As described in the General Information on Third-Party Platforms, third-party platforms that provide third-party functions or solutions for Official Accounts/Mini Programs must be accessed through the Official Account/Mini Program login authorization mechanism before being recognized by the WeChat Open Platform.

Third-party platforms that are not connected via the Official Account/Mini Program login authorization mechanism provide services to Official Accounts by storing key development credentials (AppID and AppSecret) of these Official Accounts/Mini Programs in plaintext. AppID and AppSecret pose far greater security risks than the login names and passwords of Official Accounts/Mini Programs. Therefore, the severity of the security risk will be determined based on the number of Official Accounts serviced by the platform, and the platform will be supervised accordingly.

For third-party platforms with serious security risks and that are inaccessible by the deadline, WeChat will roll out access to Official Accounts gradually, remind Official Accounts connected to these platforms to switch to different third-party platforms, limit sharing of Moments, and take other restrictive measures.

The specifics are as follows:

1. Security warnings for risky third-party platforms

For risky, not accessed third-party platforms, WeChat Official Accounts Platform will issue security warnings reminding Official Accounts/Mini Programs to be aware of security risks when they set these platform domain names (still available during warning) as their own server addresses.

2. Restricted access to severely risky third-party platforms

In addition to warnings, the WeChat Official Accounts Platform will limit access to third-party platforms with greater security risks (within 2 months after the first high-risk warning pops up). If the platform is still inaccessible by the deadline, the domain name will not be allowed to be filled in to the server address (Official Accounts that have already filled this in are unaffected).