Reverse Lookup a WordPress Web Hosting

Whenever I take over web hosting I put the customer’s domain into my WHOIS tool. This gives a good overview of the current DNS, email provider, domain info, and host provider. The DNS crawling isn’t a complete picture of DNS records but good enough to capture the most important records.

Most people know who they’re paying for hosting services. However, I’ve been in plenty of situations where a customer’s website is being hosted by an unknown previous agency or individual. The hosting information from the WHOIS crawl comes from the public server IP. That can sometimes be helpful at identifying who is hosting the website however not always. Let’s dig into the details.

Example running github.com/austinginder/whois locally on anchor.host

There is no good away to detect a WordPress web host.

At Anchor Hosting all customer sites are hosted with Kinsta. According to a WHOIS is lookup the public IPs are owned by Cloudflare. That’s because Kinsta uses Cloudflare as a firewall between them and their servers. That is a common practice by many other web hosts.

There are two problems. The first issue is that it’s not possible to know the server IP from a public lookup. Even with a known server IP, the second issue is that it’s not possible to know for certain who the hosting provider is. The only thing that is knowable is who owns the IP address. That typically points to a data center like Google Cloud or Amazon. Let’s tackle the first issue.

Finding the server address with PHP code.

If you have access to WordPress then you can dig a bit deeper using some cleaver PHP. Start by installing the WP Console plugin. This will allow us to run PHP code interactively.

Attempt #1 using PHP’s $_SERVER

The most basic way is to ask PHP what the server address is with $_SERVER["SERVER_ADDR"]. Unfortunately, this isn’t very reliable. This might return the server IP however that depends on a lot of things like how the web server is configured and which platform (Windows/Linux) the server is using. With Kinsta this simply responds with a local 10.x.x.x IP address, so not very helpful.

Attempt #2 using PHP curl and httpbin.org/ip

A more advanced method would be to make a PHP curl request to a 3rd party service and ask them what the IP is. This code is adapted from https://gist.github.com/stenito/fa3e840a8ee63acaf44be4647b2da160.

function getPublicIP() {

  $curl   = curl_init();
  curl_setopt( $curl, CURLOPT_URL, "https://httpbin.org/ip" );
  curl_setopt( $curl, CURLOPT_RETURNTRANSFER, 1 );
  $output = curl_exec( $curl );
  curl_close( $curl );
  $ip    = json_decode( $output, true );

  return $ip['origin'];
}

echo getPublicIP();

This method also isn’t perfect however it’s good enough, in my opinion. With Kinsta this won’t reveal the real server IP but rather the IP address used for external connections. You can learn more about that here. I say this is good enough as a public lookup on the external IP will result in the same info as the real server IP. If you do a whois <ip-address> lookup it will reveal the owner. In this example, we see Google Cloud owns the IP.

Guessing the real web host based on the server’s IP owner and other factors.

Knowing the web server IP owner info alone might not fully point to a web host. Combined with other things like common mu-plugins and we can start to get a fairly good idea. Here is a breakdown of a few popular WordPress hosts with various combinations of firewalls, server IPs, and mu-plugins.

CompanyPublic IP OwnerServer IP OwnerCommon Mu-Plugins
FlywheelCloudflareLinodeFlywheel
KinstaCloudflareGoogle CloudKinsta Must-use Plugins
PagelyAWSAWSNot sure
PressablePressableNot neededNot needed
WP EngineCloudflareGoogle CloudWP Engine System, WP Engine Cache Plugin or Force Strong Passwords – WPE Edition