Many development and staging sites want to restrict total access to the site’s folder on the webserver. One of the easiest ways to do this is by setting a UNIX password at the server level.

This advanced developer recipe shows you how to set up custom .htaccess rules to allow your Webhook or IPN data through this security measure. This will allow you to properly configure and test payment gateways in Paid Memberships Pro.

Allow Gateway Webhooks and IPN Data into a Protected Site

IP Address Lists For Supported Payment Gateways

If your site has a UNIX password or is in Coming Soon/Maintenance Mode, your gateway will not be able to get to your site and send their data.

The example .htaccess code below will allow any of the listed IP addresses access to your website. All other users will be prompted to enter your secret UNIX username and password.

In the recipe, we included an example of how to allow access for the Stripe Webhook. If you are using another gateway, you will need a separate list of IP addresses.

Please consult your payment gateway documentation to locate their active IP addresses.

The .htaccess Recipe For Allowed Stripe IPs

Adding the Recipe to Your Website

Copy and paste this code recipe into your sites’ .htaccess file. Remember to adjust the list of allowed IP addresses for your gateway (these are for Stripe). You must configure your server’s UNIX password separate of this recipe.

Remember, this recipe will only work with sites restricted by a UNIX password. If you are using a Coming Soon plugin, you’ll need to take another approach to allow gateway access to your site (the easiest method is to disable the maintenance mode while running your tests). We’ll try to put together a similar recipe for popular plugins with this feature, or you can reach out to our support team for personal help.

Was this article helpful?