Real IP Restore for Cloudflare

On many shared cPanel hosts – Bluehost, HostGator, Namecheap, A2 Hosting, GoDaddy, and European providers such as IONOS, OVHcloud or Krystal – Apache does not natively restore the client IP from Cloudflare headers. This causes WordPress, WooCommerce, security plugins and access logs to record Cloudflare’s edge IP instead of the real visitor IP.

Real IP Restore for Cloudflare fixes this transparently:

1. On every request, checks whether REMOTE_ADDR belongs to a Cloudflare IP range.
2. If yes, replaces REMOTE_ADDR with the value from CF-Connecting-IP (or X-Forwarded-For as fallback).
3. IP ranges are fetched once per day from Cloudflare’s official endpoints and cached as a WordPress transient.

Features:

• Zero configuration – works out of the box.
• IPv4 and IPv6 support.
• Daily auto-refresh of Cloudflare IP ranges.
• Manual refresh from Settings → CF Real IP.
• Falls back to hardcoded ranges if Cloudflare endpoints are unreachable.
• Lightweight – no database tables, no options, no JavaScript.