What you do is you pass an argument to the Paypal’s return URL. For example:
So your return URL may look like this:
$url = home_url();
$url = add_query_arg( array( 'paypal' => '8832002472223abc' ), $url );
$paypal_ipn = array(
'return_url' => $url
// rest of your ipn data
)
In your IPN template, you can have something like this:
if ( ! isset( $_GET['paypal'] ) || $_GET['paypal'] !== '8832002472223abc' ) {
$url = home_url();
wp_safe_redirect( $url );
exit;
}
So with that code, when anyone goes to your IPN template page will be redirected unless they have that key=>value combination.