GDPR & IP Anonymisation

LoginPlus can store IP addresses as one-way SHA-256 hashes instead of plain text, so login and lockout records don’t retain personal data longer than necessary. This helps sites meet GDPR and similar data-minimisation requirements.

Enabling anonymisation

Go to LoginPlus → Settings → Logging and switch on Anonymise IP addresses. The setting is off by default.

What gets hashed

Storage locationBehaviour when enabled
Activity log (ip_address column)Every new login/lockout event is stored as sha256(ip + AUTH_SALT) instead of the raw IP.
Known-IP list (per-user meta, used for “new IP” email alerts)Also stored as a hash, so the anonymise setting covers every place LoginPlus keeps an IP long-term.
Security alert emailsStill show the real IP address in the email body. Alerts are a one-off notification sent only to the site admin, not persisted in the database, so showing the actual address there doesn’t defeat the purpose of hashing stored data.

The hash uses your site’s AUTH_SALT as a pepper, so hashes can’t be reversed or looked up against a rainbow table without access to wp-config.php.

Trade-offs

  • Hashed IPs cannot be read back — the Dashboard’s activity table will show the hash string instead of a readable address.
  • Turning the setting on only affects new events — existing plain-text entries already in the activity log or known-IP list are not retroactively hashed.

This setting does not affect the IP allowlist in Brute Force settings — allowlist checks always compare against the live request IP, not the stored/hashed value, so allowlisted IPs are still exempt from lockout whether or not anonymisation is on.

Data minimisation via retention

Anonymisation and retention work together: set a Retention period under LoginPlus → Settings → Logging (default 90 days) so activity log entries — hashed or not — are deleted automatically after that many days.