WordPress xmlrpc.php (pingback) Vulnerability

We’ve seen many WordPress sites being abused recently via the Pingback function in xmlrpc.php. Here are some good articles on the topic:

http://www.incapsula.com/the-incapsula-blog/item/715-wordpress-security-alert-pingback-ddos

http://perishablepress.com/wordpress-xmlrpc-pingback-vulnerability/

If you don’t need xmlrpc.php or Pinkbacks then we recommend that you block xmlrpc.php in your .htaccess file by adding code like this:

Or you could rename or remove the xmlrpc.php file.

Here’s the config to block xmlrpc.php from Nginx:

Have a project or a problem?

Talk with a senior engineer for practical recommendations—no obligation.

Leave a comment

3 Responses

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts

Categories

Get a free consultation from Reliable Penguin

Submit the form—or for immediate service call 866-649-7984.