Why 83 PayPal Subscriptions Silently Failed — A WooCommerce PPCP Vaulting Investigation

A client came to me with a problem that had been quietly bleeding revenue for months. Their WooCommerce subscription store was showing a growing number of PayPal renewal failures. Customers were churning, and the error messages from PayPal were cryptic at best.

The error in the WooCommerce logs read: not well-formed (invalid token). Not exactly helpful.

The Initial Investigation

The store used WooCommerce Subscriptions with PayPal as the primary payment method. Some subscriptions renewed fine. Others failed every single time. There was no obvious pattern from the customer's perspective — same products, same PayPal accounts, same subscription plans.

I started by comparing the postmeta on a working subscription versus a failing one:

wp post meta list 12345 --format=table | grep -i paypal
wp post meta list 12678 --format=table | grep -i paypal

The difference was immediately clear. Working subscriptions had meta keys like _paypal_subscription_id and PayPal Subscriber ID — these were legacy PayPal Standard subscriptions managed via IPN (Instant Payment Notification). They'd been created years ago and had been renewing happily ever since.

The failing subscriptions had completely different meta. They were created by the newer PayPal Commerce Platform (PPCP) plugin — WooCommerce's recommended PayPal integration. And they had a meta key I hadn't seen before: _ppcp_vaulting_failed.

The Root Cause

I queried the database to understand the full scope:

wp db query "SELECT COUNT(*) FROM wp_postmeta
WHERE meta_key = '_ppcp_vaulting_failed'
AND meta_value = '1';"

83 subscriptions. Every single subscription created through the PPCP plugin had this flag set. Not a single one had a valid PayPal vault token or billing agreement ID.

To confirm, I checked for the presence of vault tokens:

wp db query "SELECT p.ID, pm.meta_key, pm.meta_value
FROM wp_posts p
JOIN wp_postmeta pm ON p.ID = pm.post_id
WHERE p.post_type = 'shop_subscription'
AND p.post_status = 'wc-active'
AND pm.meta_key IN (
  '_ppcp_billing_agreement_id',
  '_ppcp_vault_id',
  'ppcp_vault_payment_token'
)
ORDER BY p.ID;"

Zero results. The PPCP plugin had never successfully stored a vault token for any subscription. Every renewal attempt was failing because PayPal had no stored payment method to charge.

Understanding the Failure

PayPal vaulting is the mechanism that allows a merchant to charge a customer's PayPal account for recurring payments without the customer being present. When a customer subscribes and pays via PayPal PPCP, the plugin is supposed to:

1. Redirect the customer to PayPal
2. Get the customer's approval for recurring charges
3. Store a vault token (billing agreement ID) in the subscription's postmeta
4. Use that token for all future renewals

Step 3 was never completing. The _ppcp_vaulting_failed meta confirmed the plugin itself knew it had failed — it just didn't surface this failure to the store owner in any meaningful way. No admin notice, no email, no failed order note at the time of purchase. The customer's initial payment went through (as a one-off charge), the subscription was marked active, and the failure was silently recorded in a meta field nobody was looking at.

The most likely cause: PayPal vaulting was not enabled on the merchant's PayPal business account. This is a setting that needs to be explicitly activated by PayPal — it's not on by default, and the PPCP plugin doesn't validate whether vaulting is available before attempting to use it.

The Resolution

There was no way to retroactively vault these 83 subscriptions. Without a stored token, PayPal has no authorisation to charge the customer. The customers would need to re-authenticate.

I recommended switching from the PPCP plugin to Payment Plugins for PayPal WooCommerce — a more mature PayPal integration with better vaulting reliability and clearer error handling. The migration path:

1. Install and configure Payment Plugins for PayPal WooCommerce (ensuring vaulting was properly enabled on the PayPal account this time)
2. Deactivate the PPCP plugin

WooCommerce Subscriptions has built-in behaviour for this situation. When a payment gateway is deactivated, all subscriptions using that gateway are automatically switched to manual renewal. The customer receives an email with a link to pay, at which point they authenticate with PayPal through the new plugin, and a valid vault token is stored for future renewals.

I verified this with a test subscription first:

# Check subscription payment method before deactivation
wp post meta get 12700 _payment_method
# Output: ppcp-gateway

# After deactivating PPCP plugin
wp post meta get 12700 _payment_method
# Output: (empty — switched to manual)

# Verify the subscription status
wp post get 12700 --field=post_status
# Output: wc-active

The subscription remained active — it just required the customer to manually pay on the next renewal date. Once they did, the new plugin vaulted their PayPal account correctly, and all subsequent renewals were automatic.

The Aftermath

We sent a carefully worded email to all 83 affected customers explaining that their next renewal would require a one-time manual payment due to a payment system upgrade. The re-authentication rate was around 70% on the first email, with a follow-up catching most of the rest.

The real lesson here is about silent failures. The PPCP plugin knew vaulting had failed on every single subscription. It recorded this fact in the database. But it never told anyone. No admin notification, no dashboard warning, no failed order at the point of sale. For months, the store was creating subscriptions that were guaranteed to fail on renewal.

This is exactly the kind of issue that gets caught early with proactive WooCommerce maintenance — regular audits of subscription health, payment gateway logs, and renewal success rates. By the time 83 customers are affected, you've already lost significant revenue and goodwill.

Need help with something similar? Check out my maintenance plans.