WordPress.org

Resolved Gerard Kanters
(@gkanters)

1 month, 4 weeks ago

Hi Ben,

Great work on this plugin. I do have an issue, otherwise I would not use the support ticket 🙂

I also taken the liberty to sugges a fix. But this is just for your convenience.

—

## Problem

The IPinfo module uses the ipinfo/ipinfo PHP library, which calls the **Legacy API** (https://ipinfo.io/{ip}) with a Bearer token. That Legacy endpoint has a **50,000 requests/month** limit for the free tier. Once that quota is exceeded, almost all requests return **429 Quota Exceeded** (e.g. 99% in weekly IPinfo reports).

IPinfo’s **free unlimited** tier is the **Lite API**: https://api.ipinfo.io/lite/{ip}?token={token}.

– Lite API docs: https://ipinfo.io/developers/lite-api

– Auth & URL structure: https://ipinfo.io/developers

– Free plan difference: https://ipinfo.io/faq/article/134-what-is-the-difference-between-using-the-authenticated-free-plan-and-just-the-public-api-with-no-account

**Expected:** Use the Lite API so that authenticated free-tier tokens get unlimited requests and no 429s from quota.

—

## Suggested fix

Call the Lite API directly with wp_remote_get (and optional persistent cache with transients) instead of the vendor that uses the Legacy URL.

### Example implementation

php /** * Get geolocation via IPinfo Lite API (unlimited for free tier). * Do NOT use Legacy (ipinfo.io) – 50k/month limit → 429. * * @param string $ip IP address to look up. * @param string $token IPinfo access token. * @return array|false Normalized location array or false. */ public static function get_geolocation( $ip, $token ) { if ( empty( $token ) ) { return false; } // Optional: persistent cache (e.g. transient) to reduce API calls. $cache_key = 'zerospam_ipinfo_' . md5( $ip ); $cached = get_transient( $cache_key ); if ( false !== $cached ) { return $cached; } // Correct: Lite API – unlimited for free accounts. $url = 'https://api.ipinfo.io/lite/' . rawurlencode( $ip ) . '?token=' . rawurlencode( $token ); $response = wp_remote_get( $url, array( 'timeout' => 5 ) ); if ( is_wp_error( $response ) ) { return false; } $code = wp_remote_retrieve_response_code( $response ); if ( 429 === (int) $code || 200 !== (int) $code ) { return false; } $body = wp_remote_retrieve_body( $response ); $data = json_decode( $body, true ); if ( ! is_array( $data ) || empty( $data['country_code'] ) ) { return false; } // Normalize to existing log_record format: country = 2-letter code, etc. $result = array( 'country' => $data['country_code'], 'region' => isset( $data['region'] ) ? $data['region'] : '', 'city' => isset( $data['city'] ) ? $data['city'] : '', 'postal' => isset( $data['postal'] ) ? $data['postal'] : '', ); if ( ! empty( $data['loc'] ) ) { $loc = explode( ',', $data['loc'], 2 ); if ( 2 === count( $loc ) ) { $result['latitude'] = trim( $loc[0] ); $result['longitude'] = trim( $loc[1] ); } } // Cache e.g. 14 days. set_transient( $cache_key, $result, 14 * DAY_IN_SECONDS ); return $result; } 

—

## API URLs reference

| Use case | Correct (Lite – unlimited) | Incorrect (Legacy – 50k/month) |

|———–|——————————————————|—————————————-|

| Lookup IP | https://api.ipinfo.io/lite/8.8.8.8?token=TOKEN | https://ipinfo.io/8.8.8.8 (+ Bearer) |

| Auth | ?token=TOKEN in query string (or Bearer on Lite) | Bearer header on Legacy |

—

## References

– [IPinfo Lite API](https://ipinfo.io/developers/lite-api)

– [IPinfo Developers – Authentication & URL structure](https://ipinfo.io/developers)

– [Free plan vs public API](https://ipinfo.io/faq/article/134-what-is-the-difference-between-using-the-authenticated-free-plan-and-just-the-public-api-with-no-account)

Viewing 1 replies (of 1 total)

Plugin Author Ben Marshall
(@bmarshall511)

1 month, 3 weeks ago

Thanks for the detailed report and for putting together a suggested implementation, super helpful.

You’re exactly right: the current integration uses IPinfo’s Legacy endpoint (ipinfo.io/{ip}), which is capped at 50,000 requests/month on the free tier and can lead to widespread 429 “Quota Exceeded” responses once that limit is hit.

We’ve updated the IPinfo module to use the Lite API endpoint instead (api.ipinfo.io/lite/{ip}?token=…), which is the unlimited option for authenticated free-tier tokens. We also added persistent caching to reduce API calls further, and removed the vendor dependency in favor of the native WordPress HTTP API.

This change will be included in v5.7.2.

Also, if you have a minute, we’d really appreciate a quick review on WordPress.org, it helps a ton with visibility and lets other site owners know the plugin is actively maintained.

Thanks again, we’re always here to help. Just reply if you have any questions.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.