Many development and staging sites want to restrict total access to the site’s folder on the webserver. One of the easiest ways to do this is by setting a UNIX password at the server level.
This advanced developer recipe shows you how to set up custom
.htaccess rules to allow your Webhook or IPN data through this security measure. This will allow you to properly configure and test payment gateways in Paid Memberships Pro.
IP Address Lists For Supported Payment Gateways
If your site has a UNIX password or is in Coming Soon/Maintenance Mode, your gateway will not be able to get to your site and send their data.
.htaccess code below will allow any of the listed IP addresses access to your website. All other users will be prompted to enter your secret UNIX username and password.
In the recipe, we included an example of how to allow access for the Stripe Webhook. If you are using another gateway, you will need a separate list of IP addresses.
Please consult your payment gateway documentation to locate their active IP addresses.
- Stripe Domains and IP Addresses
- PayPal IP Addresses for Live and Sandbox Servers
- Authorize.Net Domains and IP Addresses
- Payflow IP Addresses (login required)
- Braintree IP Addresses
- PayFast IP Addresses
The .htaccess Recipe For Allowed Stripe IPs
Adding the Recipe to Your Website
Copy and paste this code recipe into your sites’
.htaccess file. Remember to adjust the list of allowed IP addresses for your gateway (these are for Stripe). You must configure your server’s UNIX password separate of this recipe.
Remember, this recipe will only work with sites restricted by a UNIX password. If you are using a Coming Soon plugin, you’ll need to take another approach to allow gateway access to your site (the easiest method is to disable the maintenance mode while running your tests). We’ll try to put together a similar recipe for popular plugins with this feature, or you can reach out to our support team for personal help.