diff --git a/webapisrv/server.go b/webapisrv/server.go
index 95860e7..3cc5f5b 100644
--- a/webapisrv/server.go
+++ b/webapisrv/server.go
@@ -18,7 +18,6 @@ import (
 	"log/slog"
 	"mime"
 	"mime/multipart"
-	"net"
 	"net/http"
 	"net/textproto"
 	"os"
@@ -422,7 +421,7 @@ func (s server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		log.Check(werr, "writing error response")
 	}
 
-	la := loginAttempt(r, "webapi", "httpbasic")
+	la := loginAttempt(remoteIP.String(), r, "webapi", "httpbasic")
 	la.LoginAddress = email
 	defer func() {
 		store.LoginAttemptAdd(context.Background(), log, la)
@@ -530,12 +529,7 @@ func (s server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 
 // loginAttempt initializes a store.LoginAttempt, for adding to the store after
 // filling in the results and other details.
-func loginAttempt(r *http.Request, protocol, authMech string) store.LoginAttempt {
-	remoteIP, _, _ := net.SplitHostPort(r.RemoteAddr)
-	if remoteIP == "" {
-		remoteIP = r.RemoteAddr
-	}
-
+func loginAttempt(remoteIP string, r *http.Request, protocol, authMech string) store.LoginAttempt {
 	return store.LoginAttempt{
 		RemoteIP:  remoteIP,
 		TLS:       store.LoginAttemptTLS(r.TLS),
diff --git a/webauth/webauth.go b/webauth/webauth.go
index f1322d1..7dde98c 100644
--- a/webauth/webauth.go
+++ b/webauth/webauth.go
@@ -80,12 +80,7 @@ type SessionAuth interface {
 }
 
 // loginAttempt initializes a loginAttempt, for adding to the store after filling in the results and other details.
-func loginAttempt(r *http.Request, protocol, authMech string) store.LoginAttempt {
-	remoteIP, _, _ := net.SplitHostPort(r.RemoteAddr)
-	if remoteIP == "" {
-		remoteIP = r.RemoteAddr
-	}
-
+func loginAttempt(remoteIP string, r *http.Request, protocol, authMech string) store.LoginAttempt {
 	return store.LoginAttempt{
 		RemoteIP:  remoteIP,
 		TLS:       store.LoginAttemptTLS(r.TLS),
@@ -163,7 +158,7 @@ func Check(ctx context.Context, log mlog.Log, sessionAuth SessionAuth, kind stri
 		return
 	}
 
-	la := loginAttempt(r, kind, "websession")
+	la := loginAttempt(ip.String(), r, kind, "websession")
 	defer func() {
 		store.LoginAttemptAdd(context.Background(), log, la)
 	}()
@@ -271,7 +266,7 @@ func Login(ctx context.Context, log mlog.Log, sessionAuth SessionAuth, kind, coo
 
 	username = norm.NFC.String(username)
 	valid, disabled, accountName, err := sessionAuth.login(ctx, log, username, password)
-	la := loginAttempt(r, kind, "weblogin")
+	la := loginAttempt(ip.String(), r, kind, "weblogin")
 	la.LoginAddress = username
 	la.AccountName = accountName
 	defer func() {