Due to upcoming PCI DSS requirement changes, and in order to meet GDPR compliance, we have to retire support for TLSv1.0 or TLSv1.1 protocols on May 1st, 2018. We will only support the TLSv1.2 protocol moving forward after May 1st.
Okay, so what does this mean?
If you’ve received an email or an in-app message from us within the last month notifying you about these changes it means that one or more of the domains currently being used within your Unbounce account is on an outdated version of TLS. If the server your Wordpress instance is hosted on is using outdated TLS protocols it will need to be updated to support TLS 1.2. If your protocols are not updated, traffic to your Unbounce landing pages won’t be properly secured over HTTPS, or could even fail to access your pages. Further, if you offer e-commerce functionality on your Unbounce landing pages, you will not be able to process credit card or PayPal payments.
How do I update my Wordpress Installation to support TLSv1.2?
If you’re managing the server Wordpress is hosted on, you will need to:
- Upgrade OpenSSL library to version 1.0.1+
- Upgrade cURL library to version 7.34.0+
- If possible, upgrade to PHP 5.6+
If you are using a hosted service, you will need talk to the support team so that they can:
- Upgrade openSSL to version 1.0.1+
- Upgrade cURL to version 7.34.0+
- If possible, upgrade to PHP 5.6+
If you’re unsure how to make these changes, we recommend the best place for further assistance would be to contact your hosting provider, IT team, or site administrator.
Why is Unbounce retiring support for Wordpress’ older TLS protocols?
In order to stay aligned with industry standards, we must ensure that all Unbounce customers are using TLSv1.2 or higher for their Wordpress installations by May 2018. This is because industry data protection standard PCI DSS will stop supporting earlier TLS protocols, and the General Data Protection Regulation (GDPR), which comes into force May 25, 2018, only supports TLSv1.2 or higher. Here’s some more information on PCI DSS, the GDPR and Unbounce’s efforts to become GDPR compliant.
We know this is not an easy update!
We understand this may not be an easy update, unfortunately we are only available to provide limited guidance. Due to the nature of the updates required, the process will vary depending on your hosting provider. Again, we recommend the best place to reach out for assistance would be to contact your hosting provider, IT team, or site administrator.
Where can I get more information?
Third party plugin, TLS 1.2 Compatibility Test, has been designed to check Wordpress installations’ compatibility with TLSv1.2, and may help you to determine whether you need to make any updates. Please keep in mind that this tool was not developed by Unbounce, therefore we do not have any means to support it nor guarantee its full accuracy.
You may also want to take a browse through these blog posts for further context on the TLSv1.2 update: