Payment keys are where a lot of WordPress store launches quietly go wrong. The beginner mistake is simple: people paste live credentials into a store they have not tested yet, or they leave test credentials in place after launch. This Stripe guide walks through the clean path: create the test or sandbox keys first, put them into the WooCommerce payment plugin, run a safe test order, then switch to live credentials only when the checkout flow is confirmed.
Open the official docsPayment tutorial hub
What You Are Setting Up
- Stripe uses publishable keys for the browser side and secret keys for server-side payment actions.
- Test keys normally use the placeholder prefixes
pk_test_...andsk_test_.... - Live keys normally use the placeholder prefixes
pk_live_...andsk_live_.... - Webhook signing secrets are separate from API keys and should be copied from the Stripe Webhooks screen.
Before You Touch Any Keys
- Update WordPress, WooCommerce, and the payment gateway plugin first. Key problems are harder to debug on an outdated plugin.
- Make one low-priced test product, such as a one dollar checkout product, so you can test without disturbing the real catalog.
- Use a staging site or maintenance window if the store already takes orders.
- Keep secret keys in the WordPress admin field or a proper secret manager. Do not paste live secret keys into tickets, chats, screenshots, or public docs.
- Confirm the checkout page, cart page, SSL certificate, permalinks, and transactional emails before going live.
Create Test Or Sandbox Credentials
- Log in to the Stripe Dashboard.
- Open Developers > API keys while Stripe is in test or sandbox mode.
- Copy the publishable test key and the secret test key.
- Open Developers > Webhooks and add the WooCommerce webhook URL if the plugin asks for one.
- Copy the webhook signing secret for the test endpoint.
Add The Test Keys In WordPress
- In WordPress, open WooCommerce > Settings > Payments.
- Open the Stripe gateway settings.
- Enable test mode before adding test credentials.
- Paste the test publishable key, test secret key, and webhook signing secret into the matching fields.
- Save changes, then confirm the gateway appears on the checkout page.
Run A Safe Test Order
- Add the test product to the cart and proceed to checkout.
- Use one of the Stripe test cards below.
- Confirm WooCommerce creates the order with the correct payment status.
- Open Stripe Dashboard > Payments while still in test mode and confirm the matching test payment appears.
- Test one success path, one decline path, and one authentication path before launch.
Demo Cards And Test Values
| Scenario | Test value | Use it for |
|---|---|---|
| Successful Visa card | 4242 4242 4242 4242 | A normal successful card checkout. |
| Generic decline | 4000 0000 0000 0002 | Confirm the store handles a declined payment cleanly. |
| Authentication required | 4000 0025 0000 3155 | Test a 3D Secure style customer authentication flow. |
| Expiration and CVC | Any future date, any three-digit CVC | Use with Stripe test keys only. |
Switch To Live Payments
- Activate the Stripe account if it is not already approved for live processing.
- Switch the Stripe Dashboard from test mode to live mode.
- Copy the live publishable key and live secret key, then store the secret key securely.
- Create or verify the live webhook endpoint and copy the live webhook signing secret.
- Disable test mode in WooCommerce, replace the test credentials with live credentials, save, and run a controlled live checkout verification.
Common Mistakes To Avoid
- Leaving test keys in production after launch.
- Using live card details while the store is still being tested.
- Forgetting that test products and live products are separate Stripe objects.
- Copying the API secret into a public support ticket or screenshot.
- Skipping webhook setup, which can leave WooCommerce orders stuck in the wrong status.
Quick Launch Checklist
- Test checkout succeeds with a demo payment method.
- Test checkout failure shows a useful error and does not create a paid order.
- Order notes show the correct processor transaction ID or sandbox transaction ID.
- Refund or void testing has been checked if the processor supports it from WooCommerce.
- Live credentials are active, test credentials are removed from production, and the store owner can see live transactions in the processor dashboard.