New WordPress Plugin Tests for TLS 1.2 Compatibility

tls-compatibility

Jason Coleman, creator of the popular Paid Memberships Pro plugin, published a post today, warning users that many payment gateways will soon require TLS 1.2. The encryption protocol secures communication between the server and customers’ browsers so that things like credit card numbers and addresses can be transferred safely.

Coleman outlined the requirements that a server should support in order to be compatible with TLS 1.2:

  • Run OpenSSL 1.0.1 or higher, or another cryptographic library that supports TLS 1.2
  • Run PHP version 5.5.19+
  • Run cURL version 7.34.0+

Since this is a fairly technical situation for the average e-commerce store owner or site admin to have to deal with, Coleman created a new plugin called TLS 1.2 Compatibility Test to help users determine if they need to upgrade.

After activating the plugin, users can navigate to Tools > TLS 1.2 Compatibility to perform the test. The results will indicate if it’s necessary to upgrade the server’s version of OpenSSL, PHP, or the SSLVERSION of CURL.

tls-compatibility-test

Users can take this information and relay it to their hosting companies when asking for an upgrade. The plugin offers testing via the PayPal and the How’s My SSL API endpoints, but Coleman plans to add more API endpoints provided by popular gateways.

The Payment Card Industry Security Standards Council (PCI SSC) had a deadline of June 30th, 2016, for updating to use a secure version of TLS (1.1+) but have since extended the migration completion date to June 30, 2018. Although this may seem like plenty of time, payment gateways will be requiring the switch sooner.

PayPal’s deadline was today, June 17, 2016, but has now followed PCI SSC in extending that to June 30, 2017. Starting July 1, 2016, Stripe will only accept API requests made with TLS 1.2. This only applies to new users; existing users have a little longer to comply. On January 1, 2017, Stripe will drop support for TLS 1.0 and will drop support for TLS 1.1 on May 1, 2017. Other payment gateways may have different deadlines.

If you have a membership site or e-commerce store that accepts payments on-site, you will want to check with your payment gateway for its specific schedule for requiring TLS 1.2. Coleman’s TLS 1.2 Compatibility Test plugin will give you an idea of any upgrades that need to be made on your server.

Would you like to write for WP Tavern? We are always accepting guest posts from the community and are looking for new contributors. Get in touch with us and let's discuss your ideas.

5 Comments


  1. What an awesome gift to everyone working in ecommerce with WordPress, Jason. Thank you for making it a public plugin.

    Report


    1. Thanks! We were working on this for PMPro customers and thought why not make it a general purpose plugin.

      Report


  2. I wish I had this plugin a few months ago. I dropped support for TLSv1 back in April-ish. This caused a ton of problem with clients not getting updates to my paid plugins and themes, since their sites didn’t support TLSv1.1 or 1.2 so they couldn’t get updates from my server.

    I’ll definitely point them in the direction of this plugin moving foward.

    Report


  3. Thank you so much for this plugin.

    Report


  4. This is fantastic! Thank-you :)

    Report

Comments are closed.