WordPress.org

Ready to get started?Download WordPress

Forums

Where to alter REMOTE_ADDR to hide IP addresses? (5 posts)

  1. HippoMan
    Member
    Posted 7 years ago #

    For security reasons, I have a need to make a small modification to WordPress so that no IP addresses are captured or stored in the database, nor shown on any pages.

    I know that I can do this by means of the following statement:

    $_SERVER["REMOTE_ADDR"] = "127.0.0.1";

    However, I'm not sure where would be the best place to put this statement within the WordPress code. I want this to be done as early as possible within any and all paths through the code, so that all subsequent references to this variable will always be guaranteed to be set to 127.0.0.1. Could someone point me to the best place (or places) within the source code for me to put this statement?

    On the other hand, if there is a better way to accomplish my goal of completely hiding IP addresses and not having them stored in the data base, please let me know.

    Thank you very much, in advance.

  2. manstraw
    Member
    Posted 7 years ago #

    I think the only place (I could be wrong) that IP's is stored is in the comments table. If you disable comments, you might not have the problem.

    What's the reason for removing IP's? They really don't represent any sort of security risk.

  3. HippoMan
    Member
    Posted 7 years ago #

    Thanks.

    Actually, comments are important on this blog, so I can't disable them.

    The blog will be residing on a special site on which there are requirements that no IP addresses of people who access the site can be stored on disk, nor displayed anywhere.

    I have already removed utmp and wtmp (it's a linux box), and I am in the process of modifying the web server (lighttpd) so that no IP addr's get stored on disk. I'm running an altered version of syslog that changes things that look like IP addresses into xxx.xxx.xxx.xxx, and we are running swap on an external ramdisk that has no permanent storage. We do file wiping on the disk, and we're also making use of other, similar measures.

    All that remains is to get WordPress not to store IP addresses in the database, nor to display them anywhere on screen. Changing REMOTE_ADDR seems to be the most straightforward way to accomplish this, although as I mentioned, I'm open to all other suggestions.

    Thanks again.

  4. manstraw
    Member
    Posted 7 years ago #

    well, sounds nefarious to me! :) Perhaps someone will be able to help.

  5. HippoMan
    Member
    Posted 7 years ago #

    There's nothing nefarious, I assure you. :)

    Thanks.

Topic Closed

This topic has been closed to new replies.

About this Topic