Updated March 16, 2017
In general, we follow the requirements and recommendations by WordPress.org. We recommend:
- PHP version 7 or greater
- MySQL version 5.6 or greater OR MariaDB version 10.0 or greater
Stripe requires that any page hosting a live checkout form be SSL (they should start with
https://). Make sure to review Stripe’s integration security guide for details. In addition, WordPress itself now strongly recommends HTTPS across the board for your sites. Keep in mind Test mode can be run on non-SSL pages.
If you don’t have an SSL certificate yet, you can get one for as low as $10/year that meets all necessary security standards. We like Namecheap.
Finally, Stripe recommends using the SSL Server Test by Qualys SSL Labs to make sure you have everything set up in a secure way.
Additional PHP and WP Version Support
At a bare minimum, the included Stripe PHP library and our plugin structure require PHP 5.3 even in legacy environments. PHP 7 or higher is still strongly recommended for security reasons, and may be required depending on when you signed up for your Stripe account (read above).
The following PHP extensions are also required. Most web hosts should have them enabled by default.
We highly recommend that you keep your version of WordPress current, but we generally support a few versions back as long as the latest security patches have been applied.
Stripe API Version
When you view or change your Stripe API keys in your Stripe dashboard (found here), do you see an “Upgrade Available” button? Just like WordPress itself, we highly recommend keeping your active Stripe API version reasonably current. Stripe requires that you update it manually (no automatic updates done for you).
Stripe doesn’t introduce major API changes affecting WP Simple Pay very often, and it’s usually fine to just update it once in a while. But if the Stripe API version you’re using gets too old, unforeseen issues may arise.
WP Simple Pay is always tested against the latest Stripe API version within a week or less of a new Stripe API update. If a WP Simple Pay patch is needed, we will roll it out as soon as possible.
Although Stripe is taking care of storing all credit card data, this data is still passing through your checkout pages, so they need to adhere to the PCI-DSS (Payment Card Industry Data Security Standard). This means Stripe requires all communication to meet the TLS 1.2 standard (as of January 1, 2017).
Yes, that’s a few too many acronyms, but luckily you can simply download and run the TLS 1.2 Compatibility Test plugin to verify your compliance.
Additional resources for more detail:
To view your server specifications, head to Simple Pay > System Report in your WordPress admin area.
Feel free to reference this page if you need to request an update from your web host.