WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] wordpress register the wrong IP address (9 posts)

  1. thels
    Member
    Posted 5 months ago #

    I have WordPress multisite setup on a cloud server. the problem I am having is that when ever anyone logs in, wordpress is register the IP address of the the load balance server and not of the person logged in.
    So when I had a brute force attach the other day the limited login attemps lock out the ip address of the server as wordpress is only seeing that ip address. so it locked everyone out including myself.
    Is there anyway to fix this so that wordpress see the IP adress of the person logged in or atempping to login in.

    thanks

  2. Whoof. You'd need to see if the cloud server forwards IPs for logging at all.

  3. thels
    Member
    Posted 5 months ago #

    how would check that?
    do I need to speak to the host provider?

    thanks

  4. jkhongusc
    Member
    Posted 5 months ago #

    Wow, I hope we dont run into this. We just launched production today. But we have a similar configuration. We are not in the cloud, but an enterprise. We have load balancers in front of our web servers. Our web servers get the IP addresses of the Load Balancer, so we had to configure our load balance to pass the user's IP address in another header, x-forwarded-for.

    I was not aware that WP would lock out IP address for multiple login failures. Is this a core function or a plugin?

  5. It's a plugin, jkhongusc - http://wordpress.org/plugins/limit-login-attempts/

    thels - Yeah, ask your host if they retain the original IP of visitors. They SHOULD ( x-forwarded-for is pretty common).

  6. thels
    Member
    Posted 5 months ago #

    Yea the host using mod_rpaf to forward the IP address. any guesses on why wordpress not seeing the forward IP address

  7. jkhongusc
    Member
    Posted 5 months ago #

    thels -
    You should try verifying that WP is seeing the forwarded user IP address. I create a test script that prints out phpinfo(). You should see all the header, verify that you are seeing the header set by mod_rpaf.

    If you are seeing the user's IP address, then the plugin needs to be configured to accept it. You need to check the plugin you are using to see if it accepts that particular header.

  8. I wonder if ANYTHING can see the real IP, actually.

    http://matthieu.yiptong.ca/tag/mod_rpaf/ implies that mod_rpaf does that on it's own.

  9. thels
    Member
    Posted 4 months ago #

    Hi

    yea that has solved the problem
    thank you

Reply

You must log in to post.

About this Topic