We help IT Professionals succeed at work.

wordpress site and IP data collection query.

we have inherited a WordPress website for one of our partner organisations for keeping the basic content up to date etc, hosted by a 3rd party - and for company policy we need to determine if the site collects IP addresses of visitors, and if so ensure there is a disclaimer detailing for what purposes. The honest answer is we don't currently know if it captures that information or not, and I am unsure where exactly to begin to check to see if it is being captured or no? Do all WP sites collect visitor IP Addresses or would it require something custom, where and in what format is it likely IP addresses of visitors would actually reside if the site does collect them? Is there anything you can do as a visitor to determine if the site is capturing your IP address? Or where would you start if unsure.

Out of interest why exactly would you want to collect the IP addresses of your site visitors, e.g. what benefit do you get from doing so and is this fairly common practice?

I have a similar question really about cookies being used on a site. I am pretty sure we don't and can see nothing to indicate we do but again how could this be verified to be 100% sure.
Watch Question

IT Guru
Most Valuable Expert 2011
There is a popular WordPress security plugin called Wordfence that provides various security enhancements for preventing hacking. One of these features blocks traffic by IP addresses where the IP is known to be used for hacking attempts. Part of the way the plugin works is that IP addresses are collected and shared back to the organisation that runs the plugin so that other sites using Wordfence can block such traffic.

Wordfence also logs traffic (including the IP) for at least a short time, to help site admins get an understanding of traffic hitting the site. This may be more than just the IP address.

I'm not sure if your site is running Wordfence or not, but that's one example to consider. Other security plugins (such as Securi, Jetpack etc) likely use similar techniques.

So to answer your question, yes, it's common practice, and there's good reason to do it. The way in which the data is stored can vary by plugin.

When it comes to cookies, perhaps it's worth posting a separate question?


there is a plugin called WP Cerber Security, Antispam & Malware Scan installed which I presume acts similar.