WordPress.org

Ready to get started?Download WordPress

Forums

Limit Login Attempts
Same IP address for all users on my site (2 posts)

  1. webvitaly
    Member
    Posted 1 year ago #

    All users on my site have same IP address so when somebody brute-forsed my site and was blocked - I am blocked too.

    $_SERVER['REMOTE_ADDR'] - is not good enough for getting IP address, because in rare cases it does not work correctly.

    For getting real IP address better to use this code:

    <?php
    if ( !empty( $_SERVER['HTTP_CLIENT_IP'] ) ) { //check ip from share internet
    	$ip = $_SERVER['HTTP_CLIENT_IP'];
    } elseif ( !empty( $_SERVER['HTTP_X_FORWARDED_FOR'] ) ) { // to check ip is pass from proxy, also could be used ['HTTP_X_REAL_IP ']
    	$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
    } else {
    	$ip = $_SERVER['REMOTE_ADDR'];
    }
    ?>

    http://wordpress.org/extend/plugins/limit-login-attempts/

  2. indyjoey
    Member
    Posted 1 year ago #

    Are you behind a load balancer?

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic