🅭

Plugin for deleting commenters’ IP addresses from WordPress

WordPress will store the IP address of every commenter in its database forever. For the first few seconds and days after a comment is submitted, it’s useful to retain the IP address to detect and thwart automated spam comments. However, as time goes by it becomes pointless to retain the IP address of the commenter in the WordPress database. My new WordPress plugin that will automatically delete old IP addresses stored with comments.

The plugin will automatically delete the IP address of commenters from the WordPress database 60 days from the time the comment was submitted. This time window allows more than enough time to detect and process spam and other unwanted comments, while getting rid of superfluous information to protect your visitor’s privacy once there’s no longer any value in storing it.

The new Remove Comment IPs plugin can help you comply with data retention and privacy regulations in jurisdictions that require you to delete such data after a period of time. Think EU’s General Data Protection Regulation (GDPR). The 60-day timeframe is non-configurable, but let me know in the comments below if you’ve a compelling reason for changing it.

You can download the plugin from the WordPress Plugin Directory. The plugin requires no configuration: install it, forget about it, and leave it to do its thing.

You should also remember to update your WordPress site’s privacy policy to reflect the behavior of this plugin. The privacy policy should include details of how long the IP address and other collected data is retained and for what purpose. (Remember that the IP address will also be part of database backups, so clarify how long you keep backups around.)

As an added bonus, the plugin can also have a minor positive impact on your database. Less unique data kept is less data that needs to be stored.

I regret everything‼

So, you want your deleted IP addresses back for whatever reason? If you’ve just installed and activated the plugin less than six hours ago, you can simply deactivate it. The plugin wouldn’t do anything until after six hours from activation. This was a design decision to allow people some time to regret any impulsive plugin installs. If it has been more than six hours since you activated the plugin, you’ll have to restore the deleted data from a backup.

The Remove Comment IPs plugin for WordPress is licensed under a GNU GPLv3 license; see the plugin page for details.