Stripe and WooCommerce are working together to ensure that our shared customers are using enhanced security measures and have access to the latest features of the Stripe plugin, such as buy now pay later. For some customers, this also means migrating off of the Sources API, an old integration method that will be shutting down.
To that end, all merchants using our Stripe extension are required to complete the following three tasks:
- Update the Stripe extension to the latest version
- Re-authenticate your site’s connection to Stripe
- Enable the new checkout experience
Merchants are required to do these by October 29, after which some forms of payment may be disrupted, and fees may be imposed for accounts that do not comply.
Please see each section below for instructions on how to complete these tasks.
NOTE: If you no longer use our Stripe plugin, you are still required to remove the Stripe API keys it used from your WordPress database. Please see this section for instructions on how to do that.
Update your plugin
↑ Back to topTo help keep your site secure, you should always update your plugins to their latest versions. This gives you all the most recent bug fixes, features, and security updates.
To check if an update is available for the Stripe extension:
- In your WordPress dashboard, go to Dashboard > Updates.
- Click the Check again link to check for plugin updates.
- If an update for the WooCommerce Stripe Gateway plugin is available, install it.
- Go to Plugins > Installed Plugins.
- Enable auto-updates for the WooCommerce Stripe Gateway plugin.
Here’s how the Dashboard > Updates page will look if a WooCommerce Stripe Gateway update is available to be installed:
To ensure that you have the latest version, compare the version number shown in the WordPress.org plugin directory to the version number shown in your dashboard under Plugins > Installed Plugins. If they match, you have the latest version.
Re-authenticate your connection
↑ Back to topUsing API keys to connect your Stripe account to WooCommerce can potentially expose your business to card testing attacks and fraud. To mitigate this risk, we’re requiring all Stripe extension merchants to re-authenticate their Stripe account using OAuth.
After you’ve updated to the latest version of the Stripe extension, follow these steps to re-authenticate your Stripe connection:
- In your WordPress dashboard, go to WooCommerce > Settings > Payments tab.
- In the list of payment methods, click Stripe.
- Click the Settings tab.
- Click the Re-authenticate button.
The re-authentication process will guide you through logging into Stripe.com (if you aren’t already) and authorizing the Stripe extension.
Enable the new checkout
↑ Back to topThe new checkout experience is a modernized version of the Stripe extension’s payment form. It has more features, and it’s considered a superior option to the legacy checkout experience, which will be retired in late 2024.
To enable the new checkout experience:
- Go to WooCommerce > Settings > Payments > Stripe > Settings.
- Scroll down to the Advanced Settings section.
- Ensure that the “Enable the legacy checkout experience” setting is not checked.
- If that setting is checked, uncheck it.
- Click Save Changes at the bottom.
Here’s a comparison of the legacy checkout (on the left) vs. the new checkout experience (on the right) using the shortcode checkout. Drag the slider left and right to compare.
Here’s a comparison of the legacy checkout (on the left) vs. the new checkout experience (on the right) using the block checkout. Drag the slider left and right to compare.
Once you’ve completed all of the three sections above, you’re done! Your site now incorporates the most advanced features and security enhancements that Stripe and WooCommerce have to offer.
Thank you for being an outstanding Stripe and WooCommerce merchant!
Frequently asked questions
↑ Back to topWe’ve collected some common support questions and their answers below.
I don’t see where to complete these steps in the Stripe dashboard.
↑ Back to topTo clarify, the steps outlined in the email from Stripe (and shown above as well) must be completed in your WordPress admin dashboard, not in the Stripe.com dashboard.
If the email you received from Stripe has links for each of the three steps, like this:
… you can simply click those links to be taken to the correct location.
What will happen if I don’t follow the steps above?
↑ Back to topIf you do not follow the steps outlined above by October 29, 2024, you risk:
- Disruption to some or all of your payment methods, and…
- Having Stripe levy extra fees against your account.
Why are my SEPA subscriptions set to manually renew?
↑ Back to topAfter you disable the legacy checkout experience as described above, any active SEPA subscriptions you have will display “Via Manual Renewal” in the subscriptions list (under WooCommerce > Subscriptions). This is only temporary and can be ignored.
WooCommerce will automatically update the SEPA tokens without any action needed on your part. This process will take at least one hour or longer due to how the migrations are run through the Action Scheduler.
You may also see a notice about this at the top of the dashboard.
What if I don’t use the WooCommerce Stripe plugin?
↑ Back to topEven if you no longer use our Stripe plugin, you are still required to remove the Stripe API keys it used from your WordPress database. Doing so ensures that those keys can no longer expose your business to card testing attacks and fraud.
To remove the API keys, you need to delete the woocommerce_stripe_settings
option from the wp_options
table in your database. This will not affect any other plugins you may have that integrate with Stripe.
There are several ways to do this detailed below.
Install and uninstall the Stripe extension
Starting with version 8.7.0, our Stripe extension will automatically remove the API keys when you uninstall it from your site. You do not need to have activated it for this to work. In other words, simply installing the Stripe extension and immediately uninstalling it again will perform the necessary cleanup.
To do that:
- Log into your site’s admin dashboard.
- Go to Plugins > Add New Plugin.
- In the search box, enter
WooCommerce Stripe Payment Gateway
. - Install the Stripe extension as shown. It looks like so:
- Once it’s installed, go to Plugins > Installed Plugins. You do NOT need to activate it!
- In the list, find the “WooCommerce Stripe Gateway” plugin you just installed.
- Click the Delete link under the plugin name.
Once you’ve removed the plugin, you’re all done!
Ask your host
If you’re not comfortable directly accessing your database or running custom code, you should reach out to your host’s support staff and ask them to do this for you.
You can use the following message as a template:
Hello! I was previously using the WooCommerce Stripe plugin on my site [insert site name here] to accept payments, but I’ve since stopped using this plugin. To remove the Stripe API keys it was using from the database, can you please delete the
woocommerce_stripe_settings
option from mywp_options
table? Please do not delete any other options. Thank you.
Using a code snippet
You can install the free Code Snippets plugin and create a new “Only run once” code snippet that contains only the following code:
delete_option( 'woocommerce_stripe_settings' );
Clicking Save Changes and Execute Once will run the snippet, thereby deleting the option containing the Stripe API keys from your database.
Using WP CLI
If you have access to your site over SSH and WP CLI is installed, you can run the following command to delete the option containing the Stripe API keys:wp option delete woocommerce_stripe_settings
Roll your keys
As a last resort, you can use the Stripe dashboard to regenerate (“roll”) your API keys. Rolling a key revokes it and generates a replacement key. This makes the old key in your database invalid, effectively rendering it useless.
Note that if you are currently using the keys with other plugins or integrations, rolling your keys will impact ALL of those plugins or integrations. Ideally, you should create a new restricted API key for each plugin or integration that still needs one.
Before rolling a key, you may want to check the “Last Used” date of the API key you’re rolling to be sure it’s not been used in a while:
If it has been used recently, this may indicate that you’re still using the WooCommerce Stripe plugin or some other Stripe integration. You’ll want to find where the key is still in use and determine if it’s still needed before rolling it.
What if I shut down my business entirely?
↑ Back to topIf your business has been shut down, our suggestion would be to contact Stripe and have them close your account. Be sure to mention the account ID of the business account you wish to close, which you can find in the footer of the email they sent.
How do I get help?
↑ Back to topSimply reply to the email you received from Stripe. Those replies will be directed to our support team for assistance.