diff --git src/wp-includes/class-wp-session-tokens.php src/wp-includes/class-wp-session-tokens.php
index 9482e1b948..4371285836 100644
--- src/wp-includes/class-wp-session-tokens.php
+++ src/wp-includes/class-wp-session-tokens.php
@@ -129,9 +129,12 @@ abstract class WP_Session_Tokens {
 		$session               = apply_filters( 'attach_session_information', array(), $this->user_id );
 		$session['expiration'] = $expiration;
 
+		// Get the IP address and user-agent.
+		$remote_addr = filter_input(INPUT_SERVER, 'REMOTE_ADDR', FILTER_VALIDATE_IP);
+		
 		// IP address.
-		if ( ! empty( $_SERVER['REMOTE_ADDR'] ) ) {
-			$session['ip'] = $_SERVER['REMOTE_ADDR'];
+		if ( ! empty( $remote_addr ) ) {
+			$session['ip'] = $remote_addr;
 		}
 
 		// User-agent.