Paypal IPN 403 errors

Hello @michael-boldin and thanks for reaching out to us!

If you’re getting 403s, there is a good chance the firewall is blocking the request. You can try Learning Mode to correct this.

From the Wordfence Dashboard click on Manage WAF. Then you will see Basic Firewall Options > Web Application Firewall Status. Change the option to Learning Mode. Now perform the actions that were causing issues. This will help Wordfence learn that these actions are normal and it will allow them in the future. After you have finished performing the actions, switch the WAF from Learning Mode back to Enabled and Protecting. Now test to see if these actions work correctly.

https://www.wordfence.com/help/firewall/learning-mode/ is an amazing resource for learning more about the WAF and learning mode.

Let me know if this helps!

Thanks!

Thanks for the insight on this, Adam – much appreciated!

For this particular test, is there any advantage to switching to learning mode instead of just turning the firewall off?

Does either way give me a better chance at accurately finding the cause of the problem?

Learning Mode will teach the firewall what is a normal action on your site. Turn off the firewall is never recommended in a live setting.

Once the firewall learns that this is normal, the 403’s should go away.

Let me know if this helps!

Thanks!

Thank you for that explanation! Paypal tech support told me that “PayPal makes use of 443 port” and that I should whitelist IPs from my firewall. On this screenshot, you can see how I added the IPs, does it look correct to you?

https://drive.google.com/file/d/1i2Oam60cZ91KCjGW16PaL3FgGI7n4WFa/view?usp=sharing

I don’t know if there’s anything I can set for the 443 port, but if you have advice, I’m all in.

really appreciate the quick responses and all the help.

Great! My next suggestion was going to be reaching out to Paypal support to see if there were IP addresses we could whitelist. Thanks for providing those to me!

It looks like you have this set up correctly. Have you tested it at all?

Thanks!

On top of it, thank you! What you see in the screen shot is the set of IPs that paypal gave me – and I added that to my settings. But unfortunately, after another test, I’m still getting a failure. 403. If you have any other suggestions, or need any other info from me to help, please advise!

If you disable Wordfence, does this problem go away?

Let me know what you find!

thanks for suggesting that. I did deactivate on the network level and just got another 403 error when testing it out. That rules out wordfence at this point then?

If it’s still not working I would say it’s not Wordfence blocking it. Are you using a CDN or anything?

You could check with their support to make sure nothing is being blocked, if not, check with your host to make sure.

Let me know what you find as I am interested to learn!

Thanks!

Finally have an update for you – I was able to have a successful IPN delivery of a transaction today after doing the following – so it’s hard to know what the actual cause was, but can test further if you have suggestions:

1. updated plugins and themes

2. added the IP addresses from Paypal to an alllow list at my host

3. did the same with IPs to a firewall rule to allow them at Cloudflare as well

4. disabled wordfence

5. put CF into development mode.

6. resent one IPN from paypal from a previously-successful transaction. And within about 10 minutes, the IPN went through and the subscription and order were updated on my site’s woocommerce dash.

The next subscription transaction from paypal won’t happen till overnight on Tue PM…

Have you tested with Wordfence enabled as well? If it’s being blocked by Wordfence, you will see it in Live Traffic and should be able to whitelist it. Since you were having this issue with Wordfence disabled as well, it makes me think Wordfence should work if enabled and you have your other settings set.

Let me know what you find though!

Thanks!