Many development and staging sites want to restrict total access to the site’s folder on the webserver. One of the easiest ways to do this is by setting a UNIX password at the server level.
This advanced developer recipe shows you how to set up custom
.htaccess rules to allow your Webhook or IPN data through this security measure. This will allow you to properly configure and test payment gateways in Paid Memberships Pro.
About the Recipe
If your site has a UNIX password or is in Coming Soon/Maintenance Mode, your gateway will not be able to get to your site and send their data.
The recipe below will allow any of the listed IP addresses access to your website and will prompt everyone else to enter your secret UNIX username and password.
Note that this recipe specifically allows the IP addresses of the PayPal IPN Live Server and the Stripe Webhook. If you are using another gateway or using PayPal in Sandbox mode you will need a separate list of IP addresses. Please consult your payment gateway documentation to locate their active IP addresses.
- Stripe Domains and IP Addresses
- Authorize.Net Domains and IP Addresses
- PayPal IP Addresses for Live Servers
- PayPal IP Addresses for Sandbox Servers
- PayPal IP Addresses for Payflow Servers
- Braintree IP Addresses
- 2Checkout: Secure Webhooks
This recipe will only work with sites restricted by a UNIX password. If you are using a Coming Soon plugin, you’ll need to take another approach to allow gateway access to your site (the easiest method is to disable the maintenance mode while running your tests). We’ll try to put together a similar recipe for popular plugins with this feature, or you can open topic in the members-only support forum for personal help.
The Code Recipe
Adding the recipe to your website
Copy and paste this code recipe into your sites’
.htaccess file. Note that you must configure your server’s UNIX password separate of this recipe.
Code Author: Jason
Jason is co-founder of Paid Memberships Pro, the 100% open source membership plugin for WordPress. He has been pushing WordPress to its limits for many years and is an advocate for using WordPress as an application framework to build web sites and apps that go above and beyond the typical blog of CMS site.