The commenting feature in WordPress automatically stores IP addresses of all comment authors. Although this is a useful safety feature (e.g. if a user posts unlawful content) laws in some countries (like Germany) forbid storing these IP addresses permanently. Generally they shouldn’t be stored longer than seven days if they aren’t needed to identify an author of unlawful content.
There’s a plugin (Remove IP) which simply disables logging of such IP addresses but this method doesn’t allow to find out the identity of a user posting unlawful content. The following solution uses a daemon which periodically sets all IP addresses of comments older than seven days to 0.0.0.0 via the
mysql command-line utility. Thus, in case of an illegal comment, the administrator still has the possibility to assist law enforcement in finding out the identity of the disturber.
This method was tested on an Uberspace. It uses a simple MySQL update command and
runwhen for periodical execution of this command. The commands for setting up the daemon are based on Uberspace’s Dokuwiki (runwhen).
The Shell Script
The script will be stored in an extra directory:
Put this in there (with your username and your WordPress database name):
echo "UPDATE wp_comments SET comment_author_IP='0.0.0.0' WHERE comment_author_IP != '0.0.0.0' AND TIMESTAMPDIFF(DAY, comment_date, CURRENT_TIMESTAMP) >= 7;" | mysql --defaults-file=/home/<username>/.my.cnf <wordpress database name>
Make the script executable:
chmod +x ~/scripts/anonymize_old_comments_ips.sh
This script executes a SQL command which checks the timestamp and the author’s IP address of all comments in the comments table (
wp_comments). If a comment is older than seven days and its IP address is not 0.0.0.0 it’ll be set so. The
--defaults-file=/home/<username>/.my.cnf is needed because when the script is called by
mysql command won’t find the user’s
.my.cnf file without this option. In this file the MySQL user password is saved.
Running as a Service
First we need an instance of
daemontools. Only run this command if you haven’t done so before:
Next register the service:
runwhen-conf ~/etc/run-anonymize_old_comments_ips ~/scripts/anonymize_old_comments_ips.sh
Here the script will be run twice a day. At the top set:
and save the file.
Finally, create the symlink in
ln -s ~/etc/run-anonymize_old_comments_ips ~/service/anonymize_old_comments_ips
Note that the IP addresses might still be stored in backups of the database or emails send to you by WordPress.
My first try to accomplish the same effect with a WordPress plugin failed because somehow my scheduled events weren’t executed by
wp-cron. It’d be great if someone with experience in writing WordPress plugins would implement this small SQL command in a plugin so users wouldn’t need to deal with