Blog Post View


Wordpress is one of the most popular CMS platform available today with over 75 million websites powered by it. The popularity comes with risks as vulnerabilities and weakness of such platform will be shared amongst hackers and script kiddies, and automated bots will be searching for websites built on Wordpress platform.

Distributed Denial of Service (DDoS) attacks are a serious problem for many website owners as DDos can bring down a website for days and weeks if not mitigated. Wordpress has a pingback feature which is enabled by default can be used by booters to attack other websites. Booters (Cyber Criminals offering DDoS service for money) will use thousands of Wordpress websites to initiate pingback requests to target website. The pingback request to a Wordpress website is initiated by requesting the xmlrpc.php file, and it could not only attack other target website but also potentially slow down or even crash your website if heavily misused.

A sample log of Wordpress attacks using XML-RPC and Cron

104.192.3.50 www.example.com  POST /xmlrpc.php HTTP/1.0
204.110.219.215 www.example.com  POST /wp-cron.php?doing_wp_cron HTTP/1.0

If you experience extreme slow down on your website, you may install mod_status Apache module and enable server-status support to view server activities and performance. The server-status report will allow you to view pages being requested at the time when you're experiencing a problem.

To enable server-status module your your IP, you'll need to edit httpd.conf configuration file with the following.

<Location "/server-status">
    SetHandler server-status
    Require ip 1.2.3.4
</Location>

To prevent XML-RPC pingback attack, you may use one of the following two options:

1. Remove xml-rpc.php file from your root of WP folder.

2. Disable XML-RPC on all IPs except for known good IP.

<FilesMatch "xmlrpc\.php$">
    order deny,allow
    deny from all
    allow from 1.2.3.4
</FilesMatch>

If you're using a DDoS mitigation service from Incapsula, CloudFlare and other DDoS mitigation providers, you may configure the WAF settings to defend DDoS attacks including Wordpress pingback attacks.


Share this post

Popular Articles

Email Delivery Problems Explained

November 12, 2006

With ever growing number of spam emails flooding the Internet, more and more ISPs tighten their email filtering system to prevent spams delivered to their clients. It is virtually impossible to block even 50% of the spams arriving in a mail server, and there will always be false positives (legitimate emails filte [...]

Learn more 

What is an IP Address?

February 16, 2007

The Internet Protocol Address (or IP Address) is a unique address that computing devices such as personal computers, tablets, and smartphones use to identify themselves and communicate with other devices in the IP network. Any device connected to the IP network must have a unique IP address within the network.

Learn more 

What is a Subnet Mask?

February 22, 2007

address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>) if additional subnetwork is needed. Use the Learn more 

What is a MAC Address?

March 18, 2007

MAC, Media Access Control, address is a globally unique identifier assigned to network devices, and therefore it is often referred to as hardware or physical address. MAC addresses are 6-byte (48-bits) in length, and are written in MM:MM:MM:SS:SS:SS format. [...]

Learn more 

What is a TCP/IP?

April 8, 2007

TCP/IP, Transmission Control Protocol/Internet Protocol, is the suite of two protocols, TCP and IP, used to interconnect network devices on the Internet. The TCP performs the handshake between the network devices to establis [...]

Learn more 

Comments (0)

    No comment

Leave a comment

All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.


Login To Post Comment