With this filter, we can change the comment author’s IP before it’s recorded. Example use case can be when a client submits a comment through a proxy server.
The general format of the header is: X-Forwarded-For: client1, proxy1, proxy2
where the value is a comma+space separated list of IP addresses, the left-most being the original client, and each successive proxy that passed the request adding the IP address where it received the request from. In this example, the request goes through the IPs: client1 -> proxy1 -> proxy2 -> proxy3. Proxy3 is not shown in the X-Forwarded-For header here and appears as the remote address of the request.
Since it is easy to forge an X-Forwarded-For header, the given information should be used with care.
X-Forwarded-For, X-Forwarded-By, and X-Forwarded-Proto are non-standard header fields and in increasing cases, have been superseded by the standard Forwarded header defined in RFC 7239. Example of a Forwarded header: Forwarded: for=192.0.2.60;proto=http;by=203.0.113.43
Use the left-most IP (the original client) in the X-Forwarded-For header as the comment author’s IP address.
Note: You may need to adjust the example below for the standard Forwarded header, which supersedes the non-standard X-Forwarded-For header.
add_filter( 'pre_comment_user_ip', 'auto_reverse_proxy_pre_comment_user_ip');
function auto_reverse_proxy_pre_comment_user_ip()
{
$REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
if (!empty($_SERVER['X_FORWARDED_FOR'])) {
$X_FORWARDED_FOR = explode(',', $_SERVER['X_FORWARDED_FOR']);
if (!empty($X_FORWARDED_FOR)) {
$REMOTE_ADDR = trim($X_FORWARDED_FOR[0]);
}
}
/*
* Some PHP environments will use the $_SERVER['HTTP_X_FORWARDED_FOR']
* variable to capture visitor address information.
*/
elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$HTTP_X_FORWARDED_FOR= explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']);
if (!empty($HTTP_X_FORWARDED_FOR)) {
$REMOTE_ADDR = trim($HTTP_X_FORWARDED_FOR[0]);
}
}
return preg_replace('/[^0-9a-f:\., ]/si', '', $REMOTE_ADDR);
}
After using the example, the ‘comment_author_IP’ will be changed to current admin’s IP after editing the comment from wp-admin. Pls go to this link for details: https://core.trac.wordpress.org/ticket/54482?nocache
Example Migrated from Codex:
Use the left-most IP (the original client) in the
X-Forwarded-For
header as the comment author’s IP address.Note: You may need to adjust the example below for the standard
Forwarded
header, which supersedes the non-standardX-Forwarded-For
header.