Category Archives: Wordpress

Disable WordPress XML-RFP (pingback)

In March there was a DDOS attack that used many (160,000) wordpress sites to flood other websites.  This was done because wordpress now has xml-rpc on by define.

It is possible to turn off xml-rpc using a plugin.

http://wordpress.org/plugins/remove-xmlrpc-pingback-ping/

This adds a filter without the need of editing your own pages.

For more info on the attack see:

http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html