• Hi,

    This line:
    RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]
    Added to .htaccess by iThemes security blocks callbacks from certain payment gateways.

    I just wanted to let both the users and developers know. I think it should be a separate option to block visitors with no user agent. I had this issue with the ePay payment gateway.


Viewing 8 replies - 1 through 8 (of 8 total)
  • Thanks, Emil.

    I was having the exact same problem with the ePay callbacks not going through.

    Definitely agree with the wish for a separate option.


    Could you try disabling the “Filter Suspicious Query Strings” and/or “Filter Long URLs” features and see if that helps?



    Thread Starter Emil


    Hi Gerroald,

    Thanks for the reply!

    It doesn’t. I tried disabling all of those little tweaks when I was testing it and nothing worked which lead me to deduct that it had something to do with the HackRepair list

    I’m managing a live-site, where “Filter Suspicious Query Strings” is on and “Filter Long URLs” is off and there’s no ePay callback problems on that site.

    I have a staging version of the same site, with those options set to the same and that site had the callback problem.

    Both sites also has the Hackrepair.com blacklist option set to on, but the .htaccess line, which Emil mentions in the original post, for some reason is not there on the live-site, and that makes all the difference. When I disabled the Hackrepair blacklist on the staging site, the callback problem vanished.

    So I guess that at some point recently, that line was added to the blacklist. Is the list pulled in from Hackrepair every time the iThemes Security settings are saved?

    Thread Starter Emil


    This rule also causes issue with PHPs getimagesize() function. It causes a forbidden warning. I’d imagine there are more functions like this in PHP that would also have issues.

    Thank goodness I’ve found this thread! I’ve been having the same issues with the CardSave/Worldpay payment gateway since the beginning of August and was loosing hope of finding the problem.

    In my case folks can make a payment, but then the Cardsave/Worldpay server isn’t allowed back into my website and they kindly show the customer that their payment has been received. But crucially they get stuck at the CardSave/Worldpay page & don’t get back to my site.

    = bad customer experience = loss of future sales & revenue.

    Gerroald; Please can you advise what the latest is on getting this issue fixed? I don’t really want to go to another plugin, but may have to. 🙁



    Thread Starter Emil


    Hi Chris,

    That’s why I made this thread in the first place! Just remove the line:

    RewriteCond %{HTTP_USER_AGENT} ^$ [NC,OR]

    From your .htaccess. It should be at the very top of the file. Alternatively you can disable the Hackrepair blacklist.


    Thanks! Details with IT guy who has access to the server backend.



Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Issues with WooCommerce and certain payment gateways’ is closed to new replies.