WordPress Vulnerability Contributes to DDOS Attacks

Are running a WordPress site? A recent vulnerability, actively being used to perform DDOS attacks, is making its rounds. Basically, a “pingback” function that is built into WordPress (enabled by default), allows an "attacker" to target a specific site and use the built in feature "pingback" of another site, to take a targeted site down. This means that a vulnerable WordPress site is used to attack another site, multiply that by thousands, and the "target" is unable to handle the vast amount of requests.  While this isn't a direct threat to your site, by leaving this vulnerability enabled, your allowing your site to be used as a weapon. While the WordPress team is aware of the issue, they are not likely to release a "patch" because this is considered a "feature" and one that many other plugins use.

A plugin exists that will mitigate this vulnerablity on your WordPress site, download/install this highly rated plugin (disable XML-RPC).

How secure is your WordPress site? With WordPress becoming increasingly popular as the platform for many websites, mostly due to the "ease of use" factor, we continue to find that many of these sites lack any "best practice". High Desert Technology can help assess and implement "best practice".   

More information regarding this "vulnerability" can be found at SECURI.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed



US-CERT Latest Warnings

Latest US-CERT Released Warnings