Hosted checkout means the page where a customer enters their payment details is run by the payment processor — Stripe, in most membership setups — not by your own website. When it’s time to pay, the customer is taken to a secure page hosted by Stripe, completes the payment there, and is sent back to your site once it’s done.
The opposite approach, an embedded or self-hosted form, collects card details on your own pages. That puts the sensitive part of the transaction — and the security burden — on you. Hosted checkout moves both to the processor.
How it works
The flow is straightforward from the customer’s side:
- The customer clicks “subscribe” or “buy” on your site.
- They’re redirected to a secure checkout page hosted by Stripe.
- They enter their payment details on Stripe’s page, not yours.
- Stripe processes the payment and redirects them back to your site, now as a paying member.
Your website never sees or stores the raw card number. It only learns the result — that the payment succeeded and who the customer is.
Why it matters: security and PCI compliance
Handling card data yourself means meeting PCI compliance — a demanding set of security requirements for anyone who touches cardholder data. It’s expensive and risky to get wrong.
Hosted checkout sidesteps most of that. Because the card details are entered on Stripe’s infrastructure and never reach your server, your PCI burden shrinks dramatically. You get a secure, trusted, well-tested payment experience without becoming a payments-security expert. Customers also tend to trust a recognizable Stripe checkout, which can reduce abandoned payments.
The trade-off is a small loss of visual control — the payment step happens on the processor’s page rather than fully inside your design. For the security and simplicity it buys, that’s a trade most membership sites are glad to make.
How Members Only approaches it
Members Only uses Stripe’s hosted checkout. When a customer subscribes, they’re taken to Stripe’s secure checkout page and redirected back to your site when payment is complete. Your site never handles card data — the only payment-related data stored in WordPress is a Stripe customer ID and some cached subscription and price info for fast access checks. That’s what makes PCI compliance straightforward and keeps the checkout fast and trustworthy. Stripe supports all its usual payment methods, including cards, Apple Pay, and Google Pay.
Next step
To connect your site and turn on hosted checkout, see Connecting to Stripe. To understand how your site learns the result of a payment, read What Is a Stripe Webhook?
Related terms: What Is Recurring Billing?, What Is a Stripe Webhook?, What Is a WordPress Membership Plugin?, What Is Stripe Test Mode?, Stripe Coupon vs. Promotion Code