Many development and staging sites want to restrict total access to the site’s folder on the webserver. One of the easiest ways to do this is by setting a UNIX password at the server level.

This advanced developer recipe shows you how to set up custom .htaccess rules to allow your Webhook or IPN data through this security measure. This will allow you to properly configure and test payment gateways in Paid Memberships Pro.

Allow Gateway Webhooks and IPN Data into a Protected Site

IP Address Lists For Supported Payment Gateways

If your site has a UNIX password or is in Coming Soon/Maintenance Mode, your gateway will not be able to get to your site and send their data.

The example .htaccess code below will allow any of the listed IP addresses access to your website. All other users will be prompted to enter your secret UNIX username and password.

In the recipe, we included an example of how to allow access for the Stripe Webhook. If you are using another gateway, you will need a separate list of IP addresses.

Please consult your payment gateway documentation to locate their active IP addresses.

The .htaccess Recipe For Allowed Stripe IPs

# Stripe Webhook IPs via https://stripe.com/docs/ips#webhook-notifications
# v create a user/pass in this folder using htpasswd v
AuthUserFile /var/www/vhosts/domain.com/conf/.htpasswd
# ^^
AuthType Basic
AuthName "Authentication Required"
Require valid-user
Order allow,deny
Allow from 3.18.12.63
Allow from 3.130.192.231
Allow from 13.235.14.237
Allow from 13.235.122.149
Allow from 18.211.135.69
Allow from 35.154.171.200
Allow from 52.15.183.38
Allow from 54.88.130.119
Allow from 54.88.130.237
Allow from 54.187.174.169
Allow from 54.187.205.235
Allow from 54.187.216.72
satisfy any
view raw htaccess.txt hosted with ❤ by GitHub

Adding the Recipe to Your Website

Copy and paste this code recipe into your sites’ .htaccess file. Remember to adjust the list of allowed IP addresses for your gateway (these are for Stripe). You must configure your server’s UNIX password separate of this recipe.

Remember, this recipe will only work with sites restricted by a UNIX password. If you are using a Coming Soon plugin, you’ll need to take another approach to allow gateway access to your site (the easiest method is to disable the maintenance mode while running your tests). We’ll try to put together a similar recipe for popular plugins with this feature, or you can reach out to our support team for personal help.

Free Course: Membership Site Development—The Basics

Develop a deeper understanding of membership site development in this beginner-level course. Learn how to make your site work better, save yourself time and money, and improve your site's performance.

Featured Image for Membership Site Development Course: The Basics


Was this article helpful?
YesNo