Many development and staging sites want to restrict total access to the site’s folder on the webserver. One of the easiest ways to do this is by setting a UNIX password at the server level.
This advanced developer recipe shows you how to set up custom
.htaccess rules to allow your Webhook or IPN data through this security measure. This will allow you to properly configure and test payment gateways in Paid Memberships Pro.
About the Recipe
If your site has a UNIX password or is in Coming Soon/Maintenance Mode, your gateway will not be able to get to your site and send their data.
The recipe below will allow any of the listed IP addresses access to your website and will prompt everyone else to enter your secret UNIX username and password.
Note that this recipe specifically allows the IP addresses of the PayPal IPN Live Server and the Stripe Webhook. If you are using another gateway or using PayPal in Sandbox mode you will need a separate list of IP addresses. Please consult your payment gateway documentation to locate their active IP addresses.
This recipe will only work with sites restricted by a UNIX password. If you are using a Coming Soon plugin, you’ll need to take another approach to allow gateway access to your site (the easiest method is to disable the maintenance mode while running your tests). We’ll try to put together a similar recipe for popular plugins with this feature, or you can open topic in the members-only support forum for personal help.
The Code Recipe
How it Works
If you are using PayPal Website Payments Pro or our Add PayPal Express Add On with another main site gateway option, there is a “Select Payment Method” box on the checkout page.
The Code Recipe
Some Special Notes
Make sure you download and place the logos in this .zip file in the appropriate place for your CSS. If you are using a PMPro Customizations file with custom CSS, you would place them in an “images” folder within your customizations plugin. If you are placing this code in your theme’s stylesheet, just place the images in your theme’s images folder.
Also, update or use your own Credit Card logos image if you don’t or can’t accept all of the payment options shown in the image. You can get additional credit card logos here.
If you’d like to use a different PayPal button at checkout, below is a code recipe and links to the buttons available through PayPal.
Button Options offered by PayPal
Check out with PayPal
/* Large */
/* Medium */
/* Small */
Buy now with PayPal
/* Large */
/* Medium */
/* Small */
See all PayPal Buttons or visit the PayPal logo center for more options
Or, create your own.
You can also create your own PayPal button and host it on your own website, just make sure you load it over the https protocol if you are using SSL on your website.
/* Custom */
This recipe uses the
pmpro_paypal_button_image filter. Update line 7 of the code recipe to either the desired PayPal logo URL or the URL for the custom button you created.
Copy and paste this code recipe into a helper PMPro Customizations plugin.
See all hooks and filters
If you’re using PayPal as a gateway on your membership site, below is some information about a September 2015 update to require SHA-256 Compliance. This affects all sites using PayPal for Instant Payment Notification (IPN) on a non SHA-256 compliant server.
It is very likely that your hosting company or server has already been updated to support these new security requirements. However, if you are using an SSL certificate on your site (and especially if it was installed more than a few months ago), you may need to have your certificate reissued.
Read on for more details on how to test your SSL certificate and server and what to do.
What should you do?
If you have an SSL certificate on your site, make sure that it is SHA-256 encoded.
You can use a tool like SSL Labs to test your SSL certificate. The “encoding algorithm” must be SHA-256 or higher. If your SSL certificate is out of date, you will need to have your SSL certificate “reissued” and “reinstalled”. Both your SSL provider and host should do this for you free of charge.
If you aren’t currently using an SSL on your site, it appears that the PayPal IPN requests will still be sent over a non-SSL/HTTPS URL and this update wouldn’t apply.
If you don’t have an SSL certificate on your site, you should be able to use PayPal Standard and Express without and SSL certificate just as you were before. No update is required.
If you manage your own dedicated or virtual private server, upgrade your SSL software.
If your server’s SSL software is out of date, it may be vulnerable to certain attacks that have been discovered in the past year. The instructions for updating your software will be different depending on your specific hosting environment and operating system. Follow up with the company you are leasing your server from or find documentation for your specific setup.
No update to the Paid Memberships Pro software or settings is required.
Any action required by these changes in PayPal’s infrastructure will need to be done at the hosting level.
NOTE: These updates are in response to an industry-wide security upgrade and are not unique to PayPal. They will help secure your website’s interaction with the PayPal website and Application Programming Interface (API). Not all merchants are required to make these changes. Please ensure you are prepared for this event by consulting with your technology team, website vendor or the individual(s) responsible for your PayPal integration.
Read more about this update on the PayPal 2015-2016 SSL Certificate Change Microsite
Paid Memberships Pro integrates with many flavors of PayPal. See this comparison chart for details on each option, plus a guide on how to set up your selected PayPal gateway under “Memberships” > “Payment Settings”.
See the Comparison Chart
The chart includes links to setup guides for each gateway option. Here’s that list for reference:
Easily add PayPal Express in addition to your primary integrated processor, such as Stripe or Authorize.net.
Get the PayPal Express Add On