Gryphon Verified Client IP Wordpress Plugin - Rating, Reviews, Demo & Download
Plugin Description
Gryphon Verified Client IP determines the client IP by walking the forwarding chain, only trusting addresses
that match your configured proxy networks (by CIDR range). It stops at the first untrusted hop, which is the
true client IP. The resolved address replaces REMOTE_ADDR early in the WordPress lifecycle, allowing other Plugins
to use it.
The component is secure by default and only trusted proxies are traversed; spoofed headers are ignored. Both
IPv4 and IPv6 are fully supported, including protocol translation.
Multiple header formats are supported including standard RFC 7239 Forwarded, common X-Forwarded-For,
Cloudflare CF-Connecting-IP, or any custom header.
The component includes a diagnostics panel that can be enabled to recording incoming requests with
full header dumps and algorithm step traces for debugging.
For more detail see the Github project site
Gryphon WordPress Verified Client IP
Compatibility Note
If your server uses Apache mod_remoteip or nginx set_real_ip_from, those modules will
pre-resolve REMOTE_ADDR from forwarding headers before PHP runs. Disable the web server module and
let this plugin handle IP resolution instead, or let it pre-resolve and use this plugin for any
additional proxies not covered by the engine.
Screenshots
Main settings page — enable/disable the plugin, set the forward limit, and configure proto/host processing.
Scheme detail — configure header name, trusted proxy CIDR ranges, and optional token for a scheme.
Diagnostics page — list of recorded requests with resolved IP and whether
REMOTE_ADDRwas changed.
Diagnostics with IPv6 — shows IPv6 addresses and protocol translation.
Diagnostics detail — full step trace showing each hop evaluated by the algorithm.
Comments page — WordPress comments showing the verified client IP for each commenter.
