UNCG C3

UNCG Community of Content Creators

A Message from IT: Pingbacks and keeping your WordPress site safe

Posted on Monday, March 17th, 2014 by Breon Williams under Plugins, Security, WordPress, WordPress Security. Tags: , , , , ,
It has come to our attention that attackers are misusing a standard WordPress feature called pingbacks to perform Distributed Denial of Service (DDOS) attacks. More than 162,000 WordPress sites (including some WordPress sites on campus) have been identified as participants in the most recent attack. Since this technique abuses standard WordPress functionality, your site does not have to be hacked or compromised to participate.
There is not yet a WordPress update that addresses this issue, but additional site configuration can limit the effectiveness of this technique. We recommend that all WordPress administrators make the following changes:

 

In accordance with the service level agreement for LAMP web sites, ITS may elect to take corrective steps when an application poses a risk to the integrity of the hosting environment. Taking the above steps will help make sure your WordPress site is not used significantly in these attacks and help safeguard the LAMP environment.

It has come to our attention that attackers are misusing a standard WordPress feature called pingbacks to perform Distributed Denial of Service (DDOS) attacks. More than 162,000 WordPress sites (including some WordPress sites on campus) have been identified as participants in the most recent attack. Since this technique abuses standard WordPress functionality, your site does not have to be hacked or compromised to participate.
To address this issue in the WordPress Multisite environment, on Friday morning, March 21st, we will install the Disable XML-RPC Pingback plugin which disables pingback functionality. If you use pingbacks, you may re-enable this functionality by logging into your WordPress Dashboard, clicking Plugins, and then clicking the Deactivate link beneath Disable XML-RPC Pingback.
Comments Off on A Message from IT: Pingbacks and keeping your WordPress site safe