Top Nav

Navigation

WordPress xmlrpc.php (pingback) Vulnerability

By on May 28, 2013 in WordPress

We’ve seen many WordPress sites being abused recently via the Pingback function in xmlrpc.php. Here are some good articles on the topic:

http://www.incapsula.com/the-incapsula-blog/item/715-wordpress-security-alert-pingback-ddos

http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/

If you don’t need xmlrpc.php or Pinkbacks then we recommend that you block xmlrpc.php in your .htaccess file by adding code like this:

Or you could rename or remove the xmlrpc.php file.

Here’s the config to block xmlrpc.php from Nginx:

Related posts:

  1. Distributed Brute Force Attack On WordPress wp-login.php
  2. Discourage HTTPS On WordPress
  3. Install WordPress on Ubuntu virtual server at Media Temple
  4. Find All WordPress Instances On A Server
  5. Turn on PHP register_globals with .htaccess file