Why is iThemes Security picking up a different hostname?

iThemes Security uses the network_site_url() function to retrieve the server's hostname. On some hosting configurations, the site's URL is set dynamically based on the requested hostname or IP address. So, if a bot were to hit an IP address directly and the Apache/Nginx configuration is set up in a particular way, this behavior can occur. It's possible the host has a constant defined in the wp-config.php file such as:


You will need to make the appropriate changes with your hosting provider, or remove this dynamic approach so the hostname can be properly resolved.

Have more questions? Submit a request
Powered by Zendesk