WordPress: Delete Author IP addresses of Old Comments

The commenting feature in WordPress automatically stores IP addresses of all comment authors. Although this is a useful safety feature (e.g. if a user posts unlawful content) laws in some countries (like Germany) forbid storing these IP addresses permanently. Generally they shouldn’t be stored longer than seven days if they aren’t needed to identify an author of unlawful content.

There’s a plugin (Remove IP) which simply disables logging of such IP addresses but this method doesn’t allow to find out the identity of a user posting unlawful content. The following solution uses a daemon which periodically sets all IP addresses of comments older than seven days to 0.0.0.0 via the mysql command-line utility. Thus, in case of an illegal comment, the administrator still has the possibility to assist law enforcement in finding out the identity of the disturber.

This method was tested on an Uberspace. It uses a simple MySQL update command and runwhen for periodical execution of this command. The commands for setting up the daemon are based on Uberspace’s Dokuwiki (runwhen).

The Shell Script

The script will be stored in an extra directory:


mkdir ~/scripts
vim ~/scripts/anonymize_old_comments_ips.sh

Put this in there (with your username and your WordPress database name):

#!/bin/sh
echo "UPDATE wp_comments SET comment_author_IP='0.0.0.0' WHERE comment_author_IP != '0.0.0.0' AND TIMESTAMPDIFF(DAY, comment_date, CURRENT_TIMESTAMP) >= 7;" | mysql --defaults-file=/home/<username>/.my.cnf <wordpress database name>

Make the script executable:

chmod +x ~/scripts/anonymize_old_comments_ips.sh

This script executes a SQL command which checks the timestamp and the author’s IP address of all comments in the comments table (wp_comments). If a comment is older than seven days and its IP address is not 0.0.0.0 it’ll be set so. The --defaults-file=/home/<username>/.my.cnf is needed because when the script is called by runwhen the mysql command won’t find the user’s .my.cnf file without this option. In this file the MySQL user password is saved.

Running as a Service

First we need an instance of daemontools. Only run this command if you haven’t done so before:

uberspace-setup-svscan

Next register the service:

runwhen-conf ~/etc/run-anonymize_old_comments_ips ~/scripts/anonymize_old_comments_ips.sh

Edit the RUNWHEN variable:

vim ~/etc/run-anonymize_old_comments_ips/run

Here the script will be run twice a day. At the top set:

RUNWHEN=",H/12"

and save the file.

Finally, create the symlink in ~/service:

ln -s ~/etc/run-anonymize_old_comments_ips ~/service/anonymize_old_comments_ips

Note that the IP addresses might still be stored in backups of the database or emails send to you by WordPress.

My first try to accomplish the same effect with a WordPress plugin failed because somehow my scheduled events weren’t executed by wp-cron. It’d be great if someone with experience in writing WordPress plugins would implement this small SQL command in a plugin so users wouldn’t need to deal with runwhen etc.

This entry was posted in General and tagged , , , , . Bookmark the permalink.

One thought on “WordPress: Delete Author IP addresses of Old Comments

  1. In WordPress, how do you prevent the administrator's IP from being displayed when replying to comments? When a hacker can see the administrator's IP, he can target that computer and try and find login creditentials for the website. Thanks.