How to remove IP addresses from WordPress comments to be GDPR compliant

How to remove IP addresses from WordPress comments to be GDPR compliant

Storing the IP address of commenting users on your WordPress website is not longer an option with the GDPR in place. Even before it wasn’t recommended…

You and me both know that the IP address in its dynamic form is not necessarily a personalized data. Especially in Europe for private households and small businesses there are mostly dynamic IP Addresses used.

But well, any discussion on that is useless since the legislators in the EU don’t seem to even understand the tiniest bit how the internet works.

So to be GDPR compliant I will show you in this article:

  • two ways how to prevent the IP address from being stored
  • how to get rid of any previously stored IP addresses

(I have to point out, that I am not a lawyer and this article is just a representation of my own research and knowledge. This is no binding legal advice.)


Why you are not allowed to store IP addresses

At first a short explanation on what the IP address actually is:

The IP address is basically like your home address but on the internet. So your router (the small blinking device that connects your devices to the internet) is given an IP address when it connects to the internet.

With the IP address you could in principle track a user, that is why it is classified as personalized data.

As I have written above there are mostly dynamic IP addresses used which means, that every time the router reconnects to the internet, it is given a new IP address.

You can find more information on the IP address and the technology behind it on Wikipedia.

WordPress automatically stores the IP address, e-mail address and the name of every user who leaves a comment. Storing the e-mail and name seem to be all right but not the IP address.

IP Adressen bei Kommentaren in WordPress
WordPress automatically stores the IP address of commenting users.

Storing the IP address would only be within your legal rights, when it would be needed to ensure the functionality of your service. And in case of a comment-section there is no need for the IP address to be stored.

With that in mind you not only have to stop storing the IP in future comments but additionally you have to delete previously stored IP addresses.

How to delete previously stored IP addresses

Together with pretty much all content and configurations, the IP is stored in the WordPress database. You need to log into your database with the phpMyAdmin interface in order to delete those IPs.

Don’t worry, it sounds much more complicated than it actually is.

Firstly you have to backup your database. After that log into the backend of your hoster and use the phpMyAdmin tool to log into your database. Depending on your hoster there will be a link in the navigation called “phpMyAdmin” or you will have to navigate to the database overview to manage the database.

If you have more than one WordPress installation, be sure to pick the right database and the right table. To be sure, which database is the right one you can use your ftp client to take a look into the wp-config.php and find out.

When you have picked the right database there will be a column called “comment_author_IP” in the table “wp_comments”.
(If you have chosen another prefix, “wp_” will be replaced by that prefix).

Screenshot der wp_comments Tabelle
That’s how the wp_comments table looks like

Now that you have found the IP addresses you just have to delete them. If you have a lot of time on your hands you could do that manually by editing and deleting the content of each row in the comment_author_IP column.

More effectively is automating this process with a simple command.

Switch to the “SQL” tab in phpMyAdmin. There you can enter the following command (if you are using another prefix, you have to edit the “wp_”):

UPDATE wp_comments SET comment_author_IP = ' ';

After command has been carried out you should get a success message:

SQL Befehlt zum Löschen der IP Adressen
After applying the command to your table there should be a green success message

If this is the case, it means that the IPs have successfully been erased and your table should look like this:

wp_comments Tabelle ohne IP Adressen
There should be no more IP addresses in your table

As simple as that you have now successfully deleted all previously stored IP addresses.

Now we can move on and take care of the future storing of IP addresses.

Disable storing IP addresses of future commenters

There are two ways to accomplish that.

You can either add a short code to your functions.php file or use a plugin.

Like pretty much always I prefer the manual way to prevent installing an unnecessary plugin.

Add a code to your functions.php

Open your ftp client and navigate to the active child-theme (wp-content -> themes -> yourChildTheme). In here there should be a functions.php file.

Open it and insert the following code:

function  wpb_remove_commentsip( $comment_author_ip ) {
	return '';
	}
add_filter( 'pre_comment_user_ip', 'wpb_remove_commentsip' );

It is important that you add the code to the functions.php of your child-theme. If added to your main theme it will be overwritten with the next theme update.

Use a plugin

You and I both know that there is a WordPress plugin for pretty much any need.

For this need to disable the storing of IP addresses you can use the free plugin Remove IP. It automatically replaces the IP addresses of commenting users with the dummy address 127.0.0.1. This is a local IP address which cannot be tracked back to a specific user.

It is important to know, that the plugin really only works for future comments and not in retrospective.

GDPR sucks?! Kill two birds with one stone!

Google Fonts, Google Analytics Tracking Opt-Out, of course the Opt-Out for the Facebook Pixel and so much more… Honestly the GDPR can be a pain in the ass.

To kill two birds with one stone I would like to recommend the Plugin „Borlabs Cookie“ by Borlabs. I am using it on different sites and it helps me a lot.

The plugin offers a lot of helpful possibilities to make your website GDPR compliant. Despite the many possibilities it is easy to use and can be configured by anyone.

With the Borlabs Cookie Plugin you can easily implement an Opt-In / Opt-Out for Google Analytics, Facebook Pixel or other Cookies. And there are even more features to help making your website GDPR compliant!

Just click here to learn more about this awesome plugin. Believe me, it is worth it!

How do you get rid of the IP addresses? With the plugin or do you use the code?


0/5 (0 Reviews)

Leave a Reply

Your email address will not be published. Required fields are marked *