WordPress automatically captures and stores the submitter’s IP address for every comment. The address is inserted into the comment_author_IP column of the wp_comments table as part of the normal comment insertion process. This happens before any filtering or processing by plugins, the IP is collected at the HTTP request level and attached to the comment data early in the submission flow.
This snippet takes the most direct approach: clear the IP field before the comment is saved so that nothing is stored in the first place.
The Code
Add this to your functions.php or a site-specific plugin. The preprocess_comment filter fires before a comment is inserted into the database and receives the full comment data array. Setting comment_author_IP to an empty string ensures the database field is written with no IP value.
How This Differs from the Anonymization Snippet
The auto-anonymization snippet in this library processes existing comments retroactively, it stores the IP initially and removes it later. This snippet prevents storage entirely. The tradeoff is that you lose the IP for any purpose, spam analysis, moderation, abuse investigation, from the moment this filter is active. If your site has active spam issues that you monitor by IP, consider the retention-then-anonymization approach instead. If your site’s comment volume is low and IP-based moderation isn’t part of your workflow, not storing the IP at all is the cleaner privacy-first approach.
Akismet and Spam Plugins
Some spam filtering services, including Akismet, use the commenter’s IP address as one signal in their spam scoring. Clearing the IP before the comment is processed may reduce Akismet’s detection accuracy slightly, since it has one fewer data point to work with. In practice, most spam is caught via other signals (email reputation, comment content patterns, submission timing), and the reduction in accuracy is usually marginal. Test your spam catch rate after applying this snippet if Akismet accuracy is a concern.
Existing Comments
This filter only applies to new comments submitted after the snippet is active. Existing comments in the database retain their stored IPs. Use the auto-anonymization snippet, or a direct database update, to clear IPs from existing comments if needed.
GDPR Lawful Basis
Not collecting data at all is the strongest possible position under data minimisation principles. If a regulator asks why you collect commenter IP addresses, “we don’t” is a simpler and more defensible answer than “we collect them but anonymize them after 90 days”. For sites where the legal basis for collecting IP addresses is unclear or contested, this snippet is the most appropriate choice.
add_filter( 'preprocess_comment', function( $data ) {
$data['comment_author_IP'] = '';
return $data;
} );