Don't Be A Pingback Jerk

According to Brian Krebs over on, online attackers are using the Pingback function on WordPress sites to denial-of-service attack (DDoS) other websites:

At issue is the “pingback” function, a feature built into WordPress and plenty of other CMS tools that is designed to notify (or ping) a site that you linked to their content. Unfortunately, like most things useful on the Web, the parasites and lowlifes of the world are turning pingbacks into a feature to be disabled, lest it be used to attack others.

Fortunately, there's a relatively easy fix:

Bloggers can disable pingback on posts by clicking “Settings” then “Discussion”, and then unchecking the following options if they are checked:

-Attempt to notify any blogs linked to from the article
-Allow link notifications from other blogs (pingbacks and trackbacks)

Unfortunately, Cid said, this only appears to prevent pingbacks on new blog posts and does nothing to disable pingbacks on posts that are already published for which pingback was previously enabled. There is, however, a highly-rated WordPress plugin that disables the pingback functionality.

As Sucuri notes, for the gearheads who don’t trust plugins, one easy way to block your WordPress blog from participating in these attacks is to create your own plugin that incorporates the following code:

add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[''] );
return $methods;
} );

If you run a WordPress site I would highly recommend disabling this function so as not to cause your fellow website administrators angst.