Wordpress is one of the most popular CMS platform available today with over 75 million websites powered by it. The popularity comes with risks as vulnerabilities and weakness of such platform will be shared amongst hackers and script kiddies, and automated bots will be searching for websites built on Wordpress platform.
Distributed Denial of Service (DDoS) attacks are a serious problem for many website owners as DDos can bring down a website for days and weeks if not mitigated. Wordpress has a pingback feature which is enabled by default can be used by booters to attack other websites. Booters (Cyber Criminals offering DDoS service for money) will use thousands of Wordpress websites to initiate pingback requests to target website. The pingback request to a Wordpress website is initiated by requesting the xmlrpc.php file, and it could not only attack other target website but also potentially slow down or even crash your website if heavily misused.
A sample log of Wordpress attacks using XML-RPC and Cron
104.192.3.50 www.example.com POST /xmlrpc.php HTTP/1.0 204.110.219.215 www.example.com POST /wp-cron.php?doing_wp_cron HTTP/1.0
If you experience extreme slow down on your website, you may install mod_status Apache module and enable server-status support to view server activities and performance. The server-status report will allow you to view pages being requested at the time when you're experiencing a problem.
To enable server-status module your your IP, you'll need to edit httpd.conf configuration file with the following.
<Location "/server-status">
SetHandler server-status
Require ip 1.2.3.4
</Location>
To prevent XML-RPC pingback attack, you may use one of the following two options:
1. Remove xml-rpc.php file from your root of WP folder.
2. Disable XML-RPC on all IPs except for known good IP.
<FilesMatch "xmlrpc\.php$">
order deny,allow
deny from all
allow from 1.2.3.4
</FilesMatch>
If you're using a DDoS mitigation service from Incapsula, CloudFlare and other DDoS mitigation providers, you may configure the WAF settings to defend DDoS attacks including Wordpress pingback attacks.
Share this post
Popular Articles
Email Delivery Problems Explained
November 12, 2006
With ever growing number of spam emails flooding the Internet, more and more ISPs tighten their email filtering system to prevent spams delivered to their clients. It is virtually impossible to block even 50% of the spams arriving in a mail server, and there will always be false positives (legitimate emails filte [...]
Learn moreWhat is an IP Address?
February 16, 2007
The Internet Protocol Address (or IP Address) is a unique address that computing devices such as personal computers, tablets, and smartphones use to identify themselves and communicate with other devices in the IP network. Any device connected to the IP network must have a unique IP address within the network.
Learn moreWhat is a Subnet Mask?
February 22, 2007
address and the host address. A subnet mask separates the IP address into the network and host addresses (<network><host>). Subnetting further divides the host part of an IP address into a subnet and host address (<network><subnet><host>) if additional subnetwork is needed. Use the Learn more
What is a MAC Address?
March 18, 2007
MAC, Media Access Control, address is a globally unique identifier assigned to network devices, and therefore it is often referred to as hardware or physical address. MAC addresses are 6-byte (48-bits) in length, and are written in MM:MM:MM:SS:SS:SS format. [...]
Learn moreWhat is a TCP/IP?
April 8, 2007
TCP/IP, Transmission Control Protocol/Internet Protocol, is the suite of two protocols, TCP and IP, used to interconnect network devices on the Internet. The TCP performs the handshake between the network devices to establis [...]
Learn moreLeave a comment
All comments are moderated. Spammy and bot submitted comments are deleted. Please submit the comments that are helpful to others, and we'll approve your comments. A comment that includes outbound link will only be approved if the content is relevant to the topic, and has some value to our readers.
Comments (0)
No comment