If you updated WooCommerce PayPal Payments recently and woke up to a flood of “payment gateway enabled” emails, here’s what happened and what it means for your store.
Payment gateways were always enabled
TL;DR: Updating WooCommerce PayPal Payments to v4.0.0 converts previously hidden Alternative Payment Methods (APMs) into individual WooCommerce gateways, triggering “payment gateway enabled” notifications for methods that were already active. Nothing new was turned on. You can review and manage these methods individually under WooCommerce > Settings > Payments.
A thread appeared on the WordPress.org support forums this week from a merchant who received 10 separate notifications informing them that payment gateways had been enabled on their site, methods they had never intentionally configured: Blik, iDEAL, Bancontact, Trustly, Przelewy24, EPS, Multibanco, MyBank, and Standard Card Button.
If you’ve seen the same thing, nothing was hacked. But the experience is a useful reminder of why plugin migration design matters, and why opt-in defaults tend to be the safer path.
What actually changed
In v2 and v3, APMs were available by default as part of the PayPal smart button stack. They weren’t exposed as standalone WooCommerce payment gateways and visible as additional buttons within the PayPal button UI, with visibility determined by the buyer’s IP address (Dutch IP = iDEAL, Belgian IP = Bancontact, and so on). Most merchants had no idea these were running, because there was no separate WooCommerce settings entry for them. The only way to disable them was to explicitly add them to a “disabled APM” list, something most merchants never did because most merchants didn’t know it existed.
In v4.0.0, each APM is now its own individual WooCommerce payment gateway, with its own settings entry and enable/disable toggle and visibility determined by the buyer’s billing country. This is a more transparent and manageable model. The problem is that the migration preserved the existing configuration rather than defaulting everything to disabled, which was the right call for continuity, but meant WooCommerce’s built-in notification system treated a structural migration as a batch of new gateway activations.
Nothing new was turned on. What changed was the architecture, and the notification system fired accordingly.
What to do now
Your checkout behavior hasn’t changed. Buyers in eligible countries were already seeing these payment methods before you updated. You can now manage each APM individually from WooCommerce > Settings > Payments and you can enable or disable them based on what makes sense for your store and customer base. The PayPal local payment methods documentation covers which methods are geo-eligible and what each one requires.
Takeaways
The plugin team faced a genuine tradeoff: default everything to disabled and risk breaking checkout for buyers actively using those methods, or preserve the existing state and accept the notification noise. While it was the right call for continuity, what would have helped is a pre-update communication, a clear heads-up explaining what was changing, what state merchants were in, and what action (if any) was needed before upgrading. We try to consider this kind of communication as often as we can, particularly when shipping changes in WooCommerce Core with developer advisories ahead of major releases. That said, this was missed, and now we know.
If you have questions, the original support thread is a good starting point; the PayPal Payments team is very responsive there. And of course, you can always reach out in the WooCommerce Community Slack, as well as X and Bksky, @DevelopWoo.
Leave a Reply