Prevent your WordPress install from participating in pingback denial of service attacks.
| Author: | WP Security Ninja (profile at wordpress.org) |
| WordPress version required: | 5.2 |
| WordPress version tested: | 6.3 |
| Plugin version: | 1.6 |
| Added to WordPress repository: | 18-03-2014 |
| Last updated: | 24-07-2023 |
| Rating, %: | 60 |
| Rated by: | 6 |
| Plugin URI: | http://wordpress.org/plugins/remove-xmlrpc-pi... |
| Total downloads: | 84 966 |
| Active installs: | 10 000+ |
 Click to start download |
|
Prevent your WordPress site from participating and being a victim of pingback denial of service attacks. After activation the plugin automatically disables XML-RPC. There’s no need to configure anything.
By disabling the XML-RPC pingback you’ll:
* lower your server CPU usage
* prevent malicious scripts from using your site to run pingback denial of service attacks
* prevent malicious scripts to run denial of service attacks on your site via pingback
From sucuri.net:
Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.
Learn More
- How To Prevent WordPress From Participating In Pingback Denial of Service Attacks – wptavern.com
- More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack – sucuri.net
- xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My! – hackguard.com
Is Your Site Attacking Others?
Use Sucuri’s WordPress DDOS Scanner to check if your site is DDOS’ing other websites
Why Not Just Disable XMLRPC Altogether?
Yes, you can choose to do that, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working. That is why this small plugin exists.
Screenshots
FAQ
ChangeLog