Strange Subdomains in Google Search Console and Backups

Unfortunately, the pictures mentioned are incorrect. I assume that they would help you recognize the connection to your question. You are welcome to upload pictures here: https://imgur.com/

Apologies, here are the images:

Update: The backup plugin developer and CloudFlare support both point towards the Wildcard A Record as being the likely culprit. Does anyone know whether removing this could cause problems, or if there are any configuration changes required in wp-config or in our server (apache) in order to ensure it does not?

Update:

The wp-config file has something that is acting as a wildcard for the siteURL. I found the following lines of code starting on Line 221:define( ‘WP_HOME’, ‘https://’ . $_SERVER[‘HTTP_HOST’] . ‘/’ ); define( ‘WP_SITEURL’, ‘https://’ . $_SERVER[‘HTTP_HOST’] . ‘/’ );

This is actually quite clever, this would do exactly what I suspected, it will use the requested url as the siteurl. On further research it looks like it was a recommendation by bitnami since it’s in their documentation. Looks like they provide that to you as part of their standard setup. They also have a recommendation for configuring the domain name:

https://docs.bitnami.com/aws/apps/wordpress/administration/configure-domain/

Setting that with your domain should prevent the site from using random subdomains or the ip address when it completes a backup since the backup completion uses the?get_site_url() function.

We’ve done this and will be tracking performance…

Removing the wildcard domain should not be a problem if you are aware of which subdomain you actually need. If you only have the website and no subdomains, you must at least create the www subdomain in the DNS. In the server configuration, you must check whether the domain without and with www subdomain are entered as possible domains for the Vhost. The contact persons for the respective systems can tell you how to do this.

The above specification for wp-config.php could also help to bundle the URLs already known externally by having WordPress respond to them with an HTTP status 301.

However, what still puzzles me about the whole thing: who or what software comes up with the idea of using such arbitrary subdomains? I would also recommend that you run a malware scan on your WordPress to rule out a hack as the cause. You can do this with WordFence, for example: https://www.ads-software.com/plugins/wordfence/
But that’s just a gut feeling – it’s also possible that someone out there on the internet is scanning such wildcard DNS details and trying to abuse them. There is nothing you can do about this except avoid wildcards.

Thanks for the recommendation, @threadi . A WF scan just completed as per your suggestion. Fortunately, it found nothing.

Concerning your question about what is causing these arbitrary subdomains: This is exactly my confusion. The fact that Google Search Console was coming up with requests at these subdomains, too makes it more baffling. I thought perhaps something in the server or wordpress could be causing it…