Payment gateways connect your WooCommerce store to a card processor. Setting them up securely protects your customers and keeps you out of unnecessary PCI compliance scope. Here is how to add a gateway the right way.
Your entire store, and the checkout in particular, must run over HTTPS with a valid certificate before you accept payments. A secure connection is both a customer-trust signal and a technical requirement for most gateways.
Prefer gateways that handle card entry through a hosted field, iframe, or redirect, so raw card numbers never touch your server. This dramatically reduces your PCI scope, because you are never storing or processing card data directly. Avoid any setup that posts full card details through your own site.
Enter the gateway's API keys in its plugin settings, not hardcoded into theme or plugin files where they could be exposed. Keep the secret key secret, and rotate it if it is ever exposed.
Many gateways use webhooks to confirm payments back to your store. Set the webhook URL exactly as the gateway specifies so orders are marked paid reliably. A missing or wrong webhook leads to paid orders stuck on hold.
Enable the gateway's test or sandbox mode, place a full test order end to end, and confirm the order completes and the confirmation email arrives. Only then switch to live mode and place one small real transaction to verify production works.
Enforce strong passwords and two-factor authentication for anyone with store admin access - a compromised admin account can redirect payouts or steal data regardless of how well the gateway itself is configured.
Our managed WooCommerce hosting provides the secure, HTTPS-ready platform these gateways require, and our team can help you connect and test your processor correctly.