Validate IP addresses

[chesio]

There has been a severe vulnerability patched in Limit Login Attempts plugin recently. I believe BC Security has the same flaw.

[szepeviktor]

The thing is WordPress encourages users to go without an expert (webmaster, devops person) on-board. This "what's the IP" problem should be settled in the webserver, not in the application.

[chesio]

I see your point.

I don't have devops access to webservers I run BC Security on (with one exception). Still, I might consider removing the remote IP address detection functionality entirely because in projects I use BC Security for all webhosts have $_SERVER['REMOTE_ADDR'] set properly (even if the actual webserver is behind load balancer).