Fix - Website Cloned to Another Domain After Switching Hosting

Imagine a situation, you recently shifted to Cloud VPS hosting and after few days you see that your website is completely cloned by another domain, ranking same stuff in Search Engine.

Onced I had faced this problem and situation was embarrassing due to funky domain name where everything was indexed. :flushed: :man_facepalming:

Cloud Hosting - Static IP could be a reason for this problem

Any domain on Internet is being pointed to its web hosting via DNS records. After switching to a new web hosting, this problem you may face due to your Dedicated IP address . When you purchased some higher plan web hosting, you get a dedicated IP also. Interesting thing is, the IP which you have got for your server, the previous web hosting user at same company, might be still using the same IP address. Chances are they forget to update it at DNS records. So, from their domain your website is totally cloned. You can easily prevent unauthorized domains from serving your website content.

Procedure to take down a clone website

  1. Via FileZilla or SSH, go to public_html root directory
  2. Edit a file called .htaccess
  3. Add below code and save changes.
# Whitelist domain
RewriteEngine on
RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain\.com$
RewriteRule ^ - [F]

Or,

# To whitelist multiple domains
RewriteEngine on
RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain\.com$
RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain\.net$
RewriteCond %{SERVER_NAME} !^(www\.)?yourdomain\.org$
RewriteCond %{SERVER_NAME} !^(static\.)?yourdomain\.org$
RewriteRule ^ - [F]


Updating .htaccess Apache rule using Yoast SEO plugin File editor option

After adding the .htaccess rule, check other domain again. You will no more see there any content. This problem resolve here. I hope this quick tutorial will help you in the right direction.

Bonus tip: Make Web Firewall Really Effective!

Some host offer multiple address to access WordPress site such as …

  • By accessing site over static IP xx.xx.xx.xxx

  • or using Temporary Application URL (wordpress-11111-111.example.com)

As a result, it can be vulnerable for bypassing Web Firewall.

To prevent this happening, above trick can be applied. I have seen, similar things recommended by Sucuri at IP level.

3 Likes

How can this code be implemented for nginx?
Will this work

# Whitelist domain
location / { if ($server_name !~ "^(www\.)?yourdomain\.com$"){ return 403; } }
1 Like

Updated information about making web firewall effective in case WordPress is accessible with multiple URLs.