All problems (or almost all problems) have a solution; here you have a small collection of problems and how to solve them. It is a collection of problems for both the Redsys plugin available on WordPress.org and the Premium plugin that you can purchase on WooCommerce.
If you can’t find the solution to your problem and you are using the WordPress.org plugin, check the forums or open a new thread on WordPress.org.
If you are using the premium plugin and have a valid license, open a ticket on WooCommerce.com. You must select the Redsys plugin in the dropdown so that it reaches me directly.
In both places, you can write directly in Spanish as I provide support myself.
▼ How to open a support ticket on WooCommerce.com?
▼ Credit card to use for testing in Redsys
You will find this information in the welcome email you should have received, but you can safely use this data:
Card number: 4918019199883839
Expiration: 12/32
CVV2 Code: 123
To force a card error in testing, you can use this:
Card number: 4907271141151707
Expiration: 12/32
Remember that Redsys always requires you to have at least one correct order without errors, and then force an error to also be communicated to the merchant.
For BIZUM, you can use this data; note that some banks always return an error after entering the data correctly.
Bizum Phone: 700000000
Bizum Key: 1234
SMS Code: 12345678
Ensure that the order cost for testing is low, less than €10. I personally usually create a product for €1 to ensure it works in tests.
▼ Does the Redsys plugin from WooCommerce.com work on WordPress.com?
Yes, it works; many customers are using it on WordPress.com without problems. If for some reason the orders are not marked as paid, or you get a 500 error, you should contact WordPress.com support and access a live chat at https://wordpress.com/help/contact (especially to Live Chat, do not go to the forums) and tell them that you are getting a 500 error at https://yoursite.com/?wc-api=WC_Gateway_redsys or https://yoursite.wpcomstaging.com/?wc-api=WC_Gateway_redsys
They will fix it for you to work. This happens due to security measures implemented, but since it is a recognized and audited plugin by Automattic (owners of WordPress.com and WooCommerce) through WooCommerce.com, they will make it work without problems if it doesn’t work from the beginning.
▼ How should I configure Redsys?
Just make sure that you have Redsys configured as shown in the following screenshot.
Online notifications: (HTTP + Commerce Email) –> Entity Email
Synchronization: Synchronous
URL OK: None
URL KO: None
Send parameters in URLs: NO
▼ PHP extension mcrypt_encrypt() for PHP 5.6 or lower
To send data to Redsys correctly in PHP 5.6 or lower, it is necessary that the hosting you hire has the PHP extension mcrypt_encrypt() installed and activated. If it is not, you will not be able to use Redsys. So make sure your hosting has it installed, and if not, ask them to install it on the server and activate it in php.ini
▼ PHP extension encrypt_3DES() for PHP 7.0 or higher
To send data to Redsys correctly in PHP 7.0 or higher, it is necessary that the hosting you hire has the PHP extension encrypt_3DES() installed and activated. If it is not, you will not be able to use Redsys. So make sure your hosting has it installed, and if not, ask them to install it on the server and activate it in php.ini
▼ Orders are pending payment in WooCommerce (I do not use CloudFlare)
This is by far the biggest problem that exists in WooCommerce with Redsys.
The reasons for an order not being marked as paid can be various.
Generally, this is due to using a security certificate that is not compatible with Redsys, for example, Let’s Encrypt, Comodo, and others.
The way to solve it is to check the plugin settings for compatibility with SNI certificates.
If your hosting forces redirection of all requests to HTTPS, you should also disable this forced redirection.
If you use a plugin like Really Simple SSL, you should enable forced redirection via the .htaccess file, disable redirection via WordPress, and finally, disable any modifications to the htaccess file.
Once we have everything configured, we should add the following line in the code added by Simple SSL or the plugin we use:
RewriteCond %{QUERY_STRING} !^wc-api=WC_Gateway_(.*)redsys
Whether we have code added by another plugin or not, we should have this code in the .htaccess file. If you have any other redirection code, remove it.
The following code works for both the WordPress.org plugin and the premium one from WooCommerce.com. It adds an exception for all payment options added by the premium plugin.
# REDIRECTION SSL CERTIFICATE REDSYS BY JOSE CONTI V.2.0
RewriteEngine on
RewriteCond %{QUERY_STRING} !^wc-api=WC_Gateway_(.*)redsys
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# END REDIRECTION SSL CERTIFICATE REDSYS BY JOSE CONTI V.2.0
Another possibility is that the firewall, either from the server or from a plugin we use, for example, the antibot from All In One SEO Pack, is blocking the Redsys IP. We must check that none of the IPs blocked by the firewall belong to Redsys. In the case of All In One SEO Pack, disable the Anti Bots protection, as there is no way to add exceptions, and it will always block Redsys.
Finally, we have not configured Redsys correctly, and we only have the email notification active. Access Redsys and check that the notifications to the site are well configured. The HTTP notification must be selected, either alone or along with the email notification.
▼ Orders are pending in WooCommerce and I use iThemes Security
It is very simple what needs to be done.
First, we will go to Security > Settings > Banned Users
We must disable “Enable HackRepair.com’s blacklist feature”
If you have System Tweaks active, access it.
Once inside, look for “Filter Long URL Strings” and make sure it is disabled.
Note that I have also marked Suspicious Query String. Sometimes this configuration can interfere and cause orders not to be marked as paid.
Once you have made these checks, you can try again if you do not have any of the other reasons why an order is not marked as paid (Let’s Encrypt and CloudFlare); in this case, continue looking for a solution.
▼ Orders are pending payment in WooCommerce (I use CloudFlare)
You must go to the Firewall tab in CloudFlare, where we will prevent CloudFlare from confusing the notification that Redsys sends to our site as a malicious bot. Inside the Firewall tab, we will access the submenu “Tools”
In the Tools submenu, we must add the following:
In “Enter an IP”, we will put “195.76.9.0/24“, in the dropdown we will select “whitelist”, in the next dropdown we will select whether we want it for the active site or for all we have, and finally, we can add a note or directly press “Add”
Once you have added the previous IP range, repeat the action, but with this other range “193.16.243.0/24“
And again with this other range “194.224.159.0/24”
Once added, it should look like this (plus the second range).
▼ I have activated payment by reference, one-click payment or tokenization and it does not work
First of all, your bank must have activated payment by reference for you; if they do not activate it, you will not be able to use it. On the other hand, due to the characteristics of WooCommerce, it is necessary for Redsys to send several data. If it does not, one-click payment will not work, and orders will not be marked as paid; in some cases, 500 errors may occur. Although Redsys or your bank tells you that those fields are not necessary, in the case of WooCommerce, THEY ARE. Without those fields, tokenization does not work on WooCommerce. So even though those fields are not really necessary for token use, they are in the case of using WooCommerce, as it makes use of them. Without them, it simply cannot work.
For one-click payment to work correctly, you must first ask them to activate it. Secondly, you must ask them to send you the following data in the callback that Redsys will perform to confirm the payment.
– Ds_Card_Brand
– Ds_ExpiryDate
– Ds_Card_Number
If any of the above fields are not sent, the orders will not be marked as paid, one-click payment will not work, and the plugin will send an email to the installation administrator notifying of this issue.
Without the previous data, WooCommerce will not be able to save the card brand, the card’s numerical ending, and the expiration date, and therefore will not save the token. There is even another reason why they must be sent; this way, the customer knows which card is saved thanks to the brand and the numerical ending.
Note in the previous capture that it says Visa ending in 004 12/20
This is set up through the fields that Redsys must send. If it does not send them, WooCommerce will not be able to set up this page, and therefore will not accept the token sent by Redsys.
▼ One-click payment without leaving the website
To use this option, first, you must have one-click payment activated in Redsys and in the plugin. Keep in mind that they must send you all the fields as explained in the previous point.
The second thing you must have active at the Redsys level is that the terminal is non-secure. If the terminal is not non-secure, one-click payment will not work without leaving the website.
▼ I use Booking and confirmation emails are not sent
If you use Booking from WooCommerce.com and confirmation emails are not sent after payment, make sure in wp-admin > Booking > Settings > Calendar Connection that the connection is active in case you have configured it. If the connection has been requested, there will be a fatal error at the time of payment, and the email sending process will not be carried out.
▼ Preauthorizations do not work for me
Preauthorizations must be activated by Redsys. So first, make sure they are activated.
Make sure that normal transactions (charge at the moment) are marked as paid in WooCommerce.
If preauthorizations do not work for you, you must ask Redsys to activate them for you.
▼ What do I need to make subscriptions with the premium Redsys plugin
To make subscriptions, you need a series of things.
- You need the Redsys plugin from WooCommerce.com
- You need the WooCommerce Subscriptions plugin
- You need to have payment by reference (tokenization payment) activated on your terminal and comply with what is explained in “I have activated payment by reference, one-click payment or tokenization and it does not work”
- The terminal you use must be activated as non-secure, or it will not be able to function.
▼ Subscriptions do not work with the WooCommerce Subscriptions plugin
- Make sure everything is up to date, that the Redsys plugin from WooCommerce.com is version 5.0.0 or higher.
- To rule out any previous incidents, first try to make a normal purchase without one-click payment. Deactivate it. If you go through Redsys and the payments are marked as paid, continue; if not, review the other points of the FAQ or open a ticket on WooCommerce.com for assistance.
- If in the previous point the orders are marked as paid, activate one-click payment.
- If in the previous point the orders are marked as paid, activate one-click payment without leaving the page.
- If in the previous point the orders are marked as paid, make the subscription payment.
- If any of the previous points fail and you do not see the solution, contact me through WooCommerce.com by opening a ticket for the plugin. Generally, I will respond very quickly.
▼ How do I use the filter redsys_modify_data_to_send?
Before creating the submission form to Redsys, this filter is executed in case we are using it.
All we need to do is use the data we want to make the modifications.
Example:
▼ You used the modulosdepago.es plugin and now Subscriptions or one-click payment does not work
This is a very common error, and it is due to the way the modulosdepago.es plugin manages the tokens; it is simply not the correct way within WooCommerce as they do not use the tokenization API.
Here you will find a post where I explain how to solve it.