Cloudflare-WordPress icon indicating copy to clipboard operation
Cloudflare-WordPress copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

FEATURE: Check to confirm if PHP REMOTE_ADDR is set properly

Open jordantrizz opened this issue 1 year ago • 0 comments

Confirmation

  • [X] My issue isn't already found on the issue tracker.
  • [X] I have replicated my issue using the latest version of the plugin and it is still present.

WordPress version

6.4.3

Cloudflare-WordPress version

4.12.4

PHP version

8.0

Expected result

There are tests to ensure that PHP's REMOTE_ADDR is correctly providing non-Cloudflare IP's as per this article.

https://snicco.io/blog/how-to-safely-get-the-ip-address-in-a-wordpress-plugin

I would go further and put in detection to confirm the site is proxied.

Actual result

A warning that PHP's REMOTE_ADDR is misconfigured or spoofed.

Steps to reproduce

  1. Install Cloudflare Plugin

Additional factoids

No response

References

No response

jordantrizz avatar Feb 13 '24 14:02 jordantrizz