Closed chesio closed 1 year ago
The thing is WordPress encourages users to go without an expert (webmaster, devops person) on-board. This "what's the IP" problem should be settled in the webserver, not in the application.
I see your point.
I don't have devops access to webservers I run BC Security on (with one exception). Still, I might consider removing the remote IP address detection functionality entirely because in projects I use BC Security for all webhosts have $_SERVER['REMOTE_ADDR']
set properly (even if the actual webserver is behind load balancer).
There has been a severe vulnerability patched in Limit Login Attempts plugin recently. I believe BC Security has the same flaw.