PMPro Update 1.9.5.1

Version 1.9.5.1 of Paid Memberships Pro is out with a handful of bug fixes. These bugs have the potential to hinder sales (especially for customers using PayPal Standard and PayPal Express), so be sure to upgrade.


Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 1.9.5.1 specifically here.


The full list of updates is below.

  • BUG FIX: Fixed issue with the PayPal IPN Handler where existing users checking out for a new level would sometimes have their membership and new subscription cancelled.
  • BUG FIX: Fixed PayPal IPN Handler to set the status of old levels to ‘changed’ (instead of ‘inactive’) when processing checkouts. This will improve the accuracy of reports.
  • BUG FIX/ENHANCEMENT: Now checking for the recurring_payment_skipped transaction type in the PayPal IPN handler. When a payment is skipped and this message is sent, we will now fire off the failed payment email to the customer and admin. (Thanks, mjulian87 on GitHub)
  • ENHANCEMENT: Removed validation info from the IPN log.
  • ENHANCEMENT: Updated German (de_DE) language files.

PMPro Update 1.9.5

Version 1.9.5 of Paid Memberships Pro is out with support for the new privacy tools added in WP 4.9.6 and a handful of bug fixes.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 1.9.5 specifically here.

More information about the privacy-related updates can be found in our blog post here: Getting Ready for GDPR.

The full list of updates is below.

  • BUG FIX: Added ‘error’ to the list of default order statuses.
  • BUG FIX: Fixed issue where PayPal recurring_payment messages with status “Pending” were treated as “Failed” by our IPN handler. (Thanks, Matt Julian)
  • BUG FIX: The redirect away from the billing page needed to be in the preheader instead of the page shortcode.
  • BUG FIX/ENHANCEMENT: Using the pmpro_getOrderStatuses() function in adminpages/orders.php instead of redundant code there.
  • BUG FIX/ENHANCEMENT: Passing the $order as a second parameter to pmpro_after_checkout when called from the PayPal IPN handler. (The $order was being passed already for “regular” checkouts.)
  • ENHANCEMENT: You can now sort by the Membership Level column added to the users list in the dashboard. (Thanks, Matt Julian)
  • FEATURE: Added support for the privacy features added in WP 4.9.6. Details below.
  • FEATURE: Added suggest privacy page text.
  • FEATURE: Added PMPro-related user meta fields, membership history, and order history to the personal data export. You can filter which user meta fields are included in the export using the new pmpro_get_personal_user_meta_fields filter.
  • FEATURE: Deleting PMPro-related personal data fields when personal data is erased. The ereaser deletes a number of user meta fields (filterable through the new pmpro_get_personal_user_meta_fields_to_erase filter). A user’s membership history and order history are retained unless the user is deleted.
  • FEATURE: Now saving a log of when the TOS page is agreed to at checkout. The ID and date modified of the TOS post is saved along with a timestamp of when the TOS was agreed to. This information is shown on the single order page in the admin, the orders CSV export, and on the edit user profile page in the admin. Note that this feature does not yet backport any data for existing users or ask users to re-agree to the TOS if the TOS has gone out of date.

Getting Ready for GDPR

WordPress has released its latest version, 4.9.6, which includes privacy-related updates intended to help your site comply with the European Union’s General Data Protection Regulation (GDPR). Continue reading for background information on these updates and to explore the three new GDPR-related tools in WordPress 4.9.6 and Paid Memberships Pro 1.9.5, including:

  1. Suggested Privacy Policy page language related to PMPro-captured data,
  2. Included membership information in the personal data export, and
  3. The membership data that will be erased or anonymized as part of the user’s right to delete their personal information.


Background Information

On May 25th, 2018 the grace period for the European Union’s resolution instituting better privacy standards will end. The GDPR demands that site administrators, as well as all parties involved in the production of a site, pay careful attention when handling user data, as well as make accommodation for a user’s data to be exported or erased upon request.

Whether or how this regulation applies to websites outside of the EU is a legal question being discussed vigorously right now, but my general understanding is that these regulations would apply to any site worldwide with EU visitors. And so unless you specifically target a certain geography or exclude EU users, this would mean the GDPR applies to your site. Even if you aren’t concerned with the legal implications, many of the GDPR-related suggestions offer a good way to be more transparent with your users regarding their data privacy.

Back in April, we published a blog post outlining the GDPR requirements from a high level. In this post we will review the recent changes in WordPress core to assist you with attaining compliance, how Paid Memberships Pro will integrate with those core processes, and discuss the implications of the new regulations for site owners, administrators, designers, and developers.

There are 3 new tools in WordPress 4.9.6 that PMPro is now integrating with to help you to update your privacy policies and attain GDPR compliance.


Privacy Policy Page

WordPress 4.9.6 introduces a setting to designate a specific “Privacy Policy” page. To set an existing page as the Privacy Policy page or create a new Privacy Policy page, go to Settings -> Privacy. When editing the designated Privacy Policy page, a link is shown at the top of the editor to a guide “for recommendations on what content to include, along with policies suggested by your plugins and theme”.

We have added a section to the guide with suggested language to include in your Privacy Policy. At this time, the default text includes the following:

Data Collected to Manage Your Membership

At checkout, we will collect your name, email address, username, and password. This information is used to setup your account for our site. If you are redirected to an offsite payment gateway to complete your payment, we may store this information in a temporary session variable to setup your account when you return to our site.

At checkout, we may also collect your billing address and phone number. This information is used to confirm your credit card. The billing address and phone number are saved by our site to prepopulate the checkout form for future purchases and so we can get in touch with you if needed to discuss your order.

At checkout, we may also collect your credit card number, expiration date, and security code. This information is passed to our payment gateway to process your purchase. The last 4 digits of your credit card number and the expiration date are saved by our site to use for reference and to send you an email if your credit card will expire before the next recurring payment.

When logged in, we use cookies to track some of your activity on our site including logins, visits, and page views.

You should make sure to update this default text based on how you’ve specifically implemented PMPro on your site, what your payment gateway options are, and which PMPro Add Ons your are using. If you are using Add Ons that integrate with third parties (e.g. email marketing services), be sure to mention what information is shared and how. If you are using Add Ons that collect additional information at checkout, be sure to mention what that information is and how it’s used.

The new regulations state that policies should be clear and easy to understand. Avoid using any unnecessary legal jargon. Your Privacy Policy should be easy to find on your site. Place a link to your Privacy Policy in your main navigation and/or footer area.


Terms of Service

In order to require members accept the Privacy Policy when checking out through PMPro, you must set a “Terms of Service” page on the advanced settings tab of the PMPro settings. This will add a section to the checkout page above the submit button that shows the full text of your Privacy Policy along with a checkbox that is required to complete checkout.

While we use the term “Terms of Service” or “TOS” in our settings, your page can be named “Privacy Policy” or anything else. On some sites the Privacy Policy and Terms of Service (or Terms of Use) are separate documents. We recommend combining them into one document or linking each document to each other.

Prior to PMPro version 1.9.5, the TOS checkbox was required but did not store any data to track that agreement. So if you added the TOS sometime after launch, there was no way to tell which of your users actually agreed to the TOS besides checking the date they signed up vs when you published your TOS.

As of PMPro version 1.9.5, we now store a “consent log” for each user marking the post ID and date modified of the TOS page at the time of checkout. This information is linked to and shown on the order in the WP dashboard and on the edit user profile page in the dashboard.

A way to require existing (pre-version 1.9.5 users) to agree to the TOS or require users agree to the TOS again after it has been updated would be a useful feature. We are working on a way to do this with PMPro, and will include it in a future release.


Export Personal Data

The GDPR includes regulations related to the “Right to Access”, which basically is the right for users to request a copy of all personal data a website tracks for them. In WordPress core, this has been implemented as a tool to “Export Personal Data” for any email/user on your site (with most WP setups, it’s possible to comment on a blog post without being a user).

By default, exporting a user’s personal data is a manual process kicked off by a WP admin. You enter an email address into the form to send a request. The user then needs to click a link in that request email to approve the export. Once the link is validated, the admin will have a button to click to send the user their data as a zip file in email, as well as a link to download the zip file directly.

There are some plugins coming out that try to make this process easier, so users can make the request from the frontend of your website without the admin needing to get involved. I believe that there should always be a manual admin step to export the data to enable you to confirm that the request is legitimate. One thing you can do is update your contact form/page to include a subject line suggestion for “Request an Export of Personal Data”, and then manage the rest of the process manually from the Tools -> Export Personal Data page in the dashboard.

Version 1.9.5 of PMPro adds all PMPro-related data into the export. This includes the user’s business address, the expiration date and last 4 digits of their credit card if one was used, their membership history, their order history, and the log of logins/visits/views that PMPro tracks.

Some information is notably excluded from this export. If you use Stripe or Braintree as your payment gateway, we do not share the user’s “customer ID”. In our opinion, this information was generated by your site for your site use and does not constitute “personal data”. We also do not include the “Notes” section of the orders exported. Traditionally the notes section is used by Add Ons for various tracking purposes (e.g. to note an affiliate code used) and may contain sensitive information written by the site owner not intended to be viewed by the customer.

Soon our Add Ons, including Register Helper, will also include their data in these exports.


Erase Personal Data

The GDPR includes regulations related to “Right to be Forgotten”, which basically is the right for users to request that their personal data be deleted from a website. In WordPress core, this has been implemented as a tool to “Erase Personal Data” for any email/user on your site.

Similar to the Export Personal Data tool, by default a WordPress admin must manually start the process to erase a user’s personal data. Again, we suggest adding a subject line suggestion to your contact form for “Request Erasure of Personal Data”, and then handling the rest of the process manually from the Tools -> Erase Personal Data page in the dashboard.

Version 1.9.5 of PMPro adds an “eraser” script. The script deletes some data stored in “user meta”, including the user’s billing address, the expiration date of their credit card, the last 4 digits of their credit card, and the login/visit/view tracking data.

The script does not delete the member history or any orders associated with the user. In our opinions, this information usually needs to be retained for business records. The GDPR does allow for information to be retained at the site owners discretion.

The script also does not cancel any memberships or subscriptions at the gateway. In most situations, you will probably want to do this as well for your members by canceling their membership manually from the edit user page or by deleting the user.

Note that “erasing” a user is not the same as deleting them. Erasing will delete or anonymize certain data about a user based on rules implemented by WP and the plugins you are using. Deleting a user will be a harsher action that will delete all information stored about the user. When a user is deleted (vs erased), PMPro will delete the user’s membership history and will cancel their membership and any subscriptions stored at the payment gateway. Any orders associated with the user will be retained, but unlinked from that user.


In Summary

Update to WordPress 4.9.6. Update to PMPro 1.9.5. Take this time to create or update your privacy policy and designate that page as the Privacy Policy to WP and PMPro by going to Settings -> Privacy and Memberships -> Advanced Settings respectively. Update your contact form to mention it’s possible to request a data export or for personal data to be erased.

Let us know if you have any questions about these new privacy features, the GDPR in general, or other issues we didn’t address in this post. We will provide updates to our blog here as we update our core plugin and add ons as new features become available.

Capture the User’s First and Last Name at Membership Checkout

By default, the Paid Memberships Pro membership checkout does not request the user’s first and last name. If you’d like to capture this information for your members, we have a very simple Add On that instantly adds the fields.

View the Add On


How it Works

After installing and activating the Add On, the Membership Checkout page will automatically include a field for “First Name” and “Last Name” below the password fields in the “Account Information” area of checkout.


Watch the Installation and Activation Demo


View the Add On
 

This entry was posted in Add Ons and tagged . Bookmark the permalink. Last updated:

BuddyPress Seminar April 11th and 12th, 11am to 3pm EDT

On April 11th and 12th from 11am to 3pm EDT we will host a two-day online seminar on using BuddyPress with PMPro.

We will field questions on using the two plugins via live video stream and offer hands-on help as you set up BuddyPress. Join the whole seminar or pop in for an hour or two. Our goal is to help as many of you as possible to make full use of these plugins and learn how you are using BuddyPress so that we can improve our platform.


You can prepare for the seminar by setting up a development site either on your web host or a local site created via Local by Flywheel. Be sure to install and activate these plugins: Paid Memberships ProBuddyPressand our BuddyPress Integration Add On.

The seminar includes a space for chat, but if you’d like to be included in our Slack channel, please request an invitation via the Contact Form.

A link to access Day 2 of the seminar will be posted below for our support-level members.

Thanks! I look forward to helping as many of you as possible with BuddyPress and Paid Memberships Pro.

The GDPR and How it Impacts Sites Running Paid Memberships Pro

The European Union (EU) has passed new regulation related to data privacy for its citizens called the “General Data Protection Regulation (GDRP)”. This regulation carries important considerations for anyone operating a website that uses Paid Memberships Pro and serves customers residing in the European Union.

Continue reading to see how the team at Paid Memberships Pro is preparing for this regulation and what steps you should take to better understand and comply with the GDPR.


What is GDPR

GDPR is a set of regulations will affect all companies that processes and hold personal data for people residing in the European Union. The regulations will begin to be enforced on 25 May 2018 and apply to all companies worldwide, regardless of location.

Failure to comply with the GDPR could carry huge penalties, regardless of whether you are located in the EU or not. While it may be possible for smaller non-EU companies in particular to fly under the radar of these regulations, it is our opinion that all businesses do their best to comply with the GDPR. Following these best practices to respect the privacy of your users is good whether it’s required or not, and it’s very likely that other jurisdictions will adopt regulations similar to the GDPR. You should review the full GDPR documentation and gain a firm understanding of how to comply fully. The home page of EU GDPR provides a great overview of the GDPR and links to additional resources for further reading.


WordPress Core Efforts for GDPR Compliance

There are updates we need to make to our Paid Memberships Pro plugin for GDPR compliance, and we plan to have those released before the May 25th deadline, and will detail them in more detail below. However, the GDPR requirements affect other plugins and WordPress core in general. And so we always knew that a full solution for GDPR compliance was something that impacted more than just our plugin.

For a while there, it was looking like GDPR compliance for WordPress was going to require one or many third party plugins to reach full compliance. I thought we might even have to create some of these plugins, not just for PMPro users but for all WordPress users.

This year a few plugins developed by other groups started looking very promising, with a lot of effort and functionality in place to meet the requirements of the GDPR in a way that was adequate but general enough for the wide range of sites (each with different models of data collected/etc) that run on WordPress. I started looking into what it would take for PMPro to integrate with these plugins, but then discovered that a group of veteran WordPress core contributors was working on GDPR updates to WordPress core.

The WordPress core developers have started a number of efforts to support Right to Access and other GDPR requirements, with a the target of including these updates into WordPress 5.0. These updates will add hooks and filters for plugins to use. We hope to release specifics soon (i.e. code on GitHub you can test), but our plan is to support these core updates and use the features, hooks, and filters added to make sure the PMPro plugin is compliant.


Data Subject Rights

There are 6 key areas of GDPR that outline a subject’s rights to their data. Below is an overview of each area and how we plan to offer compliance:

  1. Breach Notification

    The GDPR outlines that if a subject’s data is compromised (breached) in a way that is likely to “result in a risk for the rights and freedoms of individuals,” the company must notify their customers within the first 72 hours of their awareness of the breach.

    This area of GDPR does not have a specific effect on how Paid Memberships Pro works as a plugin on your WordPress site. We’re including it here so that you as the site owner are aware of the requirements related to your knowledge of a breach in your website data. This article on “Hardening WordPress” via the WordPress.org Codex is a good resource to review if you would like to strengthen your website’s security.


  2. Right to Access

    This portion of the GDPR provides subjects with the right to request a full report (electronically) of all data that the company is maintaining about them, what that data is being used for, and with whom that data has been shared.

    We plan to use new hooks added to WordPress for GDPR to add our own default report about the data that Paid Memberships Pro tracks for users and how that data is shared with third parties. This report would be editable for you to adjust based on your specific use case.

    As for what third parties may have accessed or processed data about the subject, we plan for the electronic report to also include a list of third party sources that our plugin recognizes may have received a copy of the data. These may include (but are not limited to) your payment gateway, email marketing services, CRM services, other integrated plugins, and analytics software.

    There will certainly be other sources that may have received some portion of a subject’s data that are outside of our awareness. We will leave this portion of the electronic report up to the site owner to add in any additional sources that may have processed data about the subject.


  3. Right to be Forgotten

    As the name states, this area of the GDPR allows a subject to request all of their identifying data be erased (also known as Data Erasure). The data controller must erase and cease to share all data about the subject, and is also potentially responsible for forcing any third party with access to the subject’s data to stop processing it.

    We will ensure GDPR compliance by making sure our Core Plugin and Add Ons completely clear identifying user meta and options saved about a user when the user is deleted (when the WP_User object is deleted). We already do this in our plugin, we’ll want to make sure it functions for GDPR-related deletions and covers all the data that it should.

    We will not delete related order data about the user as it needs to be preserved for accounting records. The order data does not include any identifying information aside from the User’s ID (which will be deleted and no record of the user’s ID will be present after the WP_User object is deleted). The fact that this data is retained for business reasons will be included in the Right to Access blurb generated by PMPro.

    This data erasure will include all captured fields about the subject that were added via the Register Helper Add On. If the subject has provided upload files as part of completing a Register Helper checkout field or profile field, this uploaded file must also be removed.

    Other requirements that fall under this section include anonymizing data, either up front or instead of deleting data when a user requests to be forgotten. We will evaluate our plugin for data that should be anonymized this way.


  4. Data Portability

    Data Portability refers to the regulation that a subject should be able to request and receive all personal data the company stores about them in a ‘commonly used and machine readable format.’ The subject should have the right to transmit this personal data to another controller.

    As it relates to Paid Memberships Pro, we will use the new hooks and filters added to WordPress for GDPR compliance to include PMPro-related data in any exports. Per the requirements of the GDPR, these exports will be in a digital and accessible format (CSV, JSON, or XML) that can be readily shared by the subject with another controller should they so desire.


  5. Privacy by Design

    A key factor of PCI Compliance, Privacy by Design outlines that a data protection must by a component of how you design your system, not an afterthought. This includes both the technical and the operation aspects of your systems.

    It is important for you as a membership site owner to only share a subject’s data with the people in your organization that need to process that data. You can do this by sharing a limited number of Administrator or Membership Manager Roles (which both have access to member data) among the core organization and remove access to this data for unnecessary user accounts (developers, test accounts, etc.). It is also important not to request and store data that won’t be needed for your operating activities.


  6. Data Protection Officers

    This regulation refers to how a data processor must share their data processing activity with officials in each member state of the EU. Former EU regulation required reporting of data processing activity to each individual member state’s appropriate offices. The new regulation as outlined in the GDPR removes this requirement in most cases. We suggest exploring the full GDPR resources for more information about whether or not you must report data processing activity.

    This is not a factor that Paid Membership Pro will create a system or integration for, but rather the scale and operating activity of your organization.


GDPR Resources for Continued Reading

Here is a list of other resources you can review for your protection and understanding:

This entry was posted in General and tagged . Bookmark the permalink. Last updated:

PMPro Update 1.9.4.4

Version 1.9.4.4 of Paid Memberships Pro is out with a handful of bug fixes.

Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 1.9.4.4 specifically here.


The full list of updates is below.

  • BUG FIX: Updated the filters to extend membership levels to use the new pmpro_getSpecificMembershipLevelForUser() function to avoid bugs when MMPU is enabled.
  • BUG FIX: Fixed cases where certain email templates were resulting in the body of the email being duplicated.
  • BUG FIX: Fixed conflict with pmpro-email-templates when emails were disabled (the pmpro_email filter returns false). (Thanks, Mathieu Hays)
  • BUG FIX: Now updating status on related subscription orders BEFORE canceling at gateway to avoid cases where the webhook sent by the gateway after canceling the subscription triggers further cancellation attempts.
  • BUG FIX: No longer showing the “Stripe Publishable Key appears incorrect” error message if the key field is blank.
  • ENHANCEMENT: Added the pmpro_getSpecificMembershipLevelForUser( $user_id, $level_id ) function for cases where MMPU is enabled and you want data about a specific membership level a user might have.
  • ENHANCEMENT: Changed labels on the reCAPTCHA settings to match their current terminology: Site Key and Secret Key.

Proration Add On Update v.3

We’ve made some material updates to our Proration Add On. Our aim was to implement the most common proration use cases while making it easier to customize.

While enhancing the plugin and fixing what we considered bugs in the proration calculation, we made changes that may be unexpected for existing sites running the Add On. We expect most users will be happy with these changes, but if your site relied on the old math, please reach out to us in the forums and we can help you set up your desired proration model.

Below are more detailed explanations of each change as well as instructions on how to customize the updated Add On.


Change #1: The subtotal of the user’s last order is now used to calculate the pro-rated amount.

Prior to v.3, the proration calculation was performed using the “total” from the user’s last order. If you were calculating tax on your site, the total would include the tax. Now, the pretax amount is used in the calculation and taxes are applied after the pro-rated amount is determined.


Change #2: When upgrading (or sidegrading) to a level with a different payment period, a different proration calculation is used.

If the level the user is checking out for has a different payment period than their previous level (e.g. going from a monthly plan to an annual plan), the rules for prorating are basically:

  1. Calculate a credit based on how much time is left in the user’s current payment period,
  2. Apply that credit to the initial payment, and
  3. Set the new subscription to renew one (new) payment period out from the current date.

This is different from what is done when changing between levels with the same payment period (e.g. changing between monthly plans). In those cases, a pro-rated amount is calculated based on both the old and new levels based on how much time is left in the current pay period, and then the new subscription is setup to renew on the same date as the old subscription.


Change #3: We are rounding all dates down to the same hour/minute (midnight) when performing calculations.

This is a small change, and we can’t avoid this entirely, but rounding down the dates will minimize cases where users go to the checkout page and see one pro-rated amount and then come back later in the same day and see a different pro-rated amount. Most notably, if a user goes to change membership levels immediately after checking out, the credit for the current day will be applied to the pro-rated amount.


Customizing the Proration Add On

Instead of writing a custom proration plugin from scratch, we’d like users to be able to use the main Proration Add On with extra code in a customizations plugin to override the default behavior. This way, you’ll be able to use the helper functions provided by the Proration Add On and get updates to those functions as they are pushed out. (The next step for us would then be to add a wizard-like settings page to tweak the proration settings instead of using custom code.)

You can modify the behavior of the Proration Add On through hooks and filters or by overriding the main checkout level filter callback. Doing this will require a custom plugin and help from our team or a WordPress developer.


Filters in the PMPro Proration Add On

  • pmpro_is_downgrade
    apply_filters( 'pmpro_is_downgrade', bool $is_downgrade, level_object $old_level, level_object $new_level);

    Returns true if the new level is a downgrade from the old level.

  • pmpro_have_same_payment_period
    apply_filters( 'pmpro_have_same_payment_period', bool $same_payment_period, level_object $old_level, level_object $new_level);

    Returns true if the old and new levels have the same payment period


Overriding the Proration Rules

The main logic for how to prorate the levels can be found in the pmprorate_pmpro_checkout_level() function of the plugin. If you’d like to use different proration rules from the default, you can unhook our function and hook in a function of your own. Here is a template for how to do that.

More details can be found on the Proration Add On page.

Dev Chat Summary from February 1, 2018

Slack_IconBelow are my summarized notes from our dev chat today.

We discussed GDPR, the Multiple Memberships per User Add On Compatibility Road Map, our update Developer Partner Platform, and a feature suggestion for our Stripe integration.

Theme music for this chat was the Tron: Legacy Reconfigured album by Daft Punk.


GDPR

We discussed the various articles of the European Union General Data Protection Regulation and how they can be addressed by Paid Memberships Pro in our software and as a company. It was a good discussion. I will be writing up a more detailed post including what I feel needs to be addressed for our software to comply with the GDPR. Some of the action items for this could be done collaboratively between ourselves and other ecommerce plugin authors. So I will pursue that while making sure PMPro is ready by the deadline in May.


Multiple Memberships Per User Updates and Add On Compatability Roadmap

The MMPU Add On has been working well in it’s beta release on several sites for the past 6 months or so. In the next few weeks, we will launch the add on officially with the known caveat that many of our add ons will not work as expected with the MMPU Add On active.

We will be tagging all our add ons on this site to show which are compatible with MMPU, which will never be compatible with MMPU (because it doesn’t make sense or would be too technically difficult), and which we will be working on.

Our hope it that over the next year or so, with the help of the developer community, we can update the add ons that need it. To that end, we will be sharing case studies on our blog as we do this work so we can compare notes and share methods.


Becoming a Partner, New Agreement Contract and Plans

Until now, we’ve had adhoc agreements with the development partners showcased on our Developers page. We appreciate the role these developers play in the PMPro community. Our partners are responsible for building the best examples of sites running Paid Memberships Pro, working with us to address new markets and use cases, and so much more. Our goal is to formalize the relationship we have with the partners and gather resources to work on shared marketing projects.

Freelancers and agencies interested in joining our developer network can apply here.


Idea for Stripe Integration

We discussed the possibility of at checkout, checking for an existing customer record using the same email address before creating a new customer in Stripe. Some of this was coded in a development branch while working to fix synchronization issues between PMPro and Stripe. The synchronization issues were addressed by other fixes, but it still might be useful to reuse Stripe customer records instead of creating a new one when a user checks out in PMPro.

PMPro does keep track of a user’s customer id and reuses it if that customer checks out again. However, if you integrate several sites with Stripe, each site will have it’s own customer record for that same person.

Many of us agreed that it’s best to stick to the current system of creating a new unique customer id the first time a user checks out in PMPro. If we use a customer record managed by another app, we can’t be sure what that other app might do with the customer or their subscriptions. Also, the Stripe API does not allow you to do a straightforward search for customer id by email address. The implementation we had used a kind of hack where we would download all customers and their email addresses for cross reference. It seems that Stripe doesn’t want to encourage this kind of behavior.

A script to resync customer ids by email address might be useful in a pinch for cases where PMPro went out of sync with Stripe. (An example might be if someone is importing users from another system or otherwise had to delete and recreate WordPress users.)

We also briefly discussed the need to explore the Stripe Connect platform, which has some benefits over the direct API method we use of integrating with Stripe. Namely, users who have a credit card stored in Stripe would be able to checkout very quickly. There is also the fact that Stripe might require or strong encourage use of Stripe Connect in their temrs of service.


Scheduling for Future Dev Chats

Instead of a regularly scheduled dev chats, we are now keeping a list of topics for discussion. When the list hits 3 items, we will schedule a dev chat to go over those topics. If there is something you would like to discuss with the PMPro developer community, let us know through our contact form and we will add it to the list.

Thanks again to everyone who attended today.

PMPro Update 1.9.4.3

Version 1.9.4.3 of Paid Memberships Pro is out with a single bug fix.


  • BUG FIX: Fixed issue where PMPro would attempt to cancel gateway subscriptions more than once in some cases.

This bug could have a small or large impact depending on your site and settings. To be safe, you should update now.


Please update Paid Memberships Pro from the plugins page of your WordPress dashboard. You can also get the latest version of PMPro here or version 1.9.4.3 specifically here.