Guide
WooCommerce Stripe webhook signature mismatch
A signature mismatch can break payment-state updates even when Stripe itself still records successful payments.
Problem
Webhook signature mismatch errors usually mean WooCommerce rejected a Stripe event because the signing secret or endpoint context did not match what the plugin expected. That can leave payment records and order state drifting apart.
Common causes
- The webhook signing secret in WooCommerce does not match the active Stripe endpoint secret.
- Multiple Stripe accounts or environments are pointing at the same store with conflicting secrets.
- A plugin update, environment change, or copied configuration left old webhook values in place.
- A proxy, security layer, or custom code changed request handling enough to break signature verification.
What to check
- Confirm the exact Stripe account, endpoint, and secret currently in use.
- Check whether staging/live settings or multiple plugins are sharing webhook destinations.
- Review recent updates, environment moves, and custom checkout or webhook code.
- Run the free scan to surface whether payment records and WooCommerce order state already diverged.
Need help checking this on a live store?
Start with the free scan. If the findings may need review, request a founder-led human review for manual confirmation and next steps.