Title: anonymous WP-plugins
Last modified: September 1, 2016

---

# anonymous WP-plugins

 *  [pruno](https://wordpress.org/support/users/pruno/)
 * (@pruno)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/anonymous-wp-plugins/)
 * Dear Support,
 * I have a little problem with some anonymous WP-plugins or themes.
    My remote 
   IP, for example, is 192.168.1.123 – look at my logs:
 * /var/log/auth.log
 * Aug 22 22:27:10 box wordpress(xxx)[xxx]: Authentication failure for admin from
   192.168.0.0
    Aug 22 22:27:18 box wordpress(xxx)[xxx]: Authentication failure 
   for admin from 192.168.0.0 Aug 22 22:27:26 box wordpress(xxx)[xxx]: Authentication
   failure for admin from 192.168.0.0
 * /var/log/fail2ban.log
 * 2016-08-22 22:27:26 fail2ban.actions[xxx]: WARNING [wordpress-soft] Ban 192.168.0.0
   
   2016-08-22 22:42:27 fail2ban.actions[xxx]: WARNING [wordpress-soft] Unban 192.168.0.0
 * It does not work like that! 🙁
 * A small idea is, i put a variable in the configuration file wp-config.php
 * define(‘WP_FAIL2BAN_ORIGINAL_REMOTE_ADDR’, $_SERVER[‘REMOTE_ADDR’]);
 * and in the remote_addr function before the last return value following code is
   inserted
 * if (defined(‘WP_FAIL2BAN_ORIGINAL_REMOTE_ADDR’)) {
    return WP_FAIL2BAN_ORIGINAL_REMOTE_ADDR;}
 * This is a simple hack, and it works great with my fail2ban!
    I hope to see this
   changes in the next version of WP fail2ban. 🙂
 * Thank you very much!
 * greetings,
    pruno
 * [https://wordpress.org/plugins/wp-fail2ban/](https://wordpress.org/plugins/wp-fail2ban/)

Viewing 4 replies - 1 through 4 (of 4 total)

 *  Plugin Author [invisnet](https://wordpress.org/support/users/invisnet/)
 * (@invisnet)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/anonymous-wp-plugins/#post-7695234)
 * I see what you’re doing, but I don’t understand why you’re doing it.
 * Can you explain what you’re trying to achieve please?
 *  Thread Starter [pruno](https://wordpress.org/support/users/pruno/)
 * (@pruno)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/anonymous-wp-plugins/#post-7695241)
 * The original value of $_SERVER[‘REMOTE_ADDR’] is changed by some
    anonymous plugins.
   My remote IP, for example, is 192.168.1.123, but the anonymous plugin makes it
   192.168.0.0 or 0.0.0.0 etc. see anonymous code examples
 * if ($options[‘anonymize-user’]==1) {
    $_SERVER[“REMOTE_ADDR”] = “0.0.0.0”; }
 * or
 * $_SERVER[‘REMOTE_ADDR’] = getAnonymIp($_SERVER[‘REMOTE_ADDR’]);
 * But I want to use the original remote address for fail2ban. I secure
    the original
   value in a variable WP_FAIL2BAN_ORIGINAL_REMOTE_ADDR, so that it appears correctly
   in the logs. The remote_addr function has a changed return value of $_SERVER[‘
   REMOTE_ADDR’]. But I need the value of WP_FAIL2BAN_ORIGINAL_REMOTE_ADDR in my
   auth.log.
 * Do you understand my problem? 🙂
 * greetings,
    pruno
 *  Plugin Author [invisnet](https://wordpress.org/support/users/invisnet/)
 * (@invisnet)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/anonymous-wp-plugins/#post-7695246)
 * OK, wow – I think we’ve just defined “edge case” 😉
 * You should be able to do that without modifying the plugin by putting this in`
   wp-config.php`:
 * > define(‘WP_FAIL2BAN_PROXIES’,’0.0.0.0′);
   >  $_SERVER[‘HTTP_X_FORWARDED_FOR’] 
   > = $_SERVER[‘REMOTE_ADDR’];
 * (N.B. I’ve not actually tested that, but it should work).
 * Basically, you pretend you’re behind a proxy; you set the trusted IP to 0.0.0.0(
   the code is deliberately dumb so doesn’t flag this as invalid), and store the
   real IP in what would have been the `X-Forwarded-For` header.
 * It’s a complete hack of course, and will break things if you’re actually behind
   a proxy, but at least your changes won’t be overwritten when I release 3.5.4 
   tomorrow.
 * Is the anonymising plugin something I can download and look at? Obviously I can
   add another option to _WPf2b_, but I want to be sure I’m addressing the whole
   problem.
 *  Thread Starter [pruno](https://wordpress.org/support/users/pruno/)
 * (@pruno)
 * [9 years, 9 months ago](https://wordpress.org/support/topic/anonymous-wp-plugins/#post-7695272)
 * To test, please create a simple plug-in itself. In plugins folder
    simply create
   a new directory ‘anonymize’ and create a file index.php
 * <?php
    /* Plugin Name: Anonymize IP Description: Overwrite the original remote
   IP Author: selfmade Version: 0.1 */ $_SERVER[“REMOTE_ADDR”] = “0.0.0.0”; // or
   another value ?>
 * For testing you can now activate this plugin. 🙂
 * For a code sample in a WP theme in the wilderness with changes
    to the remote
   IP, you can see one, for example here:
 * [https://github.com/xwolfde/Piratenkleider/blob/master/functions.php](https://github.com/xwolfde/Piratenkleider/blob/master/functions.php)
 * greetings,
    pruno

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘anonymous WP-plugins’ is closed to new replies.

 * ![](https://ps.w.org/wp-fail2ban/assets/icon-256x256.png?rev=2814701)
 * [WP fail2ban - Advanced Security](https://wordpress.org/plugins/wp-fail2ban/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-fail2ban/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-fail2ban/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-fail2ban/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-fail2ban/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-fail2ban/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [pruno](https://wordpress.org/support/users/pruno/)
 * Last activity: [9 years, 9 months ago](https://wordpress.org/support/topic/anonymous-wp-plugins/#post-7695272)
 * Status: not resolved