GoFuckYourself.com - Adult Webmaster Forum - View Single Post

HairyChick · 10-17-2017, 07:09 PM

I'm setting up payment gateways. Subdomain with Wordpress, Page with API. This is for a project using a different script. Instead of going to submit.php they'd go to /paymentprocessor/submit.html and ReCaptcha would send them to /subdomain/submit.php

Wordpress would not retain any information as it's a steppingstone to the API. It's solely for ReCaptcha. Each processor would have a subdomain.

Or, I could have them click submit.html, not in Wordpress, which goes to a non-Wordpress payment.php page, with all API code. No retention of information.

I'd use SSL and retain nothing. If Wordpress is hacked, there is only one page with ReCaptcha on it. If any API pages are hacked, it's just plain source code. IF they hijack via hack, I have scripts that detect file changes and notifies me. I can set that up to notify my host, too, if certain pages are changed. They could just 404 the pages with "Maintenance" message until I can fix and find out how the hack was done.

I'm sure people will say to leave it as is, use SSL, and don't add unnecessary shit. I agree but want ReCaptcha in there. Pop ups can be disabled so the user can't get to see ReCaptcha. Being gone for so long with so many code and security changes has me thinking before I act the wrong way.

Bottom line is I don't want any action taken unless they solve ReCaptcha. No bookmarking the pages to login, sign up, submit or pay. I know, it sounds impossible, but there has to be a way. Like "if-ReCaptcha-posts-unsolved-redirect-to-ReCaptcha-page" or "direct-URL-not-allowed-redirect-to-ReCaptcha-Page". THIS would avoid subdomains, Wordpress and mean simple coding of a handful of pages or files.

Coders, am I overthinking this, complicating this, or am I on the right track with the redirect code on php pages?

10-17-2017, 07:09 PM
HairyChick Slowly dying Industry Role: Join Date: Sep 2012 Location: Padanaram Posts: 3,091	How Would You Set This Up? I'm setting up payment gateways. Subdomain with Wordpress, Page with API. This is for a project using a different script. Instead of going to submit.php they'd go to /paymentprocessor/submit.html and ReCaptcha would send them to /subdomain/submit.php Wordpress would not retain any information as it's a steppingstone to the API. It's solely for ReCaptcha. Each processor would have a subdomain. Or, I could have them click submit.html, not in Wordpress, which goes to a non-Wordpress payment.php page, with all API code. No retention of information. I'd use SSL and retain nothing. If Wordpress is hacked, there is only one page with ReCaptcha on it. If any API pages are hacked, it's just plain source code. IF they hijack via hack, I have scripts that detect file changes and notifies me. I can set that up to notify my host, too, if certain pages are changed. They could just 404 the pages with "Maintenance" message until I can fix and find out how the hack was done. I'm sure people will say to leave it as is, use SSL, and don't add unnecessary shit. I agree but want ReCaptcha in there. Pop ups can be disabled so the user can't get to see ReCaptcha. Being gone for so long with so many code and security changes has me thinking before I act the wrong way. Bottom line is I don't want any action taken unless they solve ReCaptcha. No bookmarking the pages to login, sign up, submit or pay. I know, it sounds impossible, but there has to be a way. Like "if-ReCaptcha-posts-unsolved-redirect-to-ReCaptcha-page" or "direct-URL-not-allowed-redirect-to-ReCaptcha-Page". THIS would avoid subdomains, Wordpress and mean simple coding of a handful of pages or files. Coders, am I overthinking this, complicating this, or am I on the right track with the redirect code on php pages?