Top Nav

WordPress xmlrpc.php (pingback) Vulnerability

We’ve seen many WordPress sites being abused recently via the Pingback function in xmlrpc.php. Here are some good articles on the topic:

http://www.incapsula.com/the-incapsula-blog/item/715-wordpress-security-alert-pingback-ddos

http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/

If you don’t need xmlrpc.php or Pinkbacks then we recommend that you block xmlrpc.php in your .htaccess file by adding code like this:

Or you could rename or remove the xmlrpc.php file.

Here’s the config to block xmlrpc.php from Nginx:

  • Thanks for this. We were getting hit with DDOS pingback spam and wanted to ease the server load and then focus on capturing logs of what they were at.

    Cheers!

  • KArolina Nowak

    Bardzo dobre rozwiązanie zastosowane na http:gongo.pl dobrze działa

Email
Print