{"id":321232,"date":"2026-06-02T08:25:19","date_gmt":"2026-06-02T08:25:19","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/real-ip-restore-for-cloudflare\/"},"modified":"2026-06-02T08:25:01","modified_gmt":"2026-06-02T08:25:01","slug":"real-ip-restore-for-cloudflare","status":"publish","type":"plugin","link":"https:\/\/wordpress.org\/plugins\/real-ip-restore-for-cloudflare\/","author":23265086,"comment_status":"closed","ping_status":"closed","template":"","meta":{"version":"1.3.1","stable_tag":"1.3.1","tested":"7.0","requires":"5.0","requires_php":"7.4","requires_plugins":null,"header_name":"Real IP Restore for Cloudflare","header_author":"Culture Dev","header_description":"Restores the real visitor IP behind Cloudflare's proxy on cPanel \/ shared hosts that lack native mod_remoteip support.","assets_banners_color":"2c355b","last_updated":"2026-06-02 08:25:01","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"https:\/\/apps.culture-dev.eu\/plugins\/wp\/real-ip-restore-for-cloudflare","header_author_uri":"https:\/\/culture-dev.eu","rating":0,"author_block_rating":0,"active_installs":0,"downloads":39,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.3.1":{"tag":"1.3.1","author":"websolman","date":"2026-06-02 08:25:01"}},"upgrade_notice":{"1.3.1":"<p>Compatibility with WordPress 7.0 and cleaner translation loading.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3557675,"resolution":"128x128","location":"assets","locale":"","width":128,"height":128},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3557675,"resolution":"256x256","location":"assets","locale":"","width":256,"height":256}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3557675,"resolution":"1544x500","location":"assets","locale":"","width":1544,"height":500},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3557675,"resolution":"772x250","location":"assets","locale":"","width":772,"height":250}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.3.1"],"block_files":[],"assets_screenshots":[],"screenshots":[]},"plugin_section":[],"plugin_tags":[3882,10494,1522,7686,52741],"plugin_category":[],"plugin_contributors":[265418],"plugin_business_model":[],"class_list":["post-321232","plugin","type-plugin","status-publish","hentry","plugin_tags-cloudflare","plugin_tags-cpanel","plugin_tags-logging","plugin_tags-proxy","plugin_tags-real-ip","plugin_contributors-websolman","plugin_committers-websolman"],"banners":{"banner":"https:\/\/ps.w.org\/real-ip-restore-for-cloudflare\/assets\/banner-772x250.png?rev=3557675","banner_2x":"https:\/\/ps.w.org\/real-ip-restore-for-cloudflare\/assets\/banner-1544x500.png?rev=3557675","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/real-ip-restore-for-cloudflare\/assets\/icon-128x128.png?rev=3557675","icon_2x":"https:\/\/ps.w.org\/real-ip-restore-for-cloudflare\/assets\/icon-256x256.png?rev=3557675","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p>On many shared cPanel hosts - Bluehost, HostGator, Namecheap, A2 Hosting, GoDaddy, and European providers such as IONOS, OVHcloud or Krystal - Apache does not natively restore the client IP from Cloudflare headers. This causes WordPress, WooCommerce, security plugins and access logs to record Cloudflare's edge IP instead of the real visitor IP.<\/p>\n\n<p><strong>Real IP Restore for Cloudflare<\/strong> fixes this transparently:<\/p>\n\n<ol>\n<li>On every request, checks whether <code>REMOTE_ADDR<\/code> belongs to a Cloudflare IP range.<\/li>\n<li>If yes, replaces <code>REMOTE_ADDR<\/code> with the value from <code>CF-Connecting-IP<\/code> (or <code>X-Forwarded-For<\/code> as fallback).<\/li>\n<li>IP ranges are fetched once per day from Cloudflare's official endpoints and cached as a WordPress transient.<\/li>\n<\/ol>\n\n<p><strong>Features:<\/strong><\/p>\n\n<ul>\n<li>Zero configuration - works out of the box.<\/li>\n<li>IPv4 and IPv6 support.<\/li>\n<li>Daily auto-refresh of Cloudflare IP ranges.<\/li>\n<li>Manual refresh from Settings \u2192 CF Real IP.<\/li>\n<li>Falls back to hardcoded ranges if Cloudflare endpoints are unreachable.<\/li>\n<li>Lightweight - no database tables, no options, no JavaScript.<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin folder to <code>\/wp-content\/plugins\/<\/code>.<\/li>\n<li>Activate via Plugins \u2192 Installed Plugins.<\/li>\n<li>Done. Visitor IPs are now correctly logged.<\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id=\"does%20this%20work%20with%20woocommerce%20fraud%20detection%3F\"><h3>Does this work with WooCommerce fraud detection?<\/h3><\/dt>\n<dd><p>Yes. All plugins that read <code>$_SERVER['REMOTE_ADDR']<\/code> will receive the real visitor IP.<\/p><\/dd>\n<dt id=\"what%20if%20my%20server%20already%20handles%20real%20ips%20via%20mod_remoteip%3F\"><h3>What if my server already handles real IPs via mod_remoteip?<\/h3><\/dt>\n<dd><p>The plugin checks the IP against Cloudflare ranges before replacing it. If <code>REMOTE_ADDR<\/code> is not a Cloudflare IP, nothing is changed.<\/p><\/dd>\n<dt id=\"can%20i%20manually%20refresh%20the%20ip%20range%20cache%3F\"><h3>Can I manually refresh the IP range cache?<\/h3><\/dt>\n<dd><p>Yes - Settings \u2192 CF Real IP \u2192 Refresh IP Ranges Cache.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>1.3.1<\/h4>\n\n<ul>\n<li>Compatibility check against WordPress 7.0.<\/li>\n<li>Translations loaded automatically via plugin slug (removed manual load_plugin_textdomain call).<\/li>\n<\/ul>\n\n<h4>1.3.0<\/h4>\n\n<ul>\n<li>Added a manual \"Refresh IP Ranges Cache\" action on the settings screen.<\/li>\n<li>Settings page now displays the current detected REMOTE_ADDR.<\/li>\n<\/ul>\n\n<h4>1.2.0<\/h4>\n\n<ul>\n<li>Hardened header handling: visitor IP is only trusted when the request originates from a verified Cloudflare range (anti-spoofing).<\/li>\n<li>Added French and Spanish translations.<\/li>\n<\/ul>\n\n<h4>1.1.0<\/h4>\n\n<ul>\n<li>Added IPv6 range matching.<\/li>\n<li>Daily auto-refresh of Cloudflare IP ranges via WP-Cron.<\/li>\n<\/ul>\n\n<h4>1.0.0<\/h4>\n\n<ul>\n<li>Initial release.<\/li>\n<\/ul>","raw_excerpt":"Restores real visitor IP behind Cloudflare proxy on cPanel hosts that lack native mod_remoteip support.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/321232","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=321232"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/websolman"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=321232"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=321232"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=321232"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=321232"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=321232"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=321232"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}