#44255 closed enhancement (invalid)
Commenter IP address remains after erasing personal data
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | 4.9.6 |
| Component: | Privacy | Keywords: | gdpr |
| Focuses: | Cc: |
Description
WordPress collects and stores the IP address of users that make comments.
After using the "Erase Personal Data" feature in WordPress 4.9.6, the commenter's IP address still remains. I believe it should be deleted for full compliance.
Example, as seen on the Comments screen: https://jumpshare.com/v/oGnInxUxjjwNFK7wGvwg
Change History (3)
#2
@
7 years ago
- Keywords gdpr added
- Resolution set to invalid
- Status changed from new to closed
If you look closely the original IP address is actually updated. Rather than removing the IP address completely the objective is to partially anonymize by reducing it to the corresponding network ID.
Source: /wp-includes/functions.php
Line number: 6182
// Partially anonymize the IP by reducing it to the corresponding network ID.
if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
...
}
For example, if the actual IP address was 127.0.0.1 the new anonymized IP address would be 127.0.0.0.
As @rafsuntaskin mentions, it just keeps the network ID which will never let you know the real IP address from where the comment was originally made.
IP addresses are partially anonymized intentionally keeping the network ID only. So, you don't know the real IP of the user but you still might have an idea of the region of the user.