Direct Post MD5 Issue for Magento 1 and 2 Merchants

Magento 1 and Magento 2 merchants that use Direct Post as one of their payment methods will need to have a patch applied and update their settings in the Magento admin panel before March 28, 2019. will stop supporting the MD5 hash method that Magento uses for its Direct Post integration. They have updated the date to March 28, 2019. Fortunately, Magento has released a patch and steps that can be taken to update Direct Post integration to use the Signature Key method.

[Update: 3/12/2019 – The date has been pushed back to June 28, 2019]

If your Magento store is hosted with us, we will be applying the patch to all stores that use Direct Post, and you will be receiving an email letting you know when the patch is applied and the steps you need to take.

If your store is not hosted with us, you will need to follow the steps outlined in the Magento Help Center.

The steps to address this issue are:

  1. Apply the patch to your M1/M2 store (LexiConn will do this for all Magento sites hosted with us)
  2. Get a new signature key in the Merchant interface:
    1. Log-in at
    2. Go to: Account -> Settings -> API Credential & Keys -> New Signature Key
  3. Update Magento admin
    1. Log-in to your Magento admin panel
    2. Stores -> Configuration -> Sales -> Payment Methods -> “ Direct Post”
    3. Enter the new Signature Key in the Signature Key field
    4. Save
  4. Place a test order using a live credit card to make sure is still working after the update

If you are hosted with us, and have any questions about this, please let us know.

Looking for a web host that understands ecommerce and business hosting?
Check us out today!


  1. Adrian says:

    Hello, I’ve been looking and asking all over the place if the “regular” payment method will be affected by this change? With “regular” I mean the one that IS NOT Direct Post.

    So my question is, if we only use, and we don’t use Direct Post, will this change affect us?

Leave a Reply to Robert Mangiafico