PayPal Security Update

In April 2015 the PCI Security Standards Council issued guidance that SSL and early versions of TLS could no longer be considered secure. It set a deadline of June 30th 2016 for payment vendors to only allow connections over a TLS1.2 secured channels. As part of this, PayPal (and other payment vendors) have begun the process of updating the security requirements of their APIs.

In short, this means your server needs to be updated (if it hasn’t already) to be support these more secure channels.

PayPal, for their part, have set the following dates for updating their sandbox and production services:

  • February 29, 2016 – From this date all Sandbox API calls must be done over a TLS1.2 connection
  • June 30, 2017 – From this date all Production API calls must be done over a TLS1.2 connection

So currently, if your server does not support TLS 1.2, then Event Organiser will not be able to communicate with PayPal in order to validate any sandbox payment notifications it receives and bookings will remain pending. From June 17th this will affect PayPal in live mode too.

If you are affected it is strongly recommended that you contact your hosting provider and ask them to make TLS 1.2 available on your server to avoid any disruption.

How do I know if I’m affected?

WooThemes have kindly shared this plug-in which with one click can tell you if you are affected. Alternatively if you’re comfortable with using the command line you can follow the instructions at the bottom of this page.

We’ll be including a check to let you know if you’re affected in the System Status page too.

Do I need to update Event Organiser or WordPress?

No, there are no changes required in this respect.