The Blockonomics plugin will automatically update the order status when a bitcoin payment sent by your customer is confirmed. This works in all our ecommerce plugins. This article addresses how to troubleshoot the issue if this is not happening for you


To confirm the issue please check Merchant > Logs. If the callbacks are green with status 200, then everything is ok. If the status is in red, then that means you have this issue and  we cannot cannot send callbacks to your server. 


Please check if you any of the following apply to you. 

  1. You are using localhost or unreachable test server:  We cannot send callbacks to your localhost server. This is expected behaviour and is OK.
  2. You are getting SSLError in Merchants > Logs: If you site doesn't have an SSL certificate change the callback URL to start with http:// . If you site is SSL enabled, check validity of your SSL certificate. We don't support self signed certificates. If your site is shown SSL validated in browser, make sure intermediate certificates are not missing (This is because we use curl for callbacks) You can diagnose by testing your site on

You have DDOS protection:  You need to identify the DDoS mechanism and do the following


Page Rule

Exclude callback URL path or similar callback pattern as shown in this article.

Cloudflare page rule for WordPress Store
CloudFlare page rule for WHMCS Store

Update Firewall Rules to allow Blockonomics

Please follow the steps mentioned below to update WAF rules:

  1. In CloudFlare Dashboard, go to "Security" > "WAF" and click on "+ Create rule" button to create a new rule.
  2. Click on Dropdown below "Field" and select "IP Source Address". In Dropdown below "Operator" make sure the value is set to "equals". In text field below Value, add the IP you want to whitelist. To add more IPs, add more rows by clicking on "Or" button at the end of row.
  3. Add following IPs:
    1. BTC callback server 
    2. BCH callback server (If you are using BCH payment method)
  4. This custom rule now should look like this:
  5. Make sure action is set to "Skip", Log matching request is enabled and all rules are checked to be skipped.
  6. Click on "Deploy" at the end of screen to Deploy this rule.
  7. Make sure that the new firewall rule is above any blocking rules:


If you are using any other DDOS protection mechanism you can whitelist the IP of our callback server [] and BCH callback server []


  1. After bypassing the DDOS protection, try to generate multiple test callbacks (Using Merchant > Logs) within a minute / less period and make sure if you get 200 status
  2. You have a programmed/custom API endpoint Make sure  the callback endpoint has no errors and returns clean with 200 HTTP status.