Updated requirements for Stripe plugin, mid-2024

Stripe and WooCommerce are working together to ensure that our shared customers are using enhanced security measures and have access to the latest features of the Stripe plugin, such as buy now pay later. For some customers, this also means migrating off of the Sources API, an old integration method that will be shutting down.

To that end, all merchants using our Stripe extension are required to complete the following three tasks:

1. Update the Stripe extension to the latest version
2. Re-authenticate your site’s connection to Stripe
3. Enable the new checkout experience

Merchants are required to do these by October 29, after which some forms of payment may be disrupted, and fees may be imposed for accounts that do not comply.

Please see each section below for instructions on how to complete these tasks.

To help keep your site secure, you should always update your plugins to their latest versions. This gives you all the most recent bug fixes, features, and security updates.

To check if an update is available for the Stripe extension:

1. In your WordPress dashboard, go to Dashboard > Updates.
2. Click the Check again link to check for plugin updates.
3. If an update for the WooCommerce Stripe Gateway plugin is available, install it.
4. Go to Plugins > Installed Plugins.
5. Enable auto-updates for the WooCommerce Stripe Gateway plugin.

Here’s how the Dashboard > Updates page will look if a WooCommerce Stripe Gateway update is available to be installed:

To ensure that you have the latest version, compare the version number shown in the WordPress.org plugin directory to the version number shown in your dashboard under Plugins > Installed Plugins. If they match, you have the latest version.

Using API keys to connect your Stripe account to WooCommerce can potentially expose your business to card testing attacks and fraud. To mitigate this risk, we’re requiring all Stripe extension merchants to re-authenticate their Stripe account using OAuth.

After you’ve updated to the latest version of the Stripe extension, follow these steps to re-authenticate your Stripe connection:

1. In your WordPress dashboard, go to WooCommerce > Settings > Payments tab.
2. In the list of payment methods, click Stripe.
3. Click the Settings tab.
4. Click the Re-authenticate button.

The re-authentication process will guide you through logging into Stripe.com (if you aren’t already) and authorizing the Stripe extension.

The new checkout experience is a modernized version of the Stripe extension’s payment form. It has more features, and it’s considered a superior option to the legacy checkout experience, which will be retired in late 2024.

To enable the new checkout experience:

1. Go to WooCommerce > Settings > Payments > Stripe > Settings.
2. Scroll down to the Advanced Settings section.
3. Ensure that the “Enable the legacy checkout experience” setting is not checked.
4. If that setting is checked, uncheck it.
5. Click Save Changes at the bottom.

Here’s a comparison of the legacy checkout (on the left) vs. the new checkout experience (on the right) using the shortcode checkout. Drag the slider left and right to compare.

Here’s a comparison of the legacy checkout (on the left) vs. the new checkout experience (on the right) using the block checkout. Drag the slider left and right to compare.

Once you’ve completed all of the three sections above, you’re done! Your site now incorporates the most advanced features and security enhancements that Stripe and WooCommerce have to offer.

Thank you for being an outstanding Stripe and WooCommerce merchant!

We’ve collected some common support questions and their answers below.

To clarify, the steps outlined in the email from Stripe (and shown above as well) must be completed in your WordPress admin dashboard, not in the Stripe.com dashboard.

If the email you received from Stripe has links for each of the three steps, like this:

… you can simply click those links to be taken to the correct location.

If you do not follow the steps outlined above by October 29, 2024, you risk:

• Disruption to some or all of your payment methods, and…
• Having Stripe levy extra fees against your account.

After you disable the legacy checkout experience as described above, any active SEPA subscriptions you have will display “Via Manual Renewal” in the subscriptions list (under WooCommerce > Subscriptions). This is only temporary and can be ignored.

WooCommerce will automatically update the SEPA tokens without any action needed on your part. This process will take at least one hour or longer due to how the migrations are run through the Action Scheduler.

You may also see a notice about this at the top of the dashboard.

Even if you no longer use our Stripe plugin, you are still required to remove the Stripe API keys it used from your WordPress database. Doing so ensures that those keys can no longer expose your business to card testing attacks and fraud.

To remove the API keys, you need to delete the woocommerce_stripe_settings option from the wp_options table in your database. This will not affect any other plugins you may have that integrate with Stripe.

There are several ways to do this detailed below.

Ask your host

If you’re not comfortable directly accessing your database or running custom code, you should reach out to your host’s support staff and ask them to do this for you.

You can use the following message as a template:

Hello! I was previously using the WooCommerce Stripe plugin on my site [insert site name here] to accept payments, but I’ve since stopped using this plugin. To remove the Stripe API keys it was using from the database, can you please delete the woocommerce_stripe_settings option from my wp_options table? Please do not delete any other options. Thank you.

Using a code snippet

You can install the free Code Snippets plugin and create a new “Only run once” code snippet that contains only the following code:

delete_option( 'woocommerce_stripe_settings' );

Clicking Save Changes and Execute Once will run the snippet, thereby deleting the option containing the Stripe API keys from your database.

Using WP CLI

If you have access to your site over SSH and WP CLI is installed, you can run the following command to delete the option containing the Stripe API keys:

wp option delete woocommerce_stripe_settings

Roll your keys

As a last resort, you can use the Stripe dashboard to regenerate (“roll”) your API keys. Rolling a key revokes it and generates a replacement key. This makes the old key in your database invalid, effectively rendering it useless.

Note that if you are currently using the keys with other plugins or integrations, rolling your keys will impact ALL of those plugins or integrations. Ideally, you should create a new restricted API key for each plugin or integration that still needs one.

Before rolling a key, you may want to check the “Last Used” date of the API key you’re rolling to be sure it’s not been used in a while:

If it has been used recently, this may indicate that you’re still using the WooCommerce Stripe plugin or some other Stripe integration. You’ll want to find where the key is still in use and determine if it’s still needed before rolling it.

If your business has been shut down, our suggestion would be to contact Stripe and have them close your account. Be sure to mention the account ID of the business account you wish to close, which you can find in the footer of the email they sent.

Simply reply to the email you received from Stripe. Those replies will be directed to our support team for assistance.