Purge session tokens as they includes users' IP addresses. (#18)

penske-media-corp · Aug 23, 2024 · a7e23a9 · a7e23a9
1 parent 592b611
commit a7e23a9
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/classes/class-clean-db.php b/classes/class-clean-db.php
@@ -29,6 +29,7 @@ final class Clean_DB {
 	public function __construct() {
 		$this->_delete_posts();
 		$this->_clean_users_table();
+		$this->_clean_usermeta_table();
 		$this->_clean_comments_table();
 		$this->_change_admin_email();
 	}
@@ -170,6 +171,25 @@ private function _clean_users_table(): void {
 		$wpdb->query( "UPDATE {$wpdb->users} SET user_email='[email protected]';" );
 	}
 
+	/**
+	 * Remove sensitive data from the usermeta table.
+	 *
+	 * @return void
+	 */
+	private function _clean_usermeta_table(): void {
+		global $wpdb;
+
+		WP_CLI::line( " * Removing PII from {$wpdb->usermeta}." );
+
+		// Session tokens include users' IP address.
+		$wpdb->query(
+			$wpdb->prepare(
+				"DELETE FROM {$wpdb->usermeta} WHERE meta_key = %s;",
+				'session_tokens'
+			)
+		);
+	}
+
 	/**
 	 * Remove sensitive data from the comments table.
 	 *