Stripe Extension Common Issues

The Ultimate Member Stripe Extension is a powerful tool for integrating Stripe payments with your Ultimate Member site. However, users might encounter some common issues. Here’s a guide to help you troubleshoot and resolve these problems:

1. Cache Issues and Redirect Loops

Issue: Users may experience a redirect loop when using the Stripe payment gateway, often caused by caching issues.

Solution:

  • Clear Cache:
    • Clear your site’s cache using your caching plugin or server settings. Ensure you also clear your browser cache to avoid stale data.
  • Disable Caching Temporarily:
    • Temporarily disable caching plugins or server-side caching to check if the issue persists.
  • Check Redirect URLs:
    • Ensure that the redirect URLs configured in the Stripe settings are correct and do not cause infinite loops.

For more information on caching issues, see the Caching Problems documentation.


2. Invalid Signature Key

Issue: An “invalid signature key” error may occur if the webhook URL is not correctly configured or if there are issues with the Stripe webhook.

Solution:

  • Delete Webhook URL:
    • If you encounter this issue and you haven’t yet activated live subscriptions, go to your Stripe dashboard and delete the existing webhook URL.
  • Reconfigure Webhook:
    • Recreate the webhook URL in the Stripe dashboard and ensure it matches the one configured in your Ultimate Member Stripe Extension settings.

3. Permissions and Restricted Key

Issue: Issues may arise due to incorrect permissions or restricted API keys.

Solution:

  • Verify Permissions:
    • Check the permissions of your API keys in the Stripe dashboard to ensure they have the necessary access rights.
  • Update Key Permissions:
    • Adjust the permissions or use a key with the correct access level if needed.

4. Mismatched API Keys

Issue: A common problem is when the API keys configured in Ultimate Member do not match those in your Stripe account.

Solution:

  • Check API Keys:
    • Ensure that the API keys set in your Ultimate Member Stripe Extension settings match the keys provided in your Stripe dashboard.
  • Update Keys:
    • If there is a discrepancy, update the API keys in the Ultimate Member settings to match the correct keys from Stripe.

5. Plugin Conflicts

Issue: Conflicts with other plugins can cause issues with the Ultimate Member Stripe Extension.

Solution:

  • Conduct Plugin Conflict Test:
    • Deactivate all other plugins except Ultimate Member and Stripe Extension to check if the issue persists.  For guidance on conducting a plugin/theme conflict test, refer to How to do a Plugin/Theme Conflict Test.
  • Reactivate Plugins:
    • Reactivate plugins one by one to identify which one might be causing the conflict.
  • Check for Updates:
    • Ensure all plugins and themes are updated to their latest versions to minimize compatibility issues.

6. OTP and reCAPTCHA Enabled Globally on All Registration Forms

Issue: When OTP (One-Time Password) and reCAPTCHA are globally enabled, they may appear on all registration forms. This can create user experience issues, particularly in cases where specific forms do not require OTP or reCAPTCHA, such as Stripe-integrated registration forms.

Solution:

  • Configure OTP and reCAPTCHA Settings:
    • Go to Ultimate Member > Settings > Registration and adjust OTP and reCAPTCHA settings to apply selectively.
  • Customize Individual Forms:
    • For forms where OTP and reCAPTCHA aren’t necessary, create a separate registration form in Ultimate Member > Forms and disable these options in the form-specific settings.

By selectively applying OTP and reCAPTCHA only on necessary registration forms, you can ensure a smoother user experience across your Ultimate Member and Stripe-integrated site.


7. Stripe Protection from HTTP Challenges (Cloudflare or Similar Protection)

Issue: The payment still goes through, but the webhook response from stripe.com to the customer's site will have a connection issue.

Solution:

  • Exclude Stripe’s IPs: Stripe's servers must communicate with your site without being blocked by security challenges. To ensure Stripe’s traffic isn’t blocked, you need to exclude Stripe’s IP addresses from your server’s security challenge or firewall.


    Stripe lists IP addresses and domains you must whitelist to avoid disruptions. You can find this list in the Stripe IPs and Domains documentation.

Why is this necessary? When security services like Cloudflare or your server’s security system perform HTTP challenges or protection checks, they can mistakenly block legitimate requests from Stripe’s servers. Excluding Stripe’s IPs ensures that their payment system works smoothly, without interference from security checks.

By following this step, you ensure Stripe can make secure and uninterrupted connections with your site, allowing payments to proceed without any hitches.


8. WordPress.com Flagging Third-Party Stripe Plugins

Issue:
Some users recently encountered an issue installing the Ultimate Member - Stripe extension on WordPress.com-hosted sites. When attempting to upload the um-stripe.zip plugin file via the Plugin Uploader in WP Admin, WordPress.com flags it with a message stating:

This plugin is identified as malicious. If you still insist to install the plugin, please continue by uploading the plugin again from WP Admin.

This can understandably cause concern for site owners, especially since Stripe integration is a core requirement for many membership and community websites.

Why This Happens:

WordPress.com uses an automated plugin scanner (powered by Jetpack Protect) that occasionally flags third-party payment gateway plugins like Stripe. We have confirmed this behavior directly with Jetpack support.

As they explained:

“It looks like you may be installing the plugin via the WordPress.com interface that sits on top of the traditional WordPress interface.”

When plugins are uploaded through this interface, their automated scanner can trigger a false positive for payment-related plugins. However, this does not indicate an actual security issue with the Ultimate Member Stripe extension.

Additional Confirmation from Jetpack Support:
From testing, Jetpack support confirmed that they were able to install and activate the Ultimate Member Stripe extension on both a WordPress.com-hosted site and a self-hosted site without any security flags from Jetpack Protect in either case.

Important Notes:

  • This is not a vulnerability or security problem in the Ultimate Member Stripe extension.
  • The plugin remains safe and fully functional on self-hosted WordPress.org sites.
  • You can still install the Ultimate Member Stripe extension manually via the Plugin Uploader inside the WordPress.com WP Admin area.
    Even if a warning appears, you’ll have the option to proceed with the upload.

Recommended Action:

If you're installing the Ultimate Member Stripe extension on a WordPress.com-hosted site:

  1. Go to WP Admin for your WordPress.com site.
  2. Navigate to Plugins > Add New > Upload Plugin.
  3. Upload your um-stripe.zip file.
  4. If a warning message appears, select the option to proceed with the upload.

After installation, the plugin will function as expected.

Summary:

This is a minor, platform-specific limitation with WordPress.com’s automated scanning system via Jetpack Protect. We’ve confirmed with Jetpack support that this is expected behavior when using the WordPress.com plugin interface, and users are allowed to proceed with uploading third-party Stripe plugins via WP Admin.


By resolving these common issues, you'll ensure a smooth and uninterrupted payment experience on your Ultimate Member-powered site. If you run into any additional challenges, be sure to consult the relevant documentation or reach out to support for further assistance.