Why is Solid Security picking up a different hostname?

Solid Security uses the network_site_url() function to retrieve the server's hostname.

On some hosting configurations, the site's URL is set dynamically based on the requested hostname or IP address. So, if a bot were to hit an IP address directly and the Apache/Nginx configuration is set up in a particular way, this behavior can occur.

It's possible the host has a constant defined in the wp-config.php file, such as:

( 'WP_HOME', $_SERVER['SERVER_NAME'] )

You will need to make the appropriate changes with your hosting provider or remove this dynamic approach so the hostname can be properly resolved.

Have more questions? Submit a request