WebHosting4U Secure Card Gateway for ePay Paycenter (Piraeus Bank) -- WordPress 插件

开发者	webhosting4ugr
更新时间	2026年5月22日 02:08
PHP版本:	7.4 及以上
WordPress版本:	7.0
版权:	GPLv2 or later
版权网址:	版权信息

What sets this plugin apart

HPOS-native from day one. Built against WooCommerce's High-Performance Order Storage from the very first release. All order metadata uses the HPOS-aware $order->update_meta_data() / get_meta() API — never the legacy update_post_meta() / get_post_meta() calls that silently fail on HPOS-enabled stores (the WooCommerce default for new installs since 8.x). Your transaction IDs, support reference IDs, and approval codes are preserved whichever storage mode you run.
Cloudflare-aware. Automatically detects when your store is served through Cloudflare (via the CF-Ray / CF-Connecting-IP request headers) and surfaces the current Cloudflare IPv4 CIDR ranges right in the gateway settings page, ready to copy. You hand them to Euronet Merchant Services so the bank's callbacks are not blocked at their firewall when they arrive via Cloudflare edge IPs. Live list fetched from cloudflare.com/ips-v4 and cached for 12 hours.
Built-in WAF / callback self-test. A diagnostic button in the gateway settings sends a realistic, declined-transaction-shaped POST to your own callback URL via loopback and reports whether your host's web-application firewall (cPFence, ModSecurity / OWASP CRS, Imunify360, BitNinja, LiteSpeed WAF) silently blocks it before PHP runs. No real order is created or modified — the synthetic payload carries a WAFTEST- merchant reference that cannot match any order in the database. Catches the class of "callbacks never arrive" problems before they cost you a sale.
Modern admin UI. Card-based layout, dashicons throughout, one-click Copy-to-clipboard for all callback URLs grouped in a single block, environment badge (Test / Live / Production) on the credentials section, collapsible Cloudflare details. Audited against WordPress 7.0's "Modern" admin theme.
Audited for WordPress 7.0 on release day. Reviewed against the full WordPress 7.0 Field Guide breaking-changes list on 2026-05-20. "Tested up to: 7.0" from the very first stable release. The plugin requires PHP 7.4 (the new WordPress 7.0 minimum) and uses no APIs deprecated in 7.0.
Fully bilingual (EN + EL). All 179 admin and customer-facing strings translated to Greek and shipped as both classic .mo and WordPress 6.5+ performant .l10n.php payloads. The wp.org page itself ships with an English readme.txt that opens with a Greek summary, plus a parallel full Greek readme-el.txt companion file inside the plugin folder for Greek-speaking merchants.

Ελληνικά: Ανεξάρτητο πρόσθετο πύλης πληρωμής WooCommerce από τη WebHosting4U για την υπηρεσία ePay Paycenter Redirection της Τράπεζας Πειραιώς / Euronet Merchant Services. Υλοποιεί πλήρως την επίσημη προδιαγραφή Redirection v2.9:

Έκδοση μοναδικού εισιτηρίου (TranTicket) μέσω SOAP Ticketing Web Service με κωδικοποίηση UTF-8.
Αυτόματη ανακατεύθυνση POST στην ασφαλή σελίδα πληρωμής της τράπεζας (pay.aspx) — τα δεδομένα κάρτας δεν περνούν ποτέ από τον διακομιστή του καταστήματος.
Πλήρης επαλήθευση HashKey HMAC-SHA256 σε κάθε επιτυχημένη απάντηση πριν χαρακτηριστεί η παραγγελία ως εξοφλημένη.
Υποστήριξη συναλλαγών Sale και Προέγκρισης (Preauthorization).
Υποστήριξη IRIS Payments (άμεσες πληρωμές μέσω ΔΙΑΣ). Όταν η Euronet Merchant Services ενεργοποιήσει το IRIS στη σύμβασή σας, η σελίδα πληρωμής της τράπεζας εμφανίζει στον πελάτη και τις δύο επιλογές (κάρτα ή IRIS). Το πρόσθετο αναγνωρίζει τις απαντήσεις IRIS, αποθηκεύει το κανάλι πληρωμής στην παραγγελία, και εμφανίζει μηνύματα προσαρμοσμένα στα IRIS σενάρια (ακύρωση από την εφαρμογή τράπεζας, λήξη QR 5 λεπτών, σφάλμα υπηρεσίας IRIS κ.λπ.).
Συμπλήρωση πεδίων 3-D Secure από τη διεύθυνση χρέωσης / αποστολής του WooCommerce.
Συμβατότητα με HPOS (Custom Order Tables) και WooCommerce Blocks checkout.

Προϋπόθεση: πρέπει να έχετε υπογεγραμμένο συμβόλαιο αποδοχής με την Euronet Merchant Services / Τράπεζα Πειραιώς και να διαθέτετε τα διαπιστευτήρια AcquirerId, MerchantId, PosId, Username, Password. Το πρόσθετο δεν παρέχει δικούς του δοκιμαστικούς λογαριασμούς. Η πλήρης ελληνική μετάφραση της σελίδας του προσθέτου στο WordPress.org θα είναι διαθέσιμη μέσω του translate.wordpress.org μόλις εγκριθεί από την κοινότητα. Δείτε επίσης το συνοδευτικό readme-el.txt για την ολοκληρωμένη ελληνική τεκμηρίωση. English: This plugin integrates WooCommerce with the ePay Paycenter Redirection service operated by Piraeus Bank / Euronet Merchant Services. It implements the official Redirection v2.9 specification end to end:

SOAP Ticketing Web Service (IssueNewTicket) with UTF-8 payload.
Auto-submitted HTML form POST redirection to the Paycenter secure payment page (pay.aspx) so card data never touches your server.
Full HMAC-SHA256 HashKey verification for every successful callback before marking an order as paid.
Support for Sale and Preauthorization transactions.
IRIS payments (Greek instant payment / DIAS) accepted transparently when enabled by Euronet Merchant Services on the merchant agreement. The bank's hosted page presents card and IRIS as the two payment options; the plugin recognises the IRIS-specific response payload (CardType=15, PaymentMethod=IRIS), surfaces IRIS-tailored decline messages for the IRIS-only ResponseCodes (05 user-cancelled-in-bank-app, 06 service error, 09 pending, 68 5-minute QR timeout, 70 IRIS service error) and records the channel on the order so card vs IRIS settlements are distinguishable in your reports.
3-D Secure auxiliary fields populated from the WooCommerce billing / shipping address.
HPOS (Custom Order Tables) and WooCommerce Blocks checkout support.

You must have signed an acquiring contract with Euronet Merchant Services / Piraeus Bank and obtained AcquirerId, MerchantId, PosId, Username and Password credentials before using this plugin. The plugin does not provide test or sandbox accounts on its own; please contact Euronet Merchant Services to request one. Affiliation and trademark notice This plugin is independent software published by WebHosting4U and is not affiliated with, endorsed by, sponsored by, or otherwise officially connected to Piraeus Bank S.A., Euronet Merchant Services, or Automattic Inc. The third-party names "ePay", "Paycenter", "Piraeus Bank" and "WooCommerce" are trademarks of their respective owners and are used here in good faith, after the unaffiliation marker "for", solely to describe the third-party service this plugin integrates with, in line with the WordPress.org Detailed Plugin Guidelines on third-party trademarks. The bundled accepted card brands image (assets/img/wp-cards.png) is included with the rights-holder's authorization for the merchant distribution scope of this plugin. User tracking and consent This plugin does not load any analytics, telemetry, advertising, fingerprinting, profiling or behavioural tracking code, neither on the storefront nor in the WordPress admin. It does not set cookies on visitor browsers, does not contact any first-party or third-party analytics endpoint, and does not collect aggregated or individual usage statistics from the merchant's installation. The only outbound network traffic the plugin generates is the strictly transactional traffic documented in the External services section below, which is required to complete a payment the merchant has explicitly configured the plugin to perform. No user-tracking consent prompt is therefore required by this plugin (Plugin Review Team Guidelines 7 and 9).

Upload the plugin ZIP through Plugins → Add New → Upload Plugin, or extract it into wp-content/plugins/wh4u-secure-card-gateway-for-epay-paycenter-piraeus-bank/.
Activate the plugin.
Go to WooCommerce → Settings → Payments and enable ePay Paycenter (Piraeus Bank).
Enter your AcquirerId, MerchantId, PosId, Username and Password exactly as provided by Euronet Merchant Services.
Set the environment (Test / Live), language, and transaction type.
Provide Euronet Merchant Services with the following URLs for your merchant record:
Referrer URL: your shop checkout page.
Success URL: https://your-site.tld/wc-api/epay_paycenter/
Failure URL: https://your-site.tld/wc-api/epay_paycenter/
Backlink URL: https://your-site.tld/wc-api/epay_paycenter/
IP address: the outbound IP of your web server.
Response method: POST (recommended).
Execute the mandatory test cases documented in Section 7 of the Redirection v2.9 manual before requesting live credentials.

1.0.31 Docs-only release. Readme Description trimmed to fit the wp.org 2,500-word limit (the 1.0.30 plugin page was truncated). No code or behaviour change — the in-admin WAF diagnostic, IRIS support, installments picker and tiered installments from 1.0.30 are all preserved. 1.0.30 Adds IRIS payments support per Redirection Manual v2.9 (transparently recognised when Euronet Merchant Services enables IRIS on your account) AND customer-selectable installments on classic WC checkout with tiered max-installments by order amount. The previous flat installments configuration is preserved and still works. WooCommerce Blocks checkout: customers default to one-time payment (Blocks picker scheduled for 1.0.31). All card installments via this gateway are interest-free for the customer per Piraeus Bank policy; IRIS does not support installments or refunds. 1.0.28 Compatibility with WordPress 7.0 (Modern admin theme, iframed editor, PHP 7.4 minimum). No payment-flow, database, or callback-handler change. 1.0.27 Settings screen reorganized: merchant credentials now sit above bank integration data, the bank-data card is collapsed by default, and the five callback URLs share one grey "Copy" block. No payment-flow, database, or callback-handler change. 1.0.20 Text domain corrected to match plugin slug. Cloudflare IP fetch documented in External services. echo wrapped with wp_kses_post(). No payment-flow or database change. 1.0.19 Plugin renamed to "WebHosting4U Secure Card Gateway for ePay Paycenter (Piraeus Bank)" with slug wh4u-* per Plugin Review Team feedback. External services fully documented with terms / privacy links. Deprecated libxml_disable_entity_loader() removed. No payment-flow change. 1.0.18 Checkout icon changed from piraeus.svg to a responsive wp-cards.png image (400 px desktop, scales on mobile). Block checkout now shows card brands. Front-end CSS enqueued on checkout. Drop-in upgrade. 1.0.17 Greek translation backfilled with all strings from 1.0.10-1.0.16: scenario labels, decline notices, admin notes, WAF self-test UI. POT regenerated. No PHP/database/payment-flow change. 1.0.16 Fixes decline notice not appearing after bank redirect. Hook priority collision with WooCommerce core resolved (priority 5 vs core 10). Works on every theme. No database or payment-flow change. 1.0.15 Aligns with Redirection Manual v2.9 section 5 scenario table. Fixes misleading ResultCode 1048 message, widens 50x matching to 500-599, adds AdminTool hint on 1045. Drop-in upgrade. 1.0.14 Fixes decline message not appearing after bank redirect due to SameSite=Lax stripping the session cookie. Notices now queued as order-scoped transients. No database or payment-flow change. 1.0.13 Fixes "-1" body when Success/Failure URL is doubled in the Euronet portal. Malformed wc-api values normalised at parse_request. Please also correct the URL in the portal. 1.0.12 Declined-transaction handling per Redirection Manual v2.9 section 5. Issuer decline shown to customer, failures redirect to pay-for-order URL. Fixes "-1" body via plugins_loaded binding. 1.0.11 Adds "Test callback URL" button on the settings screen. Detects host WAF interception (cPFence, ModSec, Imunify360, BitNinja, LiteSpeed). No database or payment-flow change. 1.0.10 Adds a "Callback envelope" forensic log line at every callback reach so host-WAF-blocked transactions can be distinguished from plugin-rejected ones, and refines the customer-facing wording per Paycenter ResultCode and ResponseCode. Safe drop-in upgrade, no database change. 1.0.9 Greek translation rewritten in plain, merchant-friendly Greek. Banking jargon replaced with everyday terms; field labels shortened so the WooCommerce settings layout is not stretched. Safe drop-in upgrade. 1.0.8 Plugin Check compliance: adds the standard defined( 'ABSPATH' ) || exit; guard at the top of the performant-translations .l10n.php file. No runtime or database change, safe drop-in upgrade. 1.0.7 Plugin Review compliance: the bank redirect auto-submit helper is now loaded via wp_enqueue_script() from a standalone asset file instead of an inline <script> block in the receipt template. Safe drop-in upgrade, no database or payment-flow change. 1.0.6 Adds a complete Greek (el) translation, regenerates the POT catalog from the live source, and ships WP 6.5+ performant-translations .l10n.php files next to every .mo. Safe drop-in upgrade, no database change. 1.0.5 Plugin Check compliance: sanitizes $_SERVER input on the settings screen, switches statistics queries to $wpdb->prepare() with the %i identifier placeholder, and trims the 1.0.2 upgrade notice under the 300-char limit. No functional change. 1.0.4 Adds Cloudflare auto-detection and a help notice on the gateway settings page instructing store owners to email Euronet Merchant Services to whitelist Cloudflare's IPv4 ranges. Safe drop-in upgrade. 1.0.3 Stops the WC-API callback endpoint from spamming the WooCommerce error log with "Callback missing MerchantReference" entries when hit by bots, scanners or direct browser visits. No functional or security change. 1.0.2 Redesigned settings screen with status overview and an auto-generated Bank integration data block listing the exact Website, Referrer, Success, Failure and Backlink URLs, server IP and response method asked for by Euronet Merchant Services. Safe drop-in upgrade. 1.0.1 Compliance, security and packaging fixes. Recommended for all users; no database migration required. 1.0.0 Initial release.

1.0.31

Docs: readme Description trimmed to fit the wp.org 2,500-word limit (the 1.0.30 release was truncated on the public plugin page). The standalone == WAF compatibility == section was rolled into two FAQ entries that cover the same operator scenarios (WAF blocking callbacks, "-1" troubleshooting) without per-vendor configuration snippets — those move to support docs. No code change; the in-admin "Test callback URL" diagnostic, callback envelope logging and URL normalisation features previously documented in that section all remain.

1.0.30

Feature: IRIS payments support per Redirection Manual v2.9. When Euronet Merchant Services enables IRIS on your merchant account, the bank's hosted page lets customers pay by IRIS instead of card; the plugin now recognises the IRIS response payload (CardType=15 / PaymentMethod=IRIS), stores the payment channel on the order, and surfaces IRIS-tailored messages for the IRIS-only ResponseCodes 05 (user cancelled in their bank app), 06 (service error), 09 (initiated but not confirmed), 68 (5-minute QR-code timeout) and 70 (IRIS service unexpected error). HMAC-SHA256 HashKey verification applies to IRIS callbacks identically (the empty AuthStatus / PackageNo / TraceID fields are concatenated as empty strings per the manual). No payment-flow or callback-handler change for existing card transactions.
Feature: customer-selectable installments on the classic WooCommerce checkout. The gateway now renders an "Installments (interest-free)" dropdown when installments are enabled and the cart total qualifies; the picked value is captured at order creation, persisted as _epay_installments order meta, and sent as the Installments parameter in the Ticketing request to Piraeus Bank.
Feature: tiered max-installments by amount via a new admin setting "Tiered max installments by amount (interest-free)". Format amount:max,amount:max,... (e.g. 50:3, 100:6, 200:12). Overrides the flat "Maximum installments" when set. Per Piraeus Bank policy all installments via this gateway are interest-free for the customer; the merchant absorbs the bank commission.
Security: the customer-side dropdown is treated as untrusted. process_payment() always re-clamps the picked value against the merchant's tier policy evaluated for the live order total, and the SOAP ticket request re-clamps a second time as defence-in-depth. Tier-string parsing uses a strict regex; malformed segments are silently dropped instead of throwing.
Internal: the existing installments checkbox + max_installments + min_amount_for_installments settings, previously cosmetic (the Ticketing request was hard-coded to Installments=0), are now wired up. _epay_installments order meta carries the value through the bank round-trip. Success order note now branches by payment channel — IRIS rows omit the empty PackageNo / TraceID columns that have no analogue in the DIAS instant-payment flow.
Docs: readme Description, FAQ and Greek readme-el.txt companion updated with IRIS coverage; new section "What sets this plugin apart" surfaces the technical differentiators (HPOS-native, Cloudflare detection, WAF self-test, WP 7.0 audit, bilingual readme).
Known limitation: the installments customer picker ships for classic WC checkout only. WooCommerce Blocks Checkout customers default to one-time payment (Installments=1, the bank's canonical "no installments" per Redirection Manual v2.9 §4); the Blocks picker is scheduled for a follow-up release.

1.0.28

Compatibility: tested with WordPress 7.0 (released 2026-05-20). Verified that the gateway works on the new Modern admin theme, the iframed post editor changes do not affect WooCommerce Blocks checkout integration, and PHP 7.4+ requirement already meets the new core minimum.
Docs: screenshot captions in readme corrected to match the actual images (bilingual EN/EL).

1.0.27

UX: settings screen reordered — the "Merchant credentials" section now appears above the "Bank integration data" section, matching the natural onboarding flow (enter the credentials from Euronet first, then send the technical data back).
UX: "Bank integration data" card and its Cloudflare detection sub-block are now collapsible (closed by default) to keep the settings screen compact after onboarding.
UX: the five callback URLs (Website, Referrer, Success, Failure, Backlink) are consolidated into a single grey block with one "Copy" button, replacing the per-URL row layout.
i18n: Greek translation added for the new "Copy callback URLs to clipboard" aria-label.
Internal: aligned EPAY_PAYCENTER_VERSION constant with the plugin header (was lagging at 1.0.25, used by asset cache-busting and outbound User-Agent strings).

1.0.26

Compliance: invalid Plugin URI header removed per Plugin Review Team feedback. The URI is an optional header (https://developer.wordpress.org/plugins/plugin-basics/header-requirements/) and the previously declared page was not public. Author URI (https://webhosting4u.gr/) is unchanged and reachable.

1.0.22

Fix: plugin folder and main file renamed to secure-card-gateway-for-epay-paycenter-piraeus-bank to match WP.org slug; resolves Plugin Check TextDomainMismatch on all i18n calls.
Fix: UTF-8 BOM properly stripped from all PHP files (previous fix re-encoded U+FEFF as a BOM on write; correct method skips the 3 BOM bytes before decoding).

1.0.21

Fix (critical): TranTicket was missing from the redirect form POST to pay.aspx — every payment attempt would be rejected by the bank. Added to form_fields in output_receipt_page().
Fix: apply_filters( epay_paycenter_icon ) pre-escaped the default URL violating escape-late; escaping now happens only at output.
Fix: printf() with HTML link replaced with echo wp_kses_post( sprintf() ).
Fix: is_cloudflare_proxied() now uses isset() + is_scalar() guards on CF_RAY / CF_CONNECTING_IP.
Fix: phpcs:ignore added to dbDelta() SQL interpolation in create_tables().
Cleanup: removed orphaned docblock for deleted collect_attempt_stats().

1.0.20

Compliance: text domain corrected from wh4u-* to secure-card-gateway-for-epay-paycenter-piraeus-bank to match WP.org slug. All 179 i18n strings updated; language files renamed.
Compliance: echo generate_settings_html() kept as phpcs:ignore with explanatory comment; wp_kses_post() wrap broke WooCommerce form attributes.
Security: enqueue_admin_settings_assets() now checks current_user_can( manage_woocommerce ) before reading args.
External services: Cloudflare IPv4 fetch documented in readme with terms / privacy links.

1.0.19

Compliance: plugin renamed to WebHosting4U Secure Card Gateway for ePay Paycenter (Piraeus Bank); slug wh4u-* per Guideline 17. External services section fully documented with terms / privacy links. Deprecated libxml_disable_entity_loader() removed.

1.0.18

UI: checkout icon changed from piraeus.svg to responsive wp-cards.png. Block checkout now shows card brands. Front-end CSS enqueued on checkout.

1.0.17

Localisation: Greek translation backfilled with all strings from 1.0.10-1.0.16. POT regenerated.

1.0.16

Fix: decline notice not appearing after bank redirect. Hook priority collision with WooCommerce core resolved (priority 5 vs core 10).

1.0.15

Compliance: failure handler aligned row-by-row with Redirection Manual v2.9 section 5 scenario table. Fixes misleading ResultCode 1048 message; widens 50x matching to 500-599.

1.0.14

Fix: decline message lost after bank redirect due to SameSite=Lax session-cookie stripping. Notices now queued as order-scoped transients (session-independent delivery).

1.0.13

Fix: -1 body when Success/Failure URL is doubled in the Euronet portal. Malformed wc-api values normalised at parse_request.

1.0.12

Declined-transaction handling per Redirection Manual v2.9 section 5. Failure redirect now targets pay-for-order URL. Fixes -1 body via plugins_loaded binding.

1.0.11

Admin diagnostics: Test callback URL button detects host WAF interception before live payments.

1.0.10

Logging: Callback envelope INFO line written on every callback reach for WAF/plugin-reject disambiguation.

1.0.0

Initial release.

WebHosting4U Secure Card Gateway for ePay Paycenter (Piraeus Bank)

标签

下载

详情介绍:

安装:

屏幕截图:

升级注意事项:

常见问题:

更新日志: