We follow the web host recommendations given by WordPress.org. As they do, we recommend:
- PHP version 7 or greater
- MySQL version 5.6 or greater or MariaDB version 10.0 or greater
Stripe requires that any page hosting a live checkout form be SSL (they should start with
https://). Make sure to review Stripe’s integration security guide for details. In addition, WordPress itself strongly recommends HTTPS for all sites. You are able to use Test mode on non-SSL sites.
If you don’t have an SSL certificate, you can get one for as low as $10/year that meets all necessary security standards. We like Namecheap. Some WordPress hosts offer free SSL certificates. We like WP Engine and SiteGround.
Here’s a guide on moving an existing WordPress site from HTTP to HTTPS along with installing an SSL certificate.
Finally, Stripe recommends using the SSL Server Test by Qualys SSL Labs to make sure you have everything set up in a secure way.
Additional PHP and WP Version Support
At a bare minimum, the official Stripe PHP library included in WP Simple Pay requires PHP 5.3 even in legacy environments. PHP 7 or higher is still strongly recommended for security reasons, and may be required depending on when you signed up for your Stripe account (read above).
We highly recommend that you keep your version of WordPress current, but we generally support a few versions back as long as the latest security patches have been applied. Note: At the time of launch, WP Simple Pay 3.0 supports at the minimum WordPress 4.7.
Stripe API Version
When you view or change your Stripe API keys in your Stripe dashboard (found here), do you see an “Upgrade Available” button? Just like WordPress itself, we recommend you keep your active Stripe API version reasonably current. Stripe requires that you update it manually (no automatic updates done for you).
Stripe doesn’t introduce major API changes affecting WP Simple Pay very often, and it’s usually fine to just update it once in a while. But if the Stripe API version you’re using gets too old, unforeseen issues may arise.
WP Simple Pay is always tested against the latest Stripe API version within a week or less of a new Stripe API update. If a WP Simple Pay patch is needed, we will roll it out as soon as possible.
Although Stripe is taking care of storing all credit card data, this data is still passing through your checkout pages, so they need to adhere to the PCI-DSS (Payment Card Industry Data Security Standard). This means Stripe requires all communication to meet the TLS 1.2 standard (as of January 1, 2017).
Yes, that’s a few too many acronyms, but luckily you can simply download and run the TLS 1.2 Compatibility Test plugin to verify your compliance.
To view your server specifications, head to Simple Pay Pro → System Report in your WordPress admin.
Feel free to reference this page if you need to request an update from your web host.