Search for your perfect domain name...

Is Your WordPress Site Participating In Pingback Distributed Denial of Service Attack?

June 11th, 2014|

|

Share this post

Is Your WordPress Site Participating In Pingback Distributed Denial of Service Attack?

Is Your WordPress Site Participating In Pingback Distributed Denial of Service Attack?

Earlier this year, more than 162,000 unsuspecting legitimate WordPress websites were used for DDoS attacks within a few hours.

The Problem

Attackers abused the WordPress pingback feature allowing websites to cross-reference blog posts. By sending hundreds of spoofed requests per second to the /xmlrpc.php file making these requests appear to come from the target site, the attacker tricks the website’s servers into flooding the target with more traffic than it can handle.

XML-RPC (XML remote procedure call) is a protocol by WordPress and other web applications used to provide services such as pingbacks, trackbacks, and remote access to some users.

The Solution

To stop your WordPress website from being misused, you will need to disable the XML-RPC (pingback) functionality on your site. Find out how »

Note: Jetpack and other plugins use XML-RPC to authenticate with WordPress.com and to communicate with the Jetpack powered site. Disabling XML-RPC may affect the ability to use any of the WordPress mobile apps to communicate with your site.

Share with a friend!

About the Author: Stephen Marron
BSc (Hons) in Computing in Web Development, Stephen is web developer and graphic designer working in Ireland with Blacknight Solutions since 2013.
2 Comments

Comments are closed.

Go to Top