itinerisltd / wc-worldpay
WorldPay integration for WooCommerce.
Installs: 814
Dependents: 0
Suggesters: 0
Security: 0
Stars: 2
Watchers: 11
Forks: 0
Open Issues: 0
Type:wordpress-plugin
Requires
- php: ^7.2
- ext-curl: *
- composer/installers: ^1.5
- league/omnipay: ^3.0
- omnipay/worldpay: ^3.0
Requires (Dev)
- automattic/vipwpcs: ^0.3.0
- roave/security-advisories: dev-master
- wp-coding-standards/wpcs: ^1.0
This package is auto-updated.
Last update: 2024-10-24 00:38:51 UTC
README
WorldPay integration for WooCommerce.
- Minimum Requirements
- Installation
- Setup
- Security Concerns about WorldPay HTML API
- Not Issue
- Features
- Not Supported / Not Implemented
- Best Practices
- Test Sandbox
- FAQ
- Coding
- Feedback
- Security
- Change log
- Credits
- License
Minimum Requirements
- PHP v7.2
- php-curl
- WordPress v4.9.8
- WooCommerce v3.4.5
Installation
$ composer require itinerisltd/wc-worldpay
Setup
Payment response(redirection) and Enhancing security with MD5 are mandatory.
On WorldPay's integration setup page:
- Enable Enable the Shopper Response
- Enter
<wpdisplay item=MC_callback>
as Payment Response URL - Enable Payment Response enabled?
- Enter a 25-char random passphrase as Payment Response password
- Enter a 30-char random passphrase as MD5 secret for transactions
- Enter
instId:amount:currency:cartId
as SignatureFields
Then, fill in the same information on WP admin dashboard - WooCommerce > Settings > Payments > WordPay.
Note that WorldPay truncate long Payment Response password without notices!
Security Concerns about WorldPay HTML API
- Leaking MD5 secret for transactions
- Allow evil hackers to set up fake checkout pages, pretending to be the merchant
- WorldPay would accept these checkouts and charges the credit cards
- Leaking Payment Response password
- Allow evil hackers to pretending to be WorldPay
- WordPress would accept evil hackers' payment callbacks and changes order payment statuses
Not Issue
If Payment Response password(also known ascallbackPW
) is incorrect, InvalidResponseException
is throw to stop the world.
Credit card holders see white screen of death in such case.
Features
Not Supported / Not Implemented
- Shipping address
- Reject according to fraud check results
- Token payment
- Recurring payment
- Refund
- Void
Best Practices
HTTPS Everywhere
Although WorldPay accepts insecure HTTP sites, you should always use HTTPS to protect all communication.
Payment Status
Always double check payment status on worldpay.com
.
Test Sandbox
Use this test credit card.
FAQ
Is support.worldpay.com
secure?
No! support.worldpay.com
does not support HTTPS.
This is unacceptable. Please encourage them to use HTTPS everywhere.
Will you add support for older PHP versions?
Never! This plugin will only works on actively supported PHP versions.
Don't use it on end of life or security fixes only PHP versions.
It looks awesome. Where can I find some more goodies like this?
- Articles on Itineris' blog
- More projects on Itineris' GitHub profile
- Follow @itineris_ltd and @TangRufus on Twitter
- Hire Itineris to build your next awesome site
This plugin isn't on wp.org. Where can I give a ⭐️⭐️⭐️⭐️⭐️ review?
Thanks! Glad you like it. It's important to make my boss know somebody is using this project. Instead of giving reviews on wp.org, consider:
- tweet something good with mentioning @itineris_ltd
- star this Github repo
- watch this Github repo
- write blog posts
- submit pull requests
- hire Itineris
Coding
Required Reading List
Read the followings before developing:
- WorldPay HTML API
- Omnipay: WorldPay
- thephpleague/omnipay#255 (comment)
Omnipay\WorldPay\Message\PurchaseRequest::getData()
Testing
$ composer test
$ composer check-style
Pull requests without tests will not be accepted!
Feedback
Please provide feedback! We want to make this library useful in as many projects as possible. Please submit an issue and point out what you do and don't like, or fork the project and make suggestions. No issue is too small.
Security
If you discover any security related issues, please email hello@itineris.co.uk instead of using the issue tracker.
Change log
Please see CHANGELOG for more information on what has changed recently.
Credits
wc-worldpay is a Itineris Limited project created by Tang Rufus.
Full list of contributors can be found here.
License
wc-worldpay is licensed under the GPLv2 (or later) from the Free Software Foundation. Please see License File for more information.