Forum Replies Created
-
Posts
-
That’s great, thanks. Please note that it’s not just !.
I also have members that have used the following: &#!/?
Thanks again.
John
Good Morning,
Seems like all I had to do was change our site address in PayPal’s IPN screen to HTTPS from HTTP. I have forgotten that I set it that way back several years ago before we went SSL.
Sorry, I should have checked this before bothering you.
Anyway, seems like PayPal are going to insist on SSL for IPN come July 2018.
Best
John
Hi Admin,
Thanks for coming up. We are fully HTTPS, so I think I’m good, but I will double check. Thanks for the guidance.
Good Morning and Happy new Year,
I’m sure you guys have this in hand, but just so you are aware, I just (December 21st.) received the attached from PayPal:
As you can see they are still saying that we need to update to HTTPS for IPN post back.
It seems that this is not just a generic email, but that they are saying that our particular integration needs an update.
We are running the latest versions: WPES 8.0.1 and Payment Gateway 2.2.7
Best
John
<<<<<PAYPAL MAIL>>>>
John Harries,
Every day, hundreds of millions of people use PayPal to manage and move money online or on a mobile device. That’s why one of our top priorities is to ensure our customers have a safe, secure experience when transacting with PayPal.
This year, we’ve made a number of upgrades to the PayPal system enabling us to continue providing the highest level of security available for customers. Throughout 2018, we will continue to upgrade our security protocols to the highest levels of protection available, which includes moving all of our systems to TLS 1.2, an enhanced security protocol that encrypts customer data over the Internet. We also announced several new security requirements for merchants who use PayPal, to ensure they do their part to protect sensitive customer data, as well.
Our records indicate that you still need to make critical security upgrades to your systems. If you see a “YES” next to a security change, your integration must be updated to accept these new security measures as soon as possible.
Change Change Required?
Merchant API Certificate Credential Upgrade No
TLS 1.2 and HTTP/1.1 Upgrade No
IPN Verification Postback to HTTPS Yes
Discontinue Use of GET Method of Classic NVP/SOAP No
If you have not made the necessary changes by the date specified, you won’t be able to accept payments with PayPal until you do so. But most importantly, failure to make these upgrades will put your customers’ sensitive personal and financial data at risk.
How do I make these changes?
More information on the required changes and how to implement them can be found on our Merchant Security Road Microsite:
• 2016-2017 Merchant Security Roadmap
• TLS1.2 and HTTP/1.1 Upgrade Roadmap
• IPN Verification Postback to HTTPS
• Discontinue Use of GET Method for Classic NVP/SOAP API’s
• Merchant API Certificate Credentials Upgrade
If you need additional support with these changes, we encourage you to contact your web hosting company, ecommerce software provider, in-house web programmer or system administrator.
As a leading payment provider, we’re committed to continually building and investing in the strongest protections possible. Thank you for your support and for helping us maintain the highest security standards for all of our shared global customers.
If you have any questions or concerns, please contact your account manager.
Hi Admin
Thanks for quick reply.
You were right. The Add to Any plugin was interfering with the message.
Thanks for putting me on the right track to fix this.
Best
John
Good Morning,
While I totally get why you decided not to use Tags in membership renewal emails, I’m wondering if it might not be time to revisit the decision? Here’s my thoughts:
First, in these days of phishing attacks people are being told to be suspicious of generic emails that do not include their name and specific information, such as their member type. I think a lot of people have got to the point that they just stop reading if the mail is not personalized.
Second, having now run a member site for some three years, I think that a good renewal rate is the probably the biggest success driver in the business, and personalized emails just sell better. It would also be good it we could use the membership type tag to say: “your one year membership has just expired”.
Third, these days with more powerful servers, would the performance hit be that bad? After all, even for our some 3000+ members we are only going to be sending say half a dozen emails a night.
Right now we are doing renewals mails with Mailchimp, but it’s far from elegant since we have to do manual transfer of data from WPEM to make it work well.
Anyway, if you would consider it, I would be happy to pay for it.
Best Regards
John
PS One thing, sort of related, that I thought you might find interesting: We have moved our email delivery rate up to 99% by moving to Mandrill rather than letting the WP emailer handle it. Pretty much solved all registration delivery link problems. So the above suggested change coupled with Mandrill could really increase our revenues. (Thanks to Rahul who first suggested we get off WP emailing).
Hi wzp,
No, I can’t say we have been able to nail it down to that level, but it does seem that all hand held devices are worse than computers. That said, I will do some more structured testing over the weekend. Did you get the screen shots of the cookies I sent via email?
Hi, Thanks for coming up. The problem does seem worse on mobile, you are right. And yes we have questioned users. Sometimes it is as you say because they have cleared cookies etc. Hard to pin down, so we have been testing in house with our own devices. The logoffs seem to happen at about three days, but it’s hard to nail it down to an exact time or action that triggers it. It does not seem to matter whether or not we are outside our office using cell data.
What I can say is that our WP eMember seems to be less persistent than many other systems I use. The all time champ for login persistence seems to be this site: [https://luminous-landscape.com/login/?redirect_to=https%3A%2F%2Fluminous-landscape.com%2F]
On which my ipad stays logged in for months at a time.
Also, my WP admin login is much more persistent.
I have sent you a couple of screen shots via email of the relevant cookies that might help.
Thanks
John
Hi Again,
Sorry to keep bugging you on this one, but I’m still getting push back from my members about getting logged off even if they have clicked remember me. (That said, much better since I turned off the options as noted above.)
Having done that, I had a look at the login cookie that WP eMember writes out and it seems that the expire time on that is three days. Assuming I have that right, is there any way I can increase that time to say a month or so. I think this would go a long way to making my members happier.
If there is not a way, I would be interested in paying to have this option added.
One other thought: I assume that even if someone was logged in when their membership expired, they would still be locked out of protected content and sent to renewal. Do I have that right?
Thanks
John
OK, that works. I understood not to use “Disable Simultaneous Login” and didn’t, but I was using maximum number of IP addresses in a day set to 3.
Thanks
That’s great, thanks. However, I have not yet received an update. Did you send it via email? I have checked all my accounts and spam folders.
Thanks
John
Good Morning,
I think I may have found a bug with this feature:
If I enable Allowed Expired Account Login AND Redirect Expired User, when an expired user tries to login in using the fancy login popup Style 2 the popup box just hangs with no action and no redirect. But in fact, if one ignores that and clicks on another page (say on a menu) it turns out that the user is logged in, but not redirected, and since the pop up stays up, they don’t even know they are logged in.
I have tested the same thing with the standard short code static login box, and it works fine and redirects correctly. So it appears the bug is in the pop up box.
Please advise
Hi Wzp,
Thanks for coming up so quickly. Please help me to understand this so I can explain it to my members. I’m getting a lot of complaints and everyone says our system is much worse than most systems that require a login, in this regard.
I thought that the remember me feature was based on a cookie, surely that won’t change with IP address?
In fact I tested with my iPhone. First I logged in at home on Wifi, then surfed the site on cell, but it still remembered me.
Could this be because I turned the maximum number of IP addresses allowed feature off?
Thanks
John
Good Morning,
Generally WP Emember is working great, but the most frequent complaint I get from members, is that when they tick the Remember Me box it does not last as long as they would like, particularly on phones and iPads. Seems like it last a day or so on a computer, but only hours on a tablet.
Could you please advise how long the cookie is set to last and if there is anything I can do to make it longer?
I have all of the login options that could mess this up set to off now, although I did have the max number of IP addresses set to 3. Could that be a problem?
Thanks
John
