Fixing Comments Received from Server IP in WordPress
WordPress not only comes with unlimited features for customizing your site but also with many combined issues which in sometimes out of your control to resolve. Though creating a website with WordPress is very easy you may need to die hard for troubleshooting certain issues especially the server related ones. Since different hosting companies use different type of server setup it is literally difficult task for an individual site owner to get an appropriate help.
Few weeks back we upgraded one of our site from Bluehost shared hosting to WordPress optimized hosting plan. Things were looking fine till the time we notice huge amount of spam comments are arriving for moderation even with Akismet is on. We started testing by commenting and found two strange things:
- There was no “waiting for moderation” message shown when the comment was submitted.
- The received comment was not from the IP we were using and more strangely it was the site’s own VPS server’s IP.
Then we noticed all comments were received from the same server IP instead of the actual commenter’s IP and understood this is the root cause for the sudden spike in the spam comments received for moderation.
Since WordPress thought that the comment was received from the own server IP it never shows the moderation message to the commenter.
We contacted Bluehost online chat and with no surprise the technical support guy has no clue on how to resolve the issue though he could able to understand the cause. Here is why it happens:
Bluehost uses Nginx server architecture for their VPS and talks with WordPress Apache server internally for each and every communication protocol. When a comment is submitted from particular IP, it goes first to Nginx and then to WordPress Apache. So WordPress always receive comment with the Nginx server IP which is nothing but the site’s own Bluehost VPS server’s IP.
We enquired how it was working for the other guys and the answer from the tech guy was surprising – “this is the first time I am hearing such an issue”.
How We Resolved the Issue?
It looks Bluehost’s support guys rely more on Google rather than their own documentation and started many tryouts. Finally the adding the following code at start of the “wp-config.php” file worked out and the comments are started showing the actual IP.
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];
The moderation message was also seen during comments submission and our IP blacklisting started working based on the actual IP of the commenter.