diff --git a/public/app/mu-plugins/moj-auth.php b/public/app/mu-plugins/moj-auth.php
index bc8835841..f4cf5bb20 100644
--- a/public/app/mu-plugins/moj-auth.php
+++ b/public/app/mu-plugins/moj-auth.php
@@ -73,8 +73,8 @@ public function ipMatch($ip, $cidrs, &$match = null): bool
     /**
      * Check if the IP address is allowed.
      * 
-     * Checks that we have the environment variables ALLOWED_IPS and REMOTE_ADDR set.
-     * Runs the ipMatch method to check if the REMOTE_ADDR is in the ALLOWED_IPS.
+     * Checks that we have the environment variable ALLOWED_IPS and server property HTTP_X_REAL_IP set.
+     * Runs the ipMatch method to check if the HTTP_X_REAL_IP is in the ALLOWED_IPS.
      * 
      * @return bool Returns true if the IP address is allowed, otherwise false.
      */
@@ -82,7 +82,7 @@ public function ipMatch($ip, $cidrs, &$match = null): bool
     public function ipAddressIsAllowed(): bool
     {
 
-        if (empty($_ENV['ALLOWED_IPS']) || empty($_SERVER['REMOTE_ADDR'])) {
+        if (empty($_ENV['ALLOWED_IPS']) || empty($_SERVER['HTTP_X_REAL_IP'])) {
             return false;
         }
 
@@ -94,7 +94,7 @@ public function ipAddressIsAllowed(): bool
             preg_split($newline_pattern, preg_replace($comments_pattern, '', $_ENV['ALLOWED_IPS']))
         );
 
-        return $this->ipMatch($_SERVER['REMOTE_ADDR'], $allowedIps);
+        return $this->ipMatch($_SERVER['HTTP_X_REAL_IP'], $allowedIps);
     }
 
     /**
@@ -172,6 +172,11 @@ public function handlePageRequest(string $required_role = 'reader'): void
         // Get the JWT token from the request.
         $jwt = $this->getJwt();
 
+        // If headers are already sent or we're doing a cron job, return early.
+        if (\headers_sent() || defined('DOING_CRON')) {
+            return;
+        }
+
         // Get the roles from the JWT and check that they're sufficient.
         $jwt_correct_role = $jwt && $jwt->roles ? in_array($required_role, $jwt->roles) : false;
 
diff --git a/public/info.php b/public/info.php
index 59704a419..7cd8702ea 100644
--- a/public/info.php
+++ b/public/info.php
@@ -8,11 +8,6 @@
 ## -------------------------------------------------------------------------
 ## -------------------------------------------------------------------------
 
-# Output the IP address of the client. To make sure ingress is passing it correctly.
-if(!empty($_SERVER['REMOTE_ADDR'])) {
-    echo 'Your IP address is: ' . $_SERVER['REMOTE_ADDR'];
-}
-
 
 # output all settings concerning the PHP installation
 phpinfo();