Top Nav

WordPress xmlrpc.php (pingback) Vulnerability

We’ve seen many WordPress sites being abused recently via the Pingback function in xmlrpc.php. Here are some good articles on the topic:

If you don’t need xmlrpc.php or Pinkbacks then we recommend that you block xmlrpc.php in your .htaccess file by adding code like this:

Or you could rename or remove the xmlrpc.php file.

Here’s the config to block xmlrpc.php from Nginx:

  • Thanks for this. We were getting hit with DDOS pingback spam and wanted to ease the server load and then focus on capturing logs of what they were at.


  • KArolina Nowak

    Bardzo dobre rozwiązanie zastosowane na dobrze działa