Top Nav

WordPress xmlrpc.php (pingback) Vulnerability

We’ve seen many WordPress sites being abused recently via the Pingback function in xmlrpc.php. Here are some good articles on the topic:

If you don’t need xmlrpc.php or Pinkbacks then we recommend that you block xmlrpc.php in your .htaccess file by adding code like this:

Or you could rename or remove the xmlrpc.php file.

Here’s the config to block xmlrpc.php from Nginx: