WordPress.org

Make WordPress Core

Opened 11 months ago

Closed 11 months ago

Last modified 7 months ago

#44255 closed enhancement (invalid)

Commenter IP address remains after erasing personal data

Reported by: webtrainingwheels Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.9.6
Component: Privacy Keywords: gdpr
Focuses: Cc:

Description

WordPress collects and stores the IP address of users that make comments.

After using the "Erase Personal Data" feature in WordPress 4.9.6, the commenter's IP address still remains. I believe it should be deleted for full compliance.

Example, as seen on the Comments screen: https://jumpshare.com/v/oGnInxUxjjwNFK7wGvwg

Change History (3)

#1 @rafsuntaskin
11 months ago

IP addresses are partially anonymized intentionally keeping the network ID only. So, you don't know the real IP of the user but you still might have an idea of the region of the user.

#2 @subrataemfluence
11 months ago

  • Keywords gdpr added
  • Resolution set to invalid
  • Status changed from new to closed

If you look closely the original IP address is actually updated. Rather than removing the IP address completely the objective is to partially anonymize by reducing it to the corresponding network ID.

Source: /wp-includes/functions.php
Line number: 6182

// Partially anonymize the IP by reducing it to the corresponding network ID.

if ( function_exists( 'inet_pton' ) && function_exists( 'inet_ntop' ) ) {
   ...
}

For example, if the actual IP address was 127.0.0.1 the new anonymized IP address would be 127.0.0.0.

As @rafsuntaskin mentions, it just keeps the network ID which will never let you know the real IP address from where the comment was originally made.

Last edited 11 months ago by subrataemfluence (previous) (diff)

#3 @netweb
7 months ago

  • Milestone Awaiting Review deleted
Note: See TracTickets for help on using tickets.