WP Simple Pay Documentation

Documentation, Reference Materials, and Tutorials for WP Simple Pay

How to Resolve 406/403 Not Acceptable – ModSecurity Issues

ModSecurity is an open source firewall solution that some web hosts automatically enable on their servers. Some configurations of ModSecurity can accidentally block valid requests to your server which can in turn cause WP Simple Pay to not function correctly.

Error Returning from Stripe Checkout (checkout.stripe.com)

A common request ModSecurity may block is returning from an off-site Stripe Checkout page. It is important that ModSecurity does not block requests from any of Stripe’s fully qualified domain names:

api.stripe.com
checkout.stripe.com
files.stripe.com
js.stripe.com
m.stripe.com
m.stripe.network
q.stripe.com

Your web host will be able to add these domains to the ModSecurity whitelist to ensure your users see their Payment Success page after a Stripe Checkout payment.

Error Attempting an On-Site Payment Form

ModSecurity can also incorrectly block requests to your website’s WordPress REST API. This can occur in certain instances such as using a custom field to collect a URL, which ModSecurity may flag when the form’s content is submitted.

Your web host will be able to see POST requests to the /wp-json/wpsp REST API endpoints and whitelist any rules that have been improperly triggered that may be blocking requests.

See our documentation article on the WordPress REST API for more information.

Still have questions? We’re here to help!

Last Modified:

Start Accepting Payments Today

Start accepting one-time and recurring payments or donations on your WordPress website.