If you get the error message “security header is not valid” when checking out at your site running Paid Memberships Pro, this is a PayPal error indicating that the API credentials are incorrect.

The list of PayPal error codes doesn’t say much on how to fix this.

What you need to do is:

  1. Make sure you’ve selected the correct Gateway Environment (Sandbox/Testing or Live).
  2. Make sure you are using the correct Account Email, API Username, API Password, and API signature for the environment you selected. (Your live and test API information will be different.)
  3. If in the test environment, make sure that you are logged into developer.paypal.com. This shouldn’t be required anymore but is worth a shot.
  4. Make sure that your web server is running up to date SSL/TLS software.
  5. Make sure you have a Site Title set in your WP dashboard General Settings.
  6. Try removing any special characters from your membership level names.

That should do it!

Tagged . Bookmark the . Last updated: . Titled

Comments (52)

there is a lot of things that are changing day by day, security risk is high now a days. we need more secure platforms for working, please suggest me a best one

Hi, I have been having similar issues with paypal for months now as well.
This thread has been very useful and has given me a few things to try.

I notice that some responses have been to “open a new topic in the forums”. I have done this already, two months ago. I have been helped by two PMP Support people, but alas, no solution as yet.

Am I correct in my understanding that the support forums are now an individualised view only ?

We used to be able to see all responses for all topics and threads by all people, but now we can only see our own threads and not everyone else’s ?

Or, to rephrase, now I can only see my own threads inside the forums…..this kind of defeats the purpose of a forum doesn’t it ?

Being able to see and read what others have tried gives me (and everyone else) a small opportunity to at least try a few things before opening an official support ticket.

Is there any way to see ALL forum threads again, like I used to be able to do, please ?

In the meantime, I will attempt a few of the suggestions for this “security header is not valid” / paypal issue as mentioned here in the comments…..


Matthew, sorry you are still having trouble with this. I’m going to have the team take another look at your threads to see if we can still help with them.

RE the update to the support forums, I discuss why we made that change here: https://www.paidmembershipspro.com/new-support-ticketing-system/

The short answer to your question is that there isn’t a way for users to search the forums anymore. We are trying to push more of the useful content out of the ticket system onto the blog here. So you can use the site search to find things, and of course use the ticket system to ask us questions and we can do some searching for you.

It was helpful to some to search the forums, but after 8 years there is also a lot of old outdated information in there as well. The new system gives us more control over the content.

I used a modified spin-off of Insoc’s comment on 12/22/2017 .. when switching environment, saving with blank fields, then re-adding with live api creds .. no longer receiving ‘security header is not valid’ .. perhaps an added step to blogpost checklist 🙂 thanks! I also cleared cache, browser history to be sure

Hi there,

Sorry to hear that this error is still occurring! Would you kindly open up a support topic on our Member Support Forums so that we can take a closer look into this for you?

I have the header problem my host says they have
“The official version of cURL we use is 7.19.7 however it is a package provided by Red Hat so this will contain backported fixes and features.”

I have tried everything else on the things to do / check –

So question is does this account for the error ?
If so what course of action next ?

Regards Malcolm

could you help me please, I am facing below issue with pay-pal pro credit card payment. When i my all details is correct.

Security header is not valid
(Transaction Error) something is wrong.

Thanks in advanced

Dear Jason.

I have switched payment gateway to Paypal Pro in order to accept payment without Paypal account, but we got error message: The merchant country is not supported.

It is mean, we are not allowed use Paypal Pro in Russia?

I think this is a combination of poor instructions and poor UI. I would have never figured this out if not for davidfavor’s comment on the payment setting UI. Problem #1 is that for someone like myself that is new to setting up a payment gateway, I did not know I needed to use separate sandbox API credentials. Problem #2 is, like David said, that the UI is inadequate and does not provide the necessary clues as to what I might be doing wrong. The sandbox API settings should be saved in their own fields. Anyway, a bit more info in the documentation and a couple tweeks to the UI is going to save you a lot of support time.

Help: I’ve just updated to and my users are STILL experiencing this error when trying to check out using PayPal as the method of payment. Credit cards work fine (through the PayPal gateway), my SSL certificate is current, my PayPal API credentials are current & confirmed, I have a Site Title set and no unusual characters in my membership types. Everything worked in I bought a Plus membership and wrote to you WEEKS ago about this and nothing- still urgently need help resolving this!

There are a number of factors around this error besides our code. Did you go through the list in the article? If you are still having the issue after that, we can help in the member forums.

Thank you for your reply. I went through the whole list in the article. I’ve made a post in the member forums and one of your reps is following up with me. Hoping we can get this resolved!

I finally ended up finding a way to resolve it myself.

In case this is helpful to others, I have documented my efforts.


We use PayFlow Pro for credit card payments, and we use the “PMPro Add PayPal Express” add-on in order to provide PayPal as a secondary method (primarily so we can issue and accept gift cards).

The “Payment Gateway & SSL” page in the dashboard of Paid Memberships Pro only shows the settings for the actively selected payment gateway (in our case, PayFlow Pro). The add-on uses saved settings for PayPal Express that can be stored via the same page of settings. This not very visibly documented, and the way to properly update those settings is not documented at all.

Our solution:

1. I temporarily switched the “Payment Gateway” in use to PayPal Express.
2. On that page, I cleared the API credentials fields, saved, re-entered the (unchanged) API credentials, and saved.
3. I switched the payment gateway in use BACK to PayFlow Pro.
4. On that page, I re-entered our PayFlow Pro credentials, and saved.

(variations on this sequence of steps seemed to result in OTHER errors).

To whoever maintains the code and documentation for the add-on: it may be worth noting this in the documentation for future versions in case other users encounter the same problem, or (ideally) providing some kind of admin hook to include the PayPal Express fields on the Payment settings page in addition to the fields for the active primary payment gateway.

Thanks for sharing your solution. I agree that we can do better on the UI for the settings here. We have long term plans for an overhaul of this, but maybe there is something we can do in the meantime to make things more clear.

Enhancement request to assist with this situation.

Seems like the PMP UI could use some work related to this situation.

Currently, selecting Sandbox/Production leaves all other values as-is. This make it appear, you can just switch into sandbox mode + use production mode settings.

Seems like each mode should have it’s own settings, so switching between the two modes reflects credentials for each separate mode.

Hey Jason and the PMPRO team i am having a hard time resolving the “Security header is not valid” error and its irking me 🙁
I have checked and counter checked based on all guidance on the forum and still can’t resolve it. I need to get this resolved please.
Appreciate your speedy response

I’ll look for your thread and if it’s still open, I’ll try to get it fixed up for you by EOD tomorrow. Make sure our team has all the access they might need to fully debug and fix on your site (WP admin, FTP/etc)


I tried all the steps above. Nevertheless, I am getting the error in the production mode on my website…

Any other tips?

I checked:
– Empty spaces in the api, username and signature
– SSL Seal code of comodo is implemented
– Tried in the maintenace mode of the page and online
– tried it with a new account
– I tried it also with paypal standart

Nothing works…

I’m in a similar situation; please help?

I’ve been a PMPro user for a while; recently we changed the password on our PayFlowPro account. Obviously, that made payments through PMPro stop working: I updated the credentials and password in PMPro and now credit card payments work again (they did not before) but attempting to check out with PayPal results in the “Security Header is Not Valid” error.

I’ve gone through all of the above steps. Is there something I’m missing?

There was an old error that came up if your PayFlow password had certain characters in it. We should account for this now, but to be sure you could try to reissue the PayFlow password and enter it again in the PMPro settings. Otherwise, we would need access to your site to debug further. You could sign up and post to the member forums.

ok, i figured it out: in my API-Username was a “+”, e.g. “user+ppapi”, this has to be url-encoded.
paidmembershippor doesn’t urlencode the API-Username, i think this is a bug.

I fixed it by saving the API-Username already url-encoded to the Database.

Thanks so much for that tip, it’s still a bug apparently with other plugins and helped me figure out why my credentials weren’t working.

To make things clear for future visitors:

For Production/Live, login to your real paypal account then head to:
* My Account > Profile
* My selling tools (on the left sidebar)
* API access > update
* then select option 2 for the API credentials

For Sandbox/Testing, login to http://developer.paypal.com then head to:
* Applications > Sandbox accounts
* Create a facilitator account for the API credentials
* Create a customer account then use that account when doing test purchases

Hi there – I’m still struggling with this. I’ve tried all of the steps above, but am still getting this error. If anyone comes up with any other soloutions, I’d be glad to hear them ..it’s driving me crazy!

Hi Jason,
I went into the site and re added the API data. I also made sure that my email was correct. The from email I was using had not been added into the cpanel. Once I corrected this all works OK now.

Thanks for the Post

Hi Jason, I don’t receive these errors on the production environment. Only when trying the PP sandbox environment I get these. I’ll try to dig in under the covers and check what could be a cause.


This advice is specifically for PMPro, but would generally work for OpenCart I’d assume. Just make sure you are using the correct API information, usernames, passwords, etc and that you are hitting the right URL (live or sandbox).

Im using an old version, I need to patch a lot of stuff I looked at the diff file from my version to the latest and there’s a lot of changes. Particularly I’m interested in when an account is canceled, there was an if else statement that handled this before now it’s two separate if’s with a foreach statement in it. I have a separate table that handles other user-information. Have you changed anything with your database since 1.5.1? I don’t want to hit upgrade I just want to add my modifications to the code and re-upload the files.

Grosar, there have been DB updates since then. In general, it’s a good idea to use our hooks and filters to customize PMPro (get in touch if you need other hooks added) so you can upgrade the plugin without losing your customizations. We push updates out a lot and they often include important bug fixes or just cool new features you will want to have.

Leave a Reply

For faster support related to issues on your specific site please open a ticket in our members support area.

Your email address will not be published. Required fields are marked *