Earlier this year, more than 162,000 unsuspecting legitimate WordPress websites were used for DDoS attacks within a few hours.
The Problem
Attackers abused the WordPress pingback feature allowing websites to cross-reference blog posts. By sending hundreds of spoofed requests per second to the /xmlrpc.php file making these requests appear to come from the target site, the attacker tricks the website’s servers into flooding the target with more traffic than it can handle.
XML-RPC (XML remote procedure call) is a protocol by WordPress and other web applications used to provide services such as pingbacks, trackbacks, and remote access to some users.
The Solution
To stop your WordPress website from being misused, you will need to disable the XML-RPC (pingback) functionality on your site. Find out how »
Note: Jetpack and other plugins use XML-RPC to authenticate with WordPress.com and to communicate with the Jetpack powered site. Disabling XML-RPC may affect the ability to use any of the WordPress mobile apps to communicate with your site.
2 Comments
Comments are closed.
RT @blacknight: Is Your WordPress Site Participating In Pingback Distributed Denial of Service Attack?: http://t.co/wRszA0jlkF
RT @blacknight: Is Your WordPress Site Participating In Pingback Distributed Denial of Service Attack?: http://t.co/wRszA0jlkF