The instructions below explain how to switch from using legacy API Keys to the new “Connect with Stripe” button in Paid Memberships Pro.

In addition to an easier setup process, Stripe Connect makes your payment gateway more secure. Continue reading to learn about the benefits of Stripe Connect and the steps to switch from a legacy API to this new connection method.

Table of contents

This is a Stripe Required Update

As of September 30, 2024, Stripe has updated security requirements to better protect merchants and their data.

Every site using Paid Memberships Pro and Stripe as their gateway must either use Stripe Connect or update their site to use Restricted API Keys.

Formerly, sites could use legacy secret API keys. These keys provided full access to a Stripe account, similar to a username and password, and pose a major a risk if exposed.

To mitigate this, Stripe is now requiring the use of Stripe Connect OAuth authentication or restricted API keys. This reduces risk by limiting the permissions granted, thereby minimizing the potential impact of compromised credentials.

Enhanced Security, Support, and Maintenance with Stripe Connect

Not only does Stripe Connect offer a much easier setup process, it also makes your payment gateway more secure. When you connect Stripe through Paid Memberships Pro, we’ll be able to see the status of your account. Insight into account status will help us (and Stripe) resolve support requests faster.

Stripe Connect sites do not have to manually copy and paste their API keys into any settings fields. While the API keys are stored in the WordPress database, they are not readily accessible by users with the admin role. Additionally, connected sites do not need to manually maintain the API version linked to their API keys. This means that your membership site will always be using the latest, most secure, most fraud-proof method to connect to Stripe and accept payments.

How to Switch from the Legacy Stripe API to Stripe Connect

  1. Navigate to Memberships > Settings > Payment Gateway & SSL in the WordPress admin.
  2. Sites using the Legacy API method will show a section titled “Stripe API Settings (Legacy)” on this screen. If you do not see this section, use the gateway setup steps here.
    Screenshot of the Payment Settings page with legacy Stripe API Keys, not using Stripe Connect
  3. To switch to Stripe Connect, click the “Connect to Stripe” button.
  4. The next screen will redirect you to Stripe and, optionally, prompt you to log in to your Stripe account.
  5. Once you are logged in, select the Stripe Account to connect and click the “Connect” button.
  6. Once redirected back to your WordPress admin, confirm that the Stripe gateway account is connected.
    Screenshot of the Payment Settings page using Stripe Connect
  7. The Legacy API keys will be securely and safely removed from your WordPress site.
  8. Save settings.

If your Webhook was already configured in the legacy version, no more action is needed. If you need to configure your Stripe Webhook, follow the webhook setup steps here.

You can repeat these steps for the Stripe gateway in “Sandbox/Testing” mode. Note that your can connect to Stripe in Test mode using the same gateway account as your Live mode, or using a different Stripe account for each mode. 

Stripe Connect Fees

There are no fixed monthly or annual fees when using the Stripe gateway.

It takes considerable time and financial investment to improve and maintain open source software — including Paid Memberships Pro. To keep improving our plugin we are now collecting 2% per transaction for Stripe connected sites without an active license key

This fee goes to Stranger Studios, the developers of Paid Memberships Pro. We use it to support the Connect server, Stripe gateway development, and the Paid Memberships Pro platform overall. 

This fee will not apply to members with an active paid membership for PMPro. 

However, we understand this can be a burden for some businesses. With a bit of simple coding you can use this recipe to adjust the fee to an amount that works for your organization.

Stripe Restricted Keys Alternative to Stripe Connect

If you cannot use Stripe Connect and must continue using API keys for your membership site’s Stripe gateway setup, below are the steps to create your Stripe Restricted Keys.

  1. Go to Stripe Dashboard > Developers > API Keys.
  2. Click “Create Restricted Key
  3. Click “Providing this key to another website”.
  4. Enter “Paid Memberships Pro” and “https://www.paidmembershipspro.com”.
  5. Make sure that “Customize permissions for this key” is unchecked.
  6. Click “Create restricted key”.

Here’s how to use this key in your PMPro membership site’s gateway settings:

  1. Navigate to Memberships > Settings > Payment Gateway
  2. For the “Publishable Key” field, enter the value in your Stripe account shown in the Standard Key > Publishable Key section.
  3. For the “Secret Key” field, enter the Restricted Key you created in the steps above.
    • If you did not save the key after you created it, you cannot access the full key again.
    • In this case, you must create a new key or use the “Roll Key” feature to generate a new key with the same access.
  4. Save payment gateway settings.