Stripe Webhook

The text that you posted is correct for when the webhook is set up correctly, so it’s good that you’re able to load it but something on your server is not allowing that page to display to Stripe. Try visiting the webhook URL without being logged on to your site (open an incognito window to test it). If it redirects you to the home page instead of displaying those results, then you have something set up in your WordPress install that is intercepting that URL, either in a plugin or in your theme. It’s also possible that it’s a setting on your server but that’s less likely if you are able to properly load the page in your browser.

I’ve also seen hosts that were blocking incoming traffic from the Stripe IPs. If you are able to visit the webhook URL directly, but Stripe is still failing, you can follow up with your host.

Also, you can look at the events in Stripe and see the webhook attempts and the specific response given from the server. It might have a few more details to help you figure it out.

Running WordPress 4.0 here –

i’m having a similar problem. I updated to 1.7.15 the other day and my Stripe payments were not going through. I had a potential customer tell me that even though he had filled out all the proper fields for membership, it kept telling him to “Complete all fields”. I tested this and verified this behavior myself so I was forced to roll back to 1.7.14.2 – Is there any update on this? Thank you for your help.

@skarface – teriffic. We were told to upgrade to 1.7.15 because of a security vulnerability too. I haven’t tested on my end yet or downgraded yet.

As far as my other issue, when logged out, I am redirected to the homepage of my WP install when I hit the Webhook URL. I am not running any security plugins either.

Here is my .htaccess for the folder with the WP installation.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /subscriptions/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /subscriptions/index.php [L]
</IfModule>

# END WordPress

# BEGIN MainWP

# END MainWP

Here is the .htaccess for the parent folder of the site:

# BEGIN MainWP

# END MainWP

Header unset Pragma
FileETag None
Header unset ETag
## Leverage Browser Caching ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
## Leverage Browser Caching ##

# BEGIN WPSuperCache
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#If you serve pages from behind a proxy you may want to change 'RewriteCond %{HTTPS} on' to something more sensible
AddDefaultCharset UTF-8
RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Accept-Encoding} gzip
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html.gz" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTPS} on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index-https.html" [L]

RewriteCond %{REQUEST_URI} !^.*[^/]$
RewriteCond %{REQUEST_URI} !^.*//.*$
RewriteCond %{REQUEST_METHOD} !POST
RewriteCond %{QUERY_STRING} !.*=.*
RewriteCond %{HTTP:Cookie} !^.*(comment_author_|wordpress_logged_in|wp-postpass_).*$
RewriteCond %{HTTP:X-Wap-Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTP:Profile} !^[a-z0-9\"]+ [NC]
RewriteCond %{HTTPS} !on
RewriteCond %{DOCUMENT_ROOT}/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html -f
RewriteRule ^(.*) "/wp-content/cache/supercache/%{SERVER_NAME}/$1/index.html" [L]
</IfModule>

# END WPSuperCache

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

I can’t say that our problems are that similar (i’m definitely new to all of this) – however this is becoming a thorn in my mind as the days progress and I’m unable to update properly without checkouts being affected. I may just at the very least patch the “getfile.php” as noted on the PMPro site, so that the security hole can be patched. I don’t know what the outcome of this would be as I have not tried it yet. I have scheduled maintenance windows where I can perform site updates, etc so I’ll have to wait to report back until then. Thanks for keeping this thread going.

@tylersmiller, if you get that “Logged on … Could not find event” message when you visit the webhook URL when you’re logged on to your site, but you are redirected when you visit the webhook URL when you are not logged on, then it’s likely something in either another plugin or your theme that is redirecting users away from WP Admin when they log on. If you have added customizations to functions.php then you can start there (look for any test for the string ‘wp-admin’). If you can’t see it there, then deactivate all plugins and re-activate them one by one to find which one is doing it; if it’s not a plugin, then switch to a default theme like twenty-thirteen to see if it’s in your theme.

1.7.15.1 has a fix for “Complete all fields” issue that came up in 1.7.15. FYI, 1.7.15 is updated to remove the CardType dropdown. At the same time, Stripe changed their API to put the CardType in a field named “brand” instead of “type” which was causing the issue. The latest PMPro now works with the latest Stripe API again.

If you are having other issues, let me know.

> I am redirected to the homepage of my WP install when I hit the Webhook URL

That is not normal. I’d have to take a closer look to figure out what is happening. If you post to the member forums, I can get more information from you and fix that up for you.