This plugin hasn’t been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Remove XMLRPC Pingback Ping

Description

Prevent your WordPress install from participating in pingback denial of service attacks.

From sucuri.net:

Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.

Read the FooPlugin’s post Beware : Your Site Is Part of a WordPress Pingback DDoS Botnet

Learn More

Is Your Site Attacking Others?

Use Sucuri’s WordPress DDOS Scanner to check if your site is DDOS’ing other websites

Why Not Just Disable XMLRPC Altogether?

Yes, you can choose to do that using the plugin Disable XML-RPC, but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working 100%. That is why this small plugin exists.

How To Test Your Site?

Follow the steps in the GitHub repo

Disclaimer

I did not write this code. I just put it together in a plugin so more people can easily install and use it. Original code from wptavern.com and sucuri.net in the links above.

Screenshots

  • POSTMAN: Without the plugin installed
  • POSTMAN: With the plugin installed

Installation

Using The WordPress Dashboard

  1. Navigate to the ‘Add New’ in the plugins dashboard
  2. Search for ‘Remove XMLRPC Pingback Ping’
  3. Click ‘Install Now’
  4. Activate the plugin on the Plugin dashboard

Uploading in WordPress Dashboard

  1. Navigate to the ‘Add New’ in the plugins dashboard
  2. Navigate to the ‘Upload’ area
  3. Select remove-xmlrpc-pingback-ping.zip from your computer
  4. Click ‘Install Now’
  5. Activate the plugin in the Plugin dashboard

Using FTP

  1. Download remove-xmlrpc-pingback-ping.zip
  2. Extract the remove-xmlrpc-pingback-ping directory to your computer
  3. Upload the remove-xmlrpc-pingback-ping directory to the /wp-content/plugins/ directory
  4. Activate the plugin in the Plugin dashboard

FAQ

Is My Site Attacking Others?

It could be! Use Sucuri’s WordPress DDOS Scanner to check if your site is DDOS’ing other websites

Reviews

No longer effective

Unfortunately, it looks like this plugin is not effective anymore as I’ve had a few sites attacked with this plugin installed.

Trying to manage though .htaccess now. Wish someone would write something new to fix this.

Read all 2 reviews

Contributors & Developers

“Remove XMLRPC Pingback Ping” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.0.0

  • First release