{"id":20742651,"url":"https://github.com/itinerisltd/gf-worldpay","last_synced_at":"2026-05-20T07:02:20.674Z","repository":{"id":48979771,"uuid":"144279893","full_name":"ItinerisLtd/gf-worldpay","owner":"ItinerisLtd","description":" Gravity Forms Add-on for WorldPay","archived":false,"fork":false,"pushed_at":"2023-01-23T20:33:20.000Z","size":49,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":10,"default_branch":"master","last_synced_at":"2025-08-24T14:42:10.021Z","etag":null,"topics":["gravityforms","gravityforms-payment","wordpress","wordpress-plugin","worldpay"],"latest_commit_sha":null,"homepage":"","language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ItinerisLtd.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2018-08-10T11:51:04.000Z","updated_at":"2021-09-27T15:17:55.000Z","dependencies_parsed_at":"2023-02-13T02:55:23.953Z","dependency_job_id":null,"html_url":"https://github.com/ItinerisLtd/gf-worldpay","commit_stats":null,"previous_names":[],"tags_count":7,"template":false,"template_full_name":null,"purl":"pkg:github/ItinerisLtd/gf-worldpay","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Fgf-worldpay","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Fgf-worldpay/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Fgf-worldpay/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Fgf-worldpay/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ItinerisLtd","download_url":"https://codeload.github.com/ItinerisLtd/gf-worldpay/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ItinerisLtd%2Fgf-worldpay/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":273272298,"owners_count":25075974,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-02T02:00:09.530Z","response_time":77,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gravityforms","gravityforms-payment","wordpress","wordpress-plugin","worldpay"],"created_at":"2024-11-17T07:06:48.358Z","updated_at":"2026-05-20T07:02:20.614Z","avatar_url":"https://github.com/ItinerisLtd.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gf-worldpay\n\n[![Packagist Version](https://img.shields.io/packagist/v/itinerisltd/gf-worldpay.svg)](https://packagist.org/packages/itinerisltd/gf-worldpay)\n[![PHP from Packagist](https://img.shields.io/packagist/php-v/itinerisltd/gf-worldpay.svg)](https://packagist.org/packages/itinerisltd/gf-worldpay)\n[![Packagist Downloads](https://img.shields.io/packagist/dt/itinerisltd/gf-worldpay.svg)](https://packagist.org/packages/itinerisltd/gf-worldpay)\n[![GitHub License](https://img.shields.io/github/license/itinerisltd/gf-worldpay.svg)](https://github.com/ItinerisLtd/gf-worldpay/blob/master/LICENSE)\n[![Hire Itineris](https://img.shields.io/badge/Hire-Itineris-ff69b4.svg)](https://www.itineris.co.uk/contact/)\n\n\nGravity forms add-on for WorldPay.\n\n\u003c!-- START doctoc generated TOC please keep comment here to allow auto update --\u003e\n\u003c!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --\u003e\n\n\n- [Minimum Requirements](#minimum-requirements)\n- [Installation](#installation)\n- [Setup](#setup)\n- [Security Concerns about WorldPay HTML API](#security-concerns-about-worldpay-html-api)\n- [Not Issue](#not-issue)\n- [Features](#features)\n- [Not Supported / Not Implemented](#not-supported--not-implemented)\n- [Best Practices](#best-practices)\n  - [HTTPS Everywhere](#https-everywhere)\n  - [Payment Status](#payment-status)\n- [Test Sandbox](#test-sandbox)\n- [FAQ](#faq)\n  - [GF WorldPay is Missing on Form Settings](#gf-worldpay-is-missing-on-form-settings)\n- [Public API](#public-api)\n  - [Build URL for continuing confirmation](#build-url-for-continuing-confirmation)\n  - [Redirect URL Retrieval Failure Handling](#redirect-url-retrieval-failure-handling)\n- [Preflight](#preflight)\n- [Coding](#coding)\n  - [Required Reading List](#required-reading-list)\n  - [Gravity Forms](#gravity-forms)\n- [Author Information](#author-information)\n- [Feedback](#feedback)\n- [Change log](#change-log)\n- [License](#license)\n\n\u003c!-- END doctoc generated TOC please keep comment here to allow auto update --\u003e\n\n## Minimum Requirements\n\n- PHP v7.2\n- php-curl\n- WordPress v4.9.8\n- Gravity Forms v2.3.3.2\n\n## Installation\n\n```bash\n$ composer require itinerisltd/gf-worldpay\n```\n\n## Setup\n\n[Payment response(redirection)](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Telling_your_shopper_about.htm#_Payment_Response_messages) and [Enhancing security with MD5](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10) are mandatory.\n\nIn the Integration Setup for your installation using [the Merchant Interface \u003e Installations option](http://support.worldpay.com/support/kb/bg/customisingadvanced/custa6011.html):\n\n1. Enable **Enable the Shopper Response**\n1. Enable **Payment Response enabled?**\n1. Enter `\u003cwpdisplay item=MC_callback\u003e` as **Payment Response URL**\n1. Enter a 25-char random passphrase as **Payment Response password**\n1. Enter a 30-char random passphrase as **MD5 secret for transactions**\n1. Enter `instId:amount:currency:cartId` as **SignatureFields**\n\nNote that WorldPay truncate long **Payment Response password** without notices!\n\n## Security Concerns about WorldPay HTML API\n\n- Leaking **MD5 secret for transactions**\n  * Allow evil hackers to set up fake checkout pages, pretending to be the merchant\n  * WorldPay would accept these checkouts and charges the credit cards\n  * Money goes into the merchant's account\n- Leaking **Payment Response password**\n  * Allow evil hackers to pretending to be WorldPay\n  * WordPress would accept evil hackers' payment callbacks and changes entries' payment statuses\n\n## Not Issue\n\nIf **Payment Response password**(also known as`callbackPW`) is incorrect, `InvalidResponseException` is throw to *stop the world*.\nCredit card holders see white screen of death or stuck in \"wait for redirection\" page in such case.\n\n## Features\n\n- [Enhancing security with MD5](http://support.worldpay.com/support/kb/bg/htmlredirect/htmlredirect.htm#rhtml/Enhancing_security_with_MD5.htm%3FTocPath%3D_____10)\n- [Gravity Forms Logging](https://docs.gravityforms.com/logging-and-debugging/)\n- [Gravity Forms Notification Events](https://docs.gravityforms.com/gravity-forms-notification-events/)\n- [Gravity Forms Confirmation](https://docs.gravityforms.com/configuring-confirmations-in-gravity-forms/)\n- [Gravity Forms Conditional Logic](https://docs.gravityforms.com/enable-conditional-logic/)\n\n## Not Supported / Not Implemented\n\n- Shipping address\n- Reject according to fraud check results\n- Token payment\n- Recurring payment\n- Refund\n- Void\n\n## Best Practices\n\n### HTTPS Everywhere\n\nAlthough WorldPay accepts insecure HTTP sites, you should **always use HTTPS** to protect all communication.\n\n### Payment Status\n\nAlways double check payment status on WorldPay Merchant Interface.\n\n## Test Sandbox\n\nUse this [test credit card](http://support.worldpay.com/support/kb/bg/pdf/181450-test-transaction-f.pdf).\n\n## FAQ\n\n### GF WorldPay is Missing on Form Settings\n\nGravity Forms capabilities behave differently on multi-user sites and its documents are incomplete.\nIf GF WorldPay is missing on form settings, grant yourself `gf_worldpay` and `gf_worldpay_uninstall` capabilities.\nSee: [https://docs.gravityforms.com/role-management-guide/](https://docs.gravityforms.com/role-management-guide/)\n\n## Public API\n\n### Build URL for continuing confirmation\n\n`ConfirmationHandler::buildUrlFor(Entry $entry, int $ttlInSeconds = 3600): string`\n\nUsage:\n```php\n\u003c?php\n$entryId = 123;\n$rawEntry = GFAPI::get_entry($entryId);\nif (is_wp_error($rawEntry)) {\n    wp_die('Entry not found');\n}\n\n$url = ConfirmationHandler::buildUrlFor(\n    new Entry($rawEntry),\n    86400 // expires in 24 hours (24*3600=86400)\n);\n\necho $url;\n// https://example.com?entry=123\u0026gf-worldpay-token=XXXXXXXXXXXX\n```\n\nUse Case:\nWith [\"using confirmation query strings to populate a form based on another submission\"](https://docs.gravityforms.com/using-confirmation-query-strings-to-populate-a-form-based-on-another-submission/):\n1. User fills in formA\n1. User completes WorldPay checkout form\n1. User comes back and hits `CallbackHandler`\n1. `CallbackHandler` sends user to formB according to confirmation settings\n1. User arrives formB url with merged query strings\n\nIf the user quits before completing formB, you could use `ConfirmationHandler::buildUrlFor` generate a single-use, short-lived url for the user to resume formB.\n\nNote:\n- The url continues Gravity Forms confirmation\n- Whoever got the url will go on confirmation, no authentication performed\n- The confirmation will use latest field values from database which could have changed\n- No payment status checking\n\n### Redirect URL Retrieval Failure Handling\n\nAfter form submit, this plugin sends order information to WorldPay in exchange for a redirect URL(the WorldPay hosted checkout form URL).\n\nBy default, when redirect URL retrieval fails:\n1. Mark entry payment status as `Failed`\n1. [Log](https://docs.gravityforms.com/logging-and-debugging/) the error\n1. `wp_die` **immediately**\n\nCommon failure reasons:\n- Incorrect vendor code\n- Server IP not whitelisted\n\nTips: Check the [log](https://docs.gravityforms.com/logging-and-debugging/).\n\n\nYou can use `'gf_worldpay_redirect_url_failure_wp_die'` filter to:\n- continue Gravity Forms' feed and confirmation flow\n- perform extra operations\n- redirect to a different error page\n\n**Important:** If this filter returns `false`, normal Gravity Forms' feed and confirmation flow continues.\nImproper settings might lead to disasters.\n\nExample:\n```php\nadd_filter('gf_worldpay_redirect_url_failure_wp_die', function(bool $shouldWpDie, ServerAuthorizeResponse $response, Entry $entry, GFPaymentAddOn $addOn): bool {\n\n    // Do something.\n\n    return true; // Do `wp_die`\n    return false; // Don't `wp_die`, continue normal flow\n    return $shouldWpDie; // Undecisive\n}, 10, 4);\n```\n\n## Preflight\n\nThis plugin provides built-in support for [preflight-command](https://github.com/itinerisltd/preflight-command).\nNo extra setup steps required.\n\n\nChecker ID: `gf-worldpay-production-mode`\n- ensure all gf-worldpay feeds are in production mode (i.e: not in test mode)\n- can't be disabled\n- no config options available\n\n## Coding\n\n### Required Reading List\n\nRead the followings before developing:\n\n- [WorldPay HTML API](https://www.worldpay.com/uk/support/guides/business-gateway)\n- [Gravity Forms: GFPaymentAddOn](https://docs.gravityforms.com/gfpaymentaddon/)\n- [Gravity Forms: Entry Object](https://docs.gravityforms.com/entry-object/)\n- [Omnipay: WorldPay](https://github.com/thephpleague/omnipay-worldpay)\n- [thephpleague/omnipay#255 (comment)](https://github.com/thephpleague/omnipay/issues/255#issuecomment-90509446)\n\n### Gravity Forms\n\nGravity Forms has undocumented hidden magics, read its source code.\n\n## Author Information\n\n[gf-worldpay](https://github.com/ItinerisLtd/gf-worldpay) is a [Itineris Limited](https://www.itineris.co.uk/) project created by [Tang Rufus](https://typist.tech).\n\nFull list of contributors can be found [here](https://github.com/ItinerisLtd/gf-worldpay/graphs/contributors).\n\n## Feedback\n\n**Please provide feedback!** We want to make this library useful in as many projects as possible.\nPlease submit an [issue](https://github.com/ItinerisLtd/gf-worldpay/issues/new) and point out what you do and don't like, or fork the project and make suggestions.\n**No issue is too small.**\n\n## Change log\n\nPlease see [CHANGELOG](./CHANGELOG.md) for more information on what has changed recently.\n\n## License\n\n[gf-worldpay](https://github.com/ItinerisLtd/gf-worldpay) is released under the [MIT License](https://opensource.org/licenses/MIT).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitinerisltd%2Fgf-worldpay","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fitinerisltd%2Fgf-worldpay","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fitinerisltd%2Fgf-worldpay/lists"}