public static function getIP() { //You can use the following examples to force Wordfence to think a visitor has a certain IP if you're testing. Remember to re-comment this out or you will break Wordfence badly. //return '1.2.33.57'; //return '4.22.23.114'; //return self::makeRandomIP(); $howGet = wfConfig::get('howGetIPs', false); if ($howGet) { $IP = $_SERVER[$howGet]; if ($howGet == "HTTP_CF_CONNECTING_IP" && !self::isValidIP($IP)) { $IP = $_SERVER['REMOTE_ADDR']; } } else { $IP = wfUtils::defaultGetIP(); } if (preg_match('/,/', $IP)) { $parts = explode(',', $IP); //Some users have "unknown,100.100.100.100" for example so we take the first thing that looks like an IP. foreach ($parts as $part) { if (preg_match('/(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)/', $part) && !self::isPrivateAddress($part)) { $IP = trim($part); break; } } } else { if (preg_match('/(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)\\s+(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)/', $IP)) { $parts = explode(' ', $IP); //Some users have "unknown 100.100.100.100" for example so we take the first thing that looks like an IP. foreach ($parts as $part) { if (preg_match('/(\\d+)\\.(\\d+)\\.(\\d+)\\.(\\d+)/', $part) && !self::isPrivateAddress($part)) { $IP = trim($part); break; } } } } if (preg_match('/:\\d+$/', $IP)) { $IP = preg_replace('/:\\d+$/', '', $IP); } if (self::isValidIP($IP)) { if (wfConfig::get('IPGetFail', false)) { if (self::isPrivateAddress($IP)) { wordfence::status(1, 'error', "Wordfence is receiving IP addresses, but we received an internal IP of {$IP} so your config may still be incorrect."); } else { wordfence::status(1, 'error', "Wordfence is now receiving IP addresses correctly. We received {$IP} from a visitor."); } wfConfig::set('IPGetFail', ''); } return $IP; } else { $xFor = ""; if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $xFor = $_SERVER['HTTP_X_FORWARDED_FOR']; } $msg = "Wordfence can't get the IP of clients and therefore can't operate. We received IP: {$IP}. X-Forwarded-For was: " . $xFor . " REMOTE_ADDR was: " . $_SERVER['REMOTE_ADDR']; $possible = array(); foreach ($_SERVER as $key => $val) { if (is_string($val) && preg_match('/^\\d+\\.\\d+\\.\\d+\\.\\d+/', $val) && strlen($val) < 255) { if ($val != '127.0.0.1') { $possible[$key] = $val; } } } if (sizeof($possible) > 0) { $msg .= " Headers that may contain the client IP: "; foreach ($possible as $key => $val) { $msg .= "{$key} => {$val} "; } } wordfence::status(1, 'error', $msg); wfConfig::set('IPGetFail', 1); return false; } }