Updated requirements for Stripe plugin, mid-2025

To ensure that all merchants using the Stripe plugin have access to the latest security improvements and feature enhancements, you must update the Stripe plugin and re-authenticate your Stripe account by October 15, 2025.

Doing so is required to continue receiving essential updates and to enable the Optimized Checkout Suite, a Stripe-powered payment experience designed to maximize conversions.

Please complete the following steps by October 15, 2025:

  1. Update the Stripe plugin
  2. Re-authenticate your Stripe connection
  3. Enable the Optimized Checkout Suite

Update your plugin

↑ Back to top

To help keep your site secure, you should always update your plugins to their latest versions. This gives you all the most recent features, bug fixes, and security updates.

To check if an update is available for the Stripe plugin:

  1. In your WordPress dashboard, go to Dashboard > Updates.
  2. Click the Check again link to check for plugin updates.
  3. If an update for the WooCommerce Stripe Gateway plugin is available, install it.
  4. Go to Plugins > Installed Plugins.
  5. Enable auto-updates for the WooCommerce Stripe Gateway plugin.

Here’s how the Dashboard > Updates page will look if a WooCommerce Stripe Gateway update is available to be installed:

To ensure that you have the latest version, compare the version number shown in the WordPress.org plugin directory to the version number shown in your dashboard under Plugins > Installed Plugins. If they match, you have the latest version.

Re-authenticate your Stripe connection

↑ Back to top

Using API keys to connect your Stripe account to WooCommerce can potentially expose your business to card testing attacks and fraud. To mitigate this risk, we’re requiring all Stripe plugin merchants to re-authenticate their Stripe account using OAuth.

After you’ve updated to the latest version of the Stripe extension, follow these steps to re-authenticate your Stripe connection:

  1. In your WordPress dashboard, go to WooCommerce > Settings > Payments tab.
  2. In the list of payment methods, click Stripe.
  3. Click the Settings tab.

Click the Re-authenticate button.

The re-authentication process will guide you through logging into Stripe.com (if you aren’t already) and authorizing the Stripe plugin.

Enable the Optimized Checkout Suite

↑ Back to top

The Optimized Checkout Suite uses machine learning to decide the order in which payment methods should be displayed to individual shoppers. The goal is to prioritize payment methods that are most likely to lead to purchases. It also includes Link, Stripe’s fast and secure wallet.

To enable the Optimized Checkout Suite:

  1. In your WordPress admin, go to WooCommerce > Settings > Payments > Stripe > Settings.
  2. Scroll to Advanced Settings.
  3. Check the box for “Dynamically display the most relevant payment methods you’ve enabled.”
  4. Click Save Changes at the bottom.
  5. Place an order or two in test mode to confirm that things are working normally.

Frequently asked questions

↑ Back to top

We’ve collected some common questions and their answers below.

What will happen if I don’t follow the steps above?

↑ Back to top

If you do not follow the steps outlined above by October 15, 2025, you potentially increase your security risk by exposing your business to card testing attacks and fraud. 

What if I don’t use the WooCommerce Stripe plugin?

↑ Back to top

Even if you no longer use our Stripe plugin, you are still required to remove the Stripe API keys it used from your WordPress database. Doing so ensures that those keys can no longer expose your business to card testing attacks and fraud.

To remove the API keys, you need to delete the woocommerce_stripe_settings option from the wp_options table in your database. This will not affect any other plugins you may have that integrate with Stripe.

There are several ways to do this detailed below.

Install and uninstall the Stripe extension

With the latest version of Stripe for WooCommerce, our Stripe extension will automatically remove the API keys when you uninstall it from your site. You do not need to have activated it for this to work. In other words, simply installing the Stripe extension and immediately uninstalling it again will perform the necessary cleanup.

To do that:

  1. Log into your site’s admin dashboard.
  2. Go to Plugins > Add New Plugin.
  3. In the search box, enter WooCommerce Stripe Payment Gateway.
  4. Install the Stripe extension as shown. It looks like so:
  1. Once it’s installed, go to Plugins > Installed Plugins. You do NOT need to activate it!
  2. In the list, find the “WooCommerce Stripe Gateway” plugin you just installed.
  3. Click the Delete link under the plugin name.

Once you’ve removed the plugin, you’re all done!

Ask your host

If you’re not comfortable directly accessing your database or running custom code, you should reach out to your host’s support staff and ask them to do this for you.

You can use the following message as a template:

Hello! I was previously using the WooCommerce Stripe plugin on my site [insert site name here] to accept payments, but I’ve since stopped using this plugin. To remove the Stripe API keys it was using from the database, can you please delete the woocommerce_stripe_settings option from my wp_options table? Please do not delete any other options. Thank you.

Using a code snippet

You can install the free Code Snippets plugin and create a new “Only run once” code snippet that contains only the following code:

delete_option( 'woocommerce_stripe_settings' );

Clicking Save Changes and Execute Once will run the snippet, thereby deleting the option containing the Stripe API keys from your database.

Using WP CLI

If you have access to your site over SSH and WP CLI is installed, you can run the following command to delete the option containing the Stripe API keys:

wp option delete woocommerce_stripe_settings

Roll your keys

As a last resort, you can use the Stripe dashboard to regenerate (“roll”) your API keys. Rolling a key revokes it and generates a replacement key. This makes the old key in your database invalid, effectively rendering it useless.

Note that if you are currently using the keys with other plugins or integrations, rolling your keys will impact ALL of those plugins or integrations. Ideally, you should create a new restricted API key for each plugin or integration that still needs one.

Before rolling a key, you may want to check the “Last Used” date of the API key you’re rolling to be sure it’s not been used in a while:

If it has been used recently, this may indicate that you’re still using the WooCommerce Stripe plugin or some other Stripe integration. You’ll want to find where the key is still in use and determine if it’s still needed before rolling it.

What if I shut down my business entirely?

↑ Back to top

If your business has been shut down, our suggestion would be to contact Stripe and have them close your account. Be sure to mention the account ID of the business account you wish to close, which you can find in the footer of the email they sent.

How do I get help?

↑ Back to top

Simply reply to the email you received from Stripe. Those replies will be directed to our support team for assistance.