Authorize.Net: Important MD5 Hash Removal/Disablement

Thanks for this update! 2-3 months gives us all a little time to breathe. :slight_smile:

1 Like


How would I know about a hotfix? This affects 2 of my clients.

Do I check here or what?


1 Like

Yes, I’ll post it here when it’s ready. Krum and I are working on it. :slight_smile:

I do keep checking back but I find nothing since the post from 12 days ago. Am I missing something?

1 Like

Hi Gregg.

No, you haven’t missed it. There just hasn’t been an update yet. When I have it, this is where I’ll post it. :slight_smile:

Thank you for your patience! Here’s the fix. :smiley: (29.4 KB)

You’ll see three files in the zip. They go in these folders of s2Member Pro:


Although you should not have any problem from these, it’s always best to make a backup before your test.

Please report anything you find not working, or that could be improved. Your feedback is very appreciated and will be used to improve the fix before implementing it in the next release.

Looking forward to your results!

1 Like

Update from Authorize.NET:

Today we’re announcing final phase 2 dates when the gateway will stop populating the MD5 hash value.

Phase 1 Complete
Phase 2 - Stop sending the MD5 Hash data element in the API response. To continue verifying via hash, this will require applications to support the SHA-512 hash via signature key.
Sandbox will be updated on March 7, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.
Production will be updated on March 14, 2019 to stop populating the MD5 Hash value, the field will still be present but empty.
We have updated documentation on our developer center, posted sample code on Github, and will have SDK updates completed by end of February.

Please refer to our support article: MD5 Hash End of Life & Signature Key Replacement for more details and information on this change.

Thank you for your attention to this matter and for being an Authorize.Net merchant.


1 Like

Thank you Cristián:

I applied this to 2 sites and test purchases worked great.

Best, Willy

1 Like

Thank you so much for the feedback, Will! :smiley:

New update from Authorize.Net:

After reviewing feedback concerning the production cutoff date for the MD5 Hash, we are pushing back the production update from March 14, 2019, to June 28, 2019. We will continue to review feedback and consider further date changes as needed over the next month.

For more details, see MD5 Hash End of Life & Signature Key Replacement article -
Posted about 6 hours ago. Mar 12, 2019 - 09:29 PDT

1 Like

Installed today, running smoothly so far! Thank you for this update!

1 Like

I tried the updated files you provide to no avail.

Thanks for the feedback. Could you tell me what you’ve tried and what you’re experiencing? :slight_smile:

Sure thing. I tried installing the hotfix, as follows:

Yet, I’m still asked for the MD5 Hash in the Dashboard & still see the error on the Pro Form (

What should I try next? The site went live last night, so I’m really stuck at the moment, considering our users can’t create an account.

Oh, I see! Every site we tried that in so far, already had an MD5 hash from before, so we never got that error in the previous tests. I’m sorry about that.

I guess you can’t get your MD5 hash from Auth.Net anymore. If not, then you can try just typing a few letters in that field, and see if that flies.

It’s to make s2Member happy while we remove that check from the pro-form. I’m not sure if Auth.Net uses it anymore if it’s getting the SHA512 one.

Please try it and see if you can make a test payment successfully. Even 1 cent or so would be fine, just to test.

Here’s an update of the fix, with the updated warning when missing the Signature Key, not the MD5 Hash. (58.3 KB)

There are the same three files from before:


And two more:

s2member/src/includes/translations/ s2member.pot

@parkwaychildcare, let me know if that takes care of your problem. Once you add these, try leaving the MD5 Hash field empty in your configuration. I look forward to your update. :slight_smile:

That did the trick. Payments via Authorize.NET are now being accepted.

Thanks so much for the fast turn-around on this issue. Very much appreciated!

1 Like

I’m very glad! Thanks for the feedback.

Quick question: Did you leave the MD5 Hash empty or with a random value?

And thank you very much for catching that and helping me improve it!

I hope your launch goes very well and you have a lot of success! :smiley:

I actually had it both ways. At first I had “abcd” set as the MD5 Hash (per your earlier instructions). Then, I deleted the MD5 Hash value from the backend & tested again. In both instances, it worked.

We love s2 and recommend it to all our clients. You produce excellent software.

1 Like

I’m very glad to know that both worked, and you have it up and running without trouble now.

Thank you so much for telling others about s2! :blue_heart:

If you haven’t yet, and you feel like it, it’d help us a lot that you leave a rating over at WordPress. Thanks! :smiley: