Reverse-Proxy Comment IP Fix

Description

Sets the comment IP to the client IP provided by the X-Forwarded-For or X-Real-IP headers before the comment is saved to the database.

Note: Please note that the existence of trustworthy information in the X-Forwarded-For and the X-Real-IP HTTP headers is up to the system administrator. HTTP clients can send HTTP headers containing invalid information. It is highly recommended to reset these headers at the first web proxy server you trust.

NOTICE: THIS PLUGIN HAS BEEN DEPRECATED. IT IS NO LONGER SUPPORTED. IT IS NO LONGER TESTED WITH NEW WORDPRESS RELEASES. USING IT IN PRODUCTION IS NOT RECOMMENDED.

IT IS STRONGLY SUGGESTED TO MIGRATE TO OTHER MORE MODERN AND BETTER MAINTAINED PLUGINS.

IF YOU ARE STARTING A NEW BLOG, IT IS HIGHLY RECOMMENDED TO SEARCH FOR OTHER PLUGINS IN ORDER TO AVOID THE INEVITABLE FUTURE MIGRATION.

REGARDING EXISTING USERS, AT THE TIME OF WRITING, THERE ARE NO MAJOR BUGS. PROVIDED THAT THE WORDPRESS API DOES NOT CHANGE SOON, YOU HAVE THE TIME TO EXPERIMENT WITH OTHER PLUGINS AND PLAN YOUR MIGRATION.

Important Notice

I have stopped using this plugin and therefore I won’t be supporting it or testing it with any new WordPress releases in the future. I highly recommend switching to a mechanism that is specific to your web server in order to do what this plugin does. Please check your web server’s documentation or community support forums for more information. Please note that by continuing using this plugin you are on your own.

Official Project Homepage

The Reverse-Proxy Comment IP Fix project information and documentation has been moved to the Reverse-Proxy Comment IP Fix Development Web Site.

FAQ

Does this plugin just work?

Yes. After activation, there are no more configuration steps.

How can the plugin determine that the client IP address contained in the `X-Forwarded-For` and the `X-Real-IP` HTTP headers is the real one?

It can’t. There is no way that the plugin can make any decision about whether the information contained in the X-Forwarded-For and the X-Real-IP HTTP headers is real or not. This decision has to be taken by the system administrator. The general idea is that the first trusted web proxy should be configured in such a way so that these headers are reset at that point and thereafter contain only information the system administrator trusts.

Are there any alternative ways to set the client’s real IP address in the REMOTE_ADDR server variable?

Although this question is outside the scope of this FAQ, indeed, this can be done. If your web server is Apache, you can use one the following modules: mod_remoteip (httpd >= 2.4), mod_rpaf, mod_extract_forwarded. In case you use Nginx, check the ngx_http_realip_module.

All these modules can extract the client’s IP address from user-defined HTTP headers and update the REMOTE_ADDR server variable. In that case, this plugin is no longer needed in your WordPress installation, as the real IP address of the client is directly available in the server variables.

Do you use this plugin?

This plugin has been deprecated.

Reviews

Solved a big Headache!

solosails

Thank you so much,

I have been trying to work out why my users IP addresses were always wrong, and this solved it in one go ! Thanks!!

Read all 2 reviews

Changelog

NOTICE: THIS PLUGIN HAS BEEN DEPRECATED. IT IS NO LONGER SUPPORTED. IT IS NO LONGER TESTED WITH NEW WORDPRESS RELEASES. USING IT IN PRODUCTION IS NOT RECOMMENDED.

IT IS STRONGLY SUGGESTED TO MIGRATE TO OTHER MORE MODERN AND BETTER MAINTAINED PLUGINS.

IF YOU ARE STARTING A NEW BLOG, IT IS HIGHLY RECOMMENDED TO SEARCH FOR OTHER PLUGINS IN ORDER TO AVOID THE INEVITABLE FUTURE MIGRATION.

REGARDING EXISTING USERS, AT THE TIME OF WRITING, THERE ARE NO MAJOR BUGS. PROVIDED THAT THE WORDPRESS API DOES NOT CHANGE SOON, YOU HAVE THE TIME TO EXPERIMENT WITH OTHER PLUGINS AND PLAN YOUR MIGRATION.

Please read the dynamic changelog

  • 0.2.0
    • Major refactoring.
    • IP validation supporting both IPv4 and IPv6.
    • Support for the X-Real-IP header in addition to the X-Forwarded-For.
  • 0.1.1
    • Updated plugin metadata for compatibility with WordPress 3.8.X
  • 0.1.0
    • Initial release

Contributors & Developers

This is open source software. The following people have contributed to this plugin.

Contributors

Browse the code