Open jordantrizz opened 5 months ago
6.4.3
4.12.4
8.0
There are tests to ensure that PHP's REMOTE_ADDR is correctly providing non-Cloudflare IP's as per this article.
https://snicco.io/blog/how-to-safely-get-the-ip-address-in-a-wordpress-plugin
I would go further and put in detection to confirm the site is proxied.
A warning that PHP's REMOTE_ADDR is misconfigured or spoofed.
No response
Confirmation
WordPress version
6.4.3
Cloudflare-WordPress version
4.12.4
PHP version
8.0
Expected result
There are tests to ensure that PHP's REMOTE_ADDR is correctly providing non-Cloudflare IP's as per this article.
https://snicco.io/blog/how-to-safely-get-the-ip-address-in-a-wordpress-plugin
I would go further and put in detection to confirm the site is proxied.
Actual result
A warning that PHP's REMOTE_ADDR is misconfigured or spoofed.
Steps to reproduce
Additional factoids
No response
References
No response