New to the community? Start here

Blocked payment processing on WooCommerce site

Hi there, my client is using your hosting, the domain is no++++s.com. They have woocommerce set up with authorize.net.
Most orders going through fails and gives an error 403: forbidden. I was wondering if there are security preferences set up that may be rejecting order requests.
I saw on a forum that there may be something called Mod_security blocking certain requests. Not sure if it’s that or something else.

Tue, 8 Oct 2019 0:14:54
  • Predrag Dubajic
    • Support

    Hi Adam,

    This issue is usually caused if the request is sent via HTTP instead of HTTPS and it could be related to the plugin used for authorize.net gateway, can you tell me which plugin are you using for this?
    Also, have you tried with any other gateway or with a different authorize.net gateway?

    There shouldn’t be any issues on the server end as the PHP restrictions are applied to uploads folder only.

    Best regards,
    Predrag

  • Adam
    • Design Lord, Child of Thor

    I’m using the SkyVerge Authorize.net plugin from the official Woocommerce Extension store. I’m in talks with them and they think it may be a plugin conflict with your Defender plugin – we’re currently testing this to see if that’s true or not. Any thoughts?

  • Adam
    • Support Gorilla

    Hello Adam

    There’s been “mod_security” mentioned earlier so I just wanted to clarify that if the site’s hosted with us that can’t be a reason because “mod_security” is a module specific to Apache webserver which is not used on WPMU DEV Hosting.

    As for Defender, this might be possible. I’m not familiar with the payment plugin that you’re using and I don’t have a way to test it as it’s a premium plugin but since Defender is a security plugin and might (and actually does, depending on configuration) impose some “limitations” on various aspects of how site works/communicates – this is something worth checking.

    If anything in Defender could be causing that, I’d say it would most likely be one of the “Security Tweaks”. To test that, you’d need to revert those applied tweaks rather than just disable the plugin. I think the best way to test that would be to go to the “Defender Pro -> Security Tweaks -> Resolved” page and try to revert tweaks one by one, each time checking the payment.

    Following tweaks could, however, be ignored as they wouldn’t be related (so those could be skipped in test):

    – change default database prefix
    – hide error reporting
    – update PHP to latest version
    – change default admin user account
    – update WordPress to latest version
    – disable the file editor
    – update old security keys

    If there are other applied, they’d be worth reverting – just temporarily to test the issue. If that doesn’t help, then in the next step (without applying those tweaks back) try disabling Defender entirely and see if that changes anything.

    Let us know about results, please.

    Kind regards,
    Adam