Make WordPress Core

Opened 3 years ago

Closed 3 years ago

Last modified 2 years ago

#44255 closed enhancement (invalid)

Commenter IP address remains after erasing personal data

Reported by: webtrainingwheels Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: gdpr
Focuses: Cc:


WordPress collects and stores the IP address of users that make comments.

After using the "Erase Personal Data" feature in WordPress 4.9.6, the commenter's IP address still remains. I believe it should be deleted for full compliance.

Example, as seen on the Comments screen: https://jumpshare.com/v/oGnInxUxjjwNFK7wGvwg

Change History (3)

#1 @rafsuntaskin
3 years ago

IP addresses are partially anonymized intentionally keeping the network ID only. So, you don't know the real IP of the user but you still might have an idea of the region of the user.

#2 @subrataemfluence
3 years ago

  • Keywords gdpr added
  • Resolution set to invalid
  • Status changed from new to closed

If you look closely the original IP address is actually updated. Rather than removing the IP address completely the objective is to partially anonymize by reducing it to the corresponding network ID.

Source: /wp-includes/functions.php
Line number: 6182

// Partially anonymize the IP by reducing it to the corresponding network ID.

if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {

For example, if the actual IP address was the new anonymized IP address would be

As @rafsuntaskin mentions, it just keeps the network ID which will never let you know the real IP address from where the comment was originally made.

Last edited 3 years ago by subrataemfluence (previous) (diff)

#3 @netweb
2 years ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.