How to Fix Comments Received from Server IP in WordPress?

WordPress not only comes with unlimited features for customizing your site but also with many combined issues which in sometimes out of your control to resolve. Though creating a website with WordPress is very easy you may need to die hard for troubleshooting certain issues especially the server related ones. Since different hosting companies use different type of server setup it is literally difficult task for an individual site owner to get an appropriate help.

The Problem

Few weeks back we upgraded one of our site from Bluehost shared hosting to WordPress optimized hosting plan (later we have moved to SiteGround Cloud Hosting). Things were looking fine till the time we notice huge amount of spam comments are arriving for moderation even with Akismet is on. We started testing by commenting and found two strange things:

• There was no “waiting for moderation” message shown when the comment was submitted.
• The received comment was not from the IP we were using and more strangely it was the site’s own server’s IP.

Then we noticed all comments were received from the same server IP instead of the actual commenter’s IP and understood this is the root cause for the sudden spike in the spam comments received for moderation. Since WordPress thought that the comment was received from the own server IP it never shows the moderation message to the commenter.

Bluehost Support

We contacted Bluehost online chat and with no surprise the technical support guy has no clue on how to resolve the issue though he could able to understand the cause. Here is why it happens:

Bluehost uses Nginx server architecture for their VPS and talks with WordPress Apache server internally for each and every communication protocol. When a comment is submitted from particular IP, it goes first to Nginx and then to WordPress Apache. So WordPress always receive comment with the Nginx server IP which is nothing but the site’s own Bluehost VPS server’s IP.

We enquired how it was working for the other guys and the answer from the tech guy was surprising – “this is the first time I am hearing such an issue”. After our migration to SiteGround, we understood it works similarly as SiteGround also uses Nginx.

How We Resolved the Issue?

It looks Bluehost’s support guys rely more on Google rather than their own documentation and started many tryouts. Finally, adding the following code at start of the “wp-config.php” file worked out and the comments are started showing the actual IP.

if($_SERVER['HTTP_X_REAL_IP']){
$_SERVER['REMOTE_ADDR'] = $_SERVER['HTTP_X_REAL_IP'];
}

The moderation message was also seen during comments submission and our IP blacklisting started working based on the actual IP of the commenter.

Note: Pingback can also cause the comments to be shown with the server’s IP when you add a link to one of your own post.