Thank you for your feedback.
I was not aware of the certificate issue, but this looks like a problem that should be handled by CoinPayments. They list the official TOR URL with the https protocol, so it is likely that they should renew their certificate.
I added the TOR feature for a user who had requested this, but running WordPress securely over TOR is generally not easy. You can find guides on the web about this, but generally both WordPress and this plugin connect to a number of services as part of their routine operation.
So yes, it is likely not as easy as ticking a checkbox.
Ultimately, if you are concerned about privacy, I believe the best route would be to not rely on third-party services, but instead to set up a Monero full node and use this coin adapter.