Paypal Button

  • andrew0115

    (@andrew0115)


    6 years, 2 months ago

    I have the simple membership plugin. I created a Paypal button and all was working fine until someone managed to alter the figures and gain access to the website and all the content without paying, after I consulted with Paypal there investigations showed that because the button is open source it is possible for some clever people to get in and alter the figures which then allows them to check out and register without paying.They recommended using a button created by Paypal the problem with this is the registration process doesn’t work when I use a button created by Paypal. I found a short term solution to have the status when they register set to pending so I can check that they have paid which is fine but unfortunately every time they make a recurring payment it sets the status again to pending which I don`t want. Any ideas how I can fix the problem. The Paypal button I have takes a payment of £249.99 which i set to a trail period of 3 months and then a monthly recurring payment of £24.99 thereafter. Many Thanks

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support mbrsolution

    (@mbrsolution)

    6 years, 2 months ago

    Hi, sorry to hear about your bad experience with our plugin. Before we can find a solution to your issue please answer my questions below.

    I have the simple membership plugin. I created a Paypal button and all was working fine until someone managed to alter the figures and gain access to the website and all the content without paying,

    Did you create the PayPal button using the following documentation?
    https://simple-membership-plugin.com/create-paypal-buy-now-button-inside-the-simple-membership-plugin/

    If you did, I am curious to know how they would alter the figures and gain access to the website and all the content without paying?

    Also can you provide more information about your site specs? For example: What is your WordPress version? Are all your plugins and theme up to date? What type of security do you have set up in place for your site? What is your server specs?

    I found a short term solution to have the status when they register set to pending so I can check that they have paid which is fine but unfortunately every time they make a recurring payment it sets the status again to pending which I don`t want. Any ideas how I can fix the problem. The Paypal button I have takes a payment of £249.99 which i set to a trail period of 3 months and then a monthly recurring payment of £24.99 thereafter. Many Thanks

    Have you created a PayPal subscription button as per the following documentation?

    https://simple-membership-plugin.com/create-paypal-subscription-button-inside-the-simple-membership-plugin/

    Thank you

    Thread Starter andrew0115

    (@andrew0115)

    6 years, 2 months ago

    Hi
    Thank you for your reply. I have found a solution to the problem and managed to get the button created from Paypal onto the site and using the advanced variables code created and hopefully this will stop this happening again, I will give you the information requested as you may want to look into it.

    This was the reply I received from Paypal

    Hi Andrew,

    Apologies for the delayed response, On going through your website, I found that you are using an unsecured PayPal HTML button to receive Subscription payment and this has a drawback where in you change the amount in the source code & pass the same to PayPal, using this vulnerability buyer had changed the subscription amount to £1.99 and made a successful transaction to your PP account.

    Due to this vulnerability we do not recommend unsecured PP button to our partners,It is always recommended to use secured Button codes which ensures backward compatibility and protection from Fraudulent transaction.

    So I too recommend you to switch to Secured HTML Button code to prevent such kind of fraudulent transactions in future.

    The WordPress version I am using is 5.3.2
    Yes all the plugins and themes are up to date.
    I do not know the server specs
    The security is just whatever i have with wordpress.

    This is what the email should look like that I get from Paypal I have taken the names off etc

    Customer name:
    Customer email:
    Automatic payment ID: I-HY9FK6VYH734
    For: BFP Academy & Updates
    Automatic payment details

    Amount paid each time: £24.99 GBP
    Billing cycle: Monthly
    Payments start: 24 Mar 2020
    Next payment due: 24 Mar 2020
    Trial Period

    Trial period amount: £149.99 GBP
    Billing cycle: 3 Months
    Start date: 24 Dec 2019
    End date: 24 Mar 2020

    However this is what they changed it to which triggered the complete registration email and allowed them to get access to the site

    Customer name:
    Customer email:
    Automatic payment ID: I-5DW70BB775RL
    For: BFP Academy & Updates
    Automatic payment details

    Amount paid each time: £1.99 GBP
    Billing cycle: Monthly
    Payments start: 15 Feb 2020
    Next payment due: 15 Feb 2020
    Trial Period

    Trial period amount: £0.00 GBP
    Billing cycle: 3 Months
    Start date: 15 Nov 2019
    End date: 15 Feb 2020

    Anyway I think I have found a solution as did change it to the Paypal button but it was not registering members after completion but have now put the advanced variables code in so should be all ok now. Thanks for your time

    Andrew

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Paypal Button’ is closed to new replies.