Version 2.0.5 of Paid Memberships Pro is out with a handful of bug fixes and new features to better counteract checkout spam. Read on to explore the full details of the update and steps you need to take to utilize these new features.
New Feature: reCAPTCHA v3
This version includes a new option for the reCAPTCHA setting. If reCAPTCHA is enabled, you will be able to choose between the v2 and v3 implementations of reCAPTCHA. The v2 setting is the same version from previous versions of Paid Memberships Pro. The v3 setting uses the reCAPTCHA API v3 and also uses the ‘invisible reCAPTCHA’. This hides the additional checkbox that users were previously required to complete. A reCAPTCHA icon will sometimes show up in the bottom right of the screen.
If you are using the v3 reCAPTCHA option, we now check the reCAPTCHA before submitting the form as well as during the form processing. This is meant to keep spammers from using your checkout form to test credit cards with gateways like Stripe.
We recently encountered a situation where spammers were testing thousands of credit cards on our checkout form every hour. Oddly, the “Stripe v2” API doesn’t detect this kind of activity (they just think your site is super busy). Stripe could suspend your account due to the spam. The reCAPTCHA v3 setup should prevent this kind of abuse. We are working on adding support for the Stripe v3 Elements API which has PCI compliance benefits in addition to avoiding this kind of checkout spam. The Stripe v3 Elements update should be ready by the end of the summer.
We encourage all users, especially Stripe and Braintree users to use the reCAPTCHA v3 option for paid and free levels. Even if you are using reCAPTCHA v2, we encourage you to create a new set of license keys for v3 and use those. To do so:
- Create an account at the reCAPTCHA site.
- Go to the reCAPTCHA admin console.
- Click + to create a new site.
- Choose the v3 option.
- Add your domain.
- Note the Site Key and Secret Key.
- Visit Memberships -> Settings -> Advanced Settings in your WordPress dashboard.
- For the “Use reCAPTCHA?” setting choose “Yes – All Memberships”.
- Choose the reCAPTCHA v3 option.
- Enter the Site Key and Secret Key.
- Click the Save Settings button.
- IMPORTANT: Test your checkout to make sure there are no issues.
The full list of updates is below.
- BUG FIX: Fixed fatal error on return from 2Checkout.
- BUG FIX: Removed error when installing PMPro via WP-CLI.
- BUG FIX: Fix database upgrade error on localhost environment. (Thanks, codezz on GitHub)
- BUG FIX: Fixed issue where the credit card expiring email didn’t include user info because the user ID wasn’t passed in properly. (Thanks, David Cervantes Caballero)
- BUG FIX: Fixed typo on edit level page. (Thanks, Theuns Coetzee)
- BUG FIX: Fixed bug with daily revenue reports not showing up in some cases.
- BUG FIX: Now checking before cancelling a Stripe subscription at the gateway to see if it has already been cancelled.
- BUG FIX/ENHANCEMENT: Now caching the query results in
pmpro_getMembershipLevelsForUser(). This improves performance, especially when there are many posts on one page to check membership for. (Thanks, Seagyn Davis)
- BUG FIX/ENHANCEMENT: Now sending
$dataarray passed to PMPro email filters. (Thanks, David Cervantes Caballero)
- BUG FIX/ENHANCEMENT: Now searching for the last order with “success” or “pending” status on the Billing page.
- BUG FIX/ENHANCEMENT: Added
pmpro_checkout_preheader_after_get_level_at_checkoutaction hooks. Using
pmpro_checkout_preheader_before_get_level_at_checkoutto start the session earlier now.
- BUG FIX/ENHANCEMENT: Removed the
membership_codeas field options for the member shortcode. These weren’t working and it’s unclear what would be meant to ask for a user’s discount code since a user could have several orders with or without discount codes. Added “membership_description” and “membership_confirmation” instead.
- BUG FIX/ENHANCEMENT: Filtering the password reset message to make sure the link still works in all cases when we convert emails to HTML.
- REFACTOR: Now running the
pmpro_billing_preheaderhook after the
jquery.creditCardValidatorscript is enqueued in
preheader/billing.phpto match how we do it in
preheader/checkout.php. (Thanks, Rafe Colton)