Having problems?

You will find this information in the welcome email you should have received, but you can use this data without problems:

Card number: 4918019199883839
Expiration: 12/32
CVV2 Code: 123

To force the card error in the tests, you can use this one:

Card Number: 4907271141151707
Expiration: 12/32

Remember that Redsys always asks you to have at least one correct order without errors, and then to force an error to be communicated to the merchant.

For BIZUM you can use this data, be careful, some banks always return error after entering the data correctly.

Bizum Phone: 700000000
Bizum Key: 1234
SMS Code: 12345678

That the cost of the order for testing is low, less than 10€. I usually create a product of 1€ to make sure it works in tests.

Yes, it does work, there are already many customers who are using it on WordPress.com without problems. If for some reason the orders are not marked as paid, or you get a 500 error, you should contact WordPress.com support and access a live chat at https://wordpress.com/help/contact (especially Live Chat, do not go to the forums) and tell them that you get a 500 error at https://tusitio.com/?wc-api=WC_Gateway_redsys or https://tusitio.wpcomstaging.com/?wc-api=WC_Gateway_redsys.

They will fix it for you so that it works. That happens because of security measures implemented, but being a plugin recognized and audited by Automattic (owners of WordPress.com and WooCommerce) through WooCommerce.com, they will make it work without problems, if it doesn’t from the beginning.

Just make sure you have Redsys configured as in the following screenshot…

Online notifications: (HTTP + Email Commerce) –> Email Entity
Synchronization: Synchronous
URL OK: Nothing
URL KO: Nothing
Send parameters in URLs: NO

In order to be able to send the data to Redsys correctly in PHP 5.6 or lower, it is necessary that the hosting you hire has the PHP extension mcrypt_encrypt() installed and activated. If it is not, you will not be able to use Redsys. So make sure that your hosting has it installed and if not, ask for it to be installed on the server and activate it in php.ini.

To be able to send the data to Redsys correctly in PHP 7.0 or higher, it is necessary that the hosting you hire has the PHP encrypt_3DES() extension installed and activated. If it is not, you will not be able to use Redsys. So make sure that your hosting has it installed and if not, ask for it to be installed on the server and activate it in php.ini.

This is by far the biggest problem that exists in WooCommerce with Redsys.

The reasons for an order to remain unmarked as paid can be several.

As a general rule, this is due to the use of a security certificate that is not compatible with Redsys, for example Let’s Encrypt, Comodo and others.
The way to solve it is to check in the plugin configuration the compatibility with SNI certificates.
If your hosting forces the redirection of all requests to HTTPS, you should also disable this forced redirection.
If you use a plugin like Really Simple SSL, you must activate the forced redirection through the .htaccess file, deactivate the redirection via WordPress and finally, deactivate that it can continue making modifications to the htaccess file.

Once we have everything configured, we must add the following line in the code added by Simple SSL or the plugin we use:

RewriteCond %{QUERY_STRING} !^wc-api=WC_Gateway_(.*)redsys

Whether you have a code added by another plugin or not, you must have this code in the ,htaccess file. If you have any other redirect code, remove it.

The following code is for both the WordPress.org plugin and the premium WooCommerce.com plugin. Add an exception for all payment options added by the premium plugin.

# REDIRECT REDSYS SSL CERTIFICATE BY JOSE CONTI V.2.0
RewriteEngine on
RewriteCond %{QUERY_STRING} !^wc-api=WC_Gateway_(.*)redsys
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# END REDIRECT REDSYS SSL CERTIFICATE BY JOSE CONTI V.2.0

Another possibility is that the firewall, either of the server or of a plugin that we use, for example the antibot of All In One SEO Pack, is blocking the Redsys IP. We must check that none of the IPs blocked by the firewall belong to Redsys. In the case of All In One SEO Pack, deactivate the Anti Bots protection, as there is no way to add exceptions and it will always block Redsys.

Finally, we have not configured Redsys correctly and we do not have HTTP notification active and we only have email notification active. Log in to Redsys and check that the notifications to the site are configured correctly. The HTTP notification must be selected, either alone or together with the email notification.

It is very simple what to do.

First we will go to Security > Settings > Banned Users

We should disable “Enable HackRepair.com’s blacklist feature”.

If you have System Tweaks active, access it.

Once inside, look for “Filter Long URL Strings” and make sure it is disabled.

Notice that I have also checked Suspicius Query String. There are times when this setting can interfere and cause orders not to be marked as paid.

Once you have done these checks, you can try again if you don’t have any of the other reasons for not marking an order as paid (Let’sEncrypt and CloudFlare) which in this case, continue to see how to fix it.

You must go to the Firewall tab in CloudFlare, where we will prevent CloudFlare from mistaking the notification that Redsys makes to our site as a malicious bot. Inside the Firewall tab, we will access the “Tools” submenu.

In the Tools submenu, we must add the following:
In “Enter an IP”, we will put “195.76.9.0/24“, in the dropdown we will select “whitelist”, in the next dropdown we will select if we want it for the active site, or for all the ones we have, and finally, we can put a note, or press directly “Add”.

Once you have added the previous IP range, repeat the action, but with this other range “193.16.243.0/24“.

And again with this other range “194.224.159.0/24”.

Once added, we should be left like this (plus the second range).

First of all, your bank must have activated the payment by reference, if they do not activate it you will not be able to use it. On the other hand, due to the characteristics of WooCommerce, it is necessary that Redsys sends several data. If it does not, the one-click payment will not work, and orders will not be marked as paid and in some cases even 500 errors could occur. Although Redsys or your bank tells you that these fields are not necessary, in the case of WooCommerce they are. Without those fields, tokenization does not work on WooCommerce. So although those fields are not really necessary for tokenization, they are necessary in the case of using WooCommerce, since WooCommerce makes use of them. Without them, it simply can’t work.
For the one-click payment to work properly, you must first ask for it to be activated. Secondly, you must ask for the following data to be sent in the Redsys callback to confirm the payment.
– Ds_Card_Brand
– Ds_ExpiryDate
– Ds_Card_Number

If any of the above fields are not sent, orders will not be marked as paid, the 1-click payment will not work and the plugin will send the installation administrator an email warning about this problem.

Without the above data, WooCommerce will not be able to save the card brand, the card number ending and the expiration date, and therefore will not save the token. There is even another reason why they should be sent, this way, the customer knows which card is the one that is saved thanks to the brand and the numeric termination.

Note in the above screenshot that says Visa ending in 004 12/20.

This is set up by the fields that Redsys must send. If you do not send it, WooCommerce will not be able to mount this page, and therefore will not accept the token sent by Redsys.

To be able to use this option, first you must have activated in Redsys and in the plugin the 1-click payment. Keep in mind that you must send all the fields as explained in the previous point.

The second thing that you must have active at Redsys level, is that the terminal is not secure. If the terminal is not secure, the one-click payment will not work without leaving the website.

If you use WooCommerce.com Booking and no emails are sent after payment, make sure in wp-admin > Booking > Settings > Calendar Connection that the connection is active if you have configured it. If the connection has been requested, there will be a fatal error at checkout, and the email sending process will not be performed.

Pre-authorizations must be activated by Redsys. So first make sure they have them active.

Make sure that the normal transactions (charge at the moment) are marked as paid in WooCommerce.
If the pre-authorizations do not work, you must ask Redsys to activate them.

To make subscriptions you need a number of things.

• You need the WooCommerce.com Redsys plugin.
• You need the WooCommerce Subscriptions plugin.
• You need to have activated on your terminal the payment by reference (payment by tokenization), and comply with what is explained in “I have activated the payment by reference, payment with a click or tokenization and it doesn’t work”.
• The terminal you use must be activated as not secure, or it will not be able to work.

• Make sure everything is on the latest version that the WooCommerce.com Redsys plugin is equal to or greater than version 5..0.0.
• To rule out any previous issues, first try making a normal purchase without a one-click checkout. Disable. If you go through Redsys and the payments are marked as paid, continue, if not, go through the other points of the FAQ or open a ticket on WooCommerce. com to help you solve it.
• If in the previous point the orders are marked as paid, activate the payment with a click.
• If in the previous point the orders are marked as paid, activate the one-click checkout without leaving the page.
• If in the previous point the orders are marked as paid, make the payment with the subscription.
• If any of the above points fails and you don’t see the solution, contact me through WooCommerce.com by opening a ticket for the plugin. As a general rule I will respond very quickly.

Before creating the form to send to Redsys, run this filter if we are using it.
The only thing we have to do is to use the data we want to make the changes.
Example:

This is a very common mistake, and it is because of the way the modulosdepago.es plugin manages the issue of tokens, it is simply not correct within WooCommerce because they do not use the tokenization API.

Here you can find a post where I explain how to fix it.