After a DDoS attack on another server, I put a PHP script getting $_SERVER[REMOTE_ADDR] in a footer file, present in every page of my WordPress blog.
When I go to the blog with Google Chrome, the remote IP usually starts with 66.249... or 66.102 at least today when I test. (Not at all my actual IP. 66 are Google proxies, I believe.)
It doesn't differ so much when I use VPN and run over 4-5 different countries all over the world. Still starts in 66. Does this mean that geolocalization for visitors using Chrome is not so meaningful? They all run over Google proxy? (I use PIA for VPN.) VPN is not protecting me from the site, it is protecting me from Google.
Everything from Chrome will go over a proxy?
What also surprised me is that the WordPress statistics module sometimes indicate hits that my script will not find. My script is surely activated, as it is present in every page. (But usually it is the reverse. WP Statistics removes my own hits and many bots.)
In addition, I had an approx. 80% fall of the number of hits after starting my own recording. It could be an effect of less people reading the blog, when Christmas is over. But the fall was very dramatic. (As expressed by WP Statistics)
Sorry for not being able to give many details. Another site was attacked and I want to see what is happening to this blog. (But the two sites are on completely different servers.) I just run phone over poor connections, so my scripts are poor, but they ought to store every hit. Server load is low.
See SO Answer
Bottom line, try using:
$ipAddress = $_SERVER['REMOTE_ADDR'];
if (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER)) {
$ipAddress = array_pop(explode(',', $_SERVER['HTTP_X_FORWARDED_FOR']));
}