Support » Fixing WordPress » Where to alter REMOTE_ADDR to hide IP addresses?

  • For security reasons, I have a need to make a small modification to WordPress so that no IP addresses are captured or stored in the database, nor shown on any pages.

    I know that I can do this by means of the following statement:

    $_SERVER["REMOTE_ADDR"] = "";

    However, I’m not sure where would be the best place to put this statement within the WordPress code. I want this to be done as early as possible within any and all paths through the code, so that all subsequent references to this variable will always be guaranteed to be set to Could someone point me to the best place (or places) within the source code for me to put this statement?

    On the other hand, if there is a better way to accomplish my goal of completely hiding IP addresses and not having them stored in the data base, please let me know.

    Thank you very much, in advance.

Viewing 4 replies - 1 through 4 (of 4 total)
  • I think the only place (I could be wrong) that IP’s is stored is in the comments table. If you disable comments, you might not have the problem.

    What’s the reason for removing IP’s? They really don’t represent any sort of security risk.


    Actually, comments are important on this blog, so I can’t disable them.

    The blog will be residing on a special site on which there are requirements that no IP addresses of people who access the site can be stored on disk, nor displayed anywhere.

    I have already removed utmp and wtmp (it’s a linux box), and I am in the process of modifying the web server (lighttpd) so that no IP addr’s get stored on disk. I’m running an altered version of syslog that changes things that look like IP addresses into, and we are running swap on an external ramdisk that has no permanent storage. We do file wiping on the disk, and we’re also making use of other, similar measures.

    All that remains is to get WordPress not to store IP addresses in the database, nor to display them anywhere on screen. Changing REMOTE_ADDR seems to be the most straightforward way to accomplish this, although as I mentioned, I’m open to all other suggestions.

    Thanks again.

    well, sounds nefarious to me! 🙂 Perhaps someone will be able to help.

    There’s nothing nefarious, I assure you. 🙂


Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Where to alter REMOTE_ADDR to hide IP addresses?’ is closed to new replies.