — no upsells.