Remove XMLRPC Pingback Ping - Version 1.0

Version Description

Download this release

Release Info

Developer WebFactory
Plugin Icon 128x128 Remove XMLRPC Pingback Ping
Version 1.0
Comparing to
See all releases

Version 1.0

Files changed (2) hide show
  1. README.txt +82 -0
  2. remove-xmlrpc-pingback-ping.php +35 -0
README.txt ADDED
@@ -0,0 +1,82 @@
1
+ === Remove XMLRPC Pingback Ping ===
2
+ Contributors: bradvin
3
+ Tags: xmlrpc
4
+ Requires at least: 3.5.1
5
+ Tested up to: 3.9
6
+ Stable tag: trunk
7
+ License: GPLv2 or later
8
+ License URI: http://www.gnu.org/licenses/gpl-2.0.html
9
+
10
+ Prevent your WordPress install from participating in pingback denial of service attacks.
11
+
12
+ == Description ==
13
+
14
+ Prevent your WordPress install from participating in pingback denial of service attacks.
15
+
16
+ From sucuri.net:
17
+
18
+ > Any WordPress site with Pingback enabled (which is on by default) can be used in DDOS attacks against other sites.
19
+
20
+ Read the FooPlugin's post [Beware : Your Site Is Part of a WordPress Pingback DDoS Botnet](http://fooplugins.com/prevent-wordpress-pingback-ddos/)
21
+
22
+ = Learn More =
23
+
24
+ * [How To Prevent WordPress From Participating In Pingback Denial of Service Attacks](http://wptavern.com/how-to-prevent-wordpress-from-participating-in-pingback-denial-of-service-attacks) - wptavern.com
25
+ * [More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack](http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html) - sucuri.net
26
+ * [xmlrpc.php and Pingbacks and Denial of Service Attacks, Oh My!](http://hackguard.com/xmlrpc-php-ping-backs-hackers-denial-service-attacks) - hackguard.com
27
+
28
+ = Is Your Site Attacking Others? =
29
+
30
+ Use [Sucuri's WordPress DDOS Scanner](http://labs.sucuri.net/?is-my-wordpress-ddosing) to check if your site is DDOS’ing other websites
31
+
32
+ = Why Not Just Disable XMLRPC Altogether? =
33
+
34
+ Yes, you can choose to do that using the plugin [Disable XML-RPC](http://wordpress.org/plugins/disable-xml-rpc/), but if you use popular plugins like JetPack (that use XMLRPC) then those plugins will stop working 100%. That is why this small plugin exists.
35
+
36
+ = How To Test Your Site? =
37
+
38
+ Follow the steps in the [GitHub repo](https://github.com/fooplugins/remove-xmlrpc-pingback-ping#how-to-test-your-site)
39
+
40
+ = Disclaimer =
41
+
42
+ I did not write this code. I just put it together in a plugin so more people can easily install and use it. Original code from wptavern.com and sucuri.net in the links above.
43
+
44
+ == Installation ==
45
+
46
+ = Using The WordPress Dashboard =
47
+
48
+ 1. Navigate to the 'Add New' in the plugins dashboard
49
+ 2. Search for 'Remove XMLRPC Pingback Ping'
50
+ 3. Click 'Install Now'
51
+ 4. Activate the plugin on the Plugin dashboard
52
+
53
+ = Uploading in WordPress Dashboard =
54
+
55
+ 1. Navigate to the 'Add New' in the plugins dashboard
56
+ 2. Navigate to the 'Upload' area
57
+ 3. Select `remove-xmlrpc-pingback-ping.zip` from your computer
58
+ 4. Click 'Install Now'
59
+ 5. Activate the plugin in the Plugin dashboard
60
+
61
+ = Using FTP =
62
+
63
+ 1. Download `remove-xmlrpc-pingback-ping.zip`
64
+ 2. Extract the `remove-xmlrpc-pingback-ping` directory to your computer
65
+ 3. Upload the `remove-xmlrpc-pingback-ping` directory to the `/wp-content/plugins/` directory
66
+ 4. Activate the plugin in the Plugin dashboard
67
+
68
+ == Screenshots ==
69
+
70
+ 1. POSTMAN: Without the plugin installed
71
+ 2. POSTMAN: With the plugin installed
72
+
73
+ == Frequently Asked Questions ==
74
+
75
+ = Is My Site Attacking Others? =
76
+
77
+ It could be! Use [Sucuri's WordPress DDOS Scanner](http://labs.sucuri.net/?is-my-wordpress-ddosing) to check if your site is DDOS’ing other websites
78
+
79
+ == Changelog ==
80
+
81
+ = 1.0.0 =
82
+ * First release
remove-xmlrpc-pingback-ping.php ADDED
@@ -0,0 +1,35 @@
1
+ <?php
2
+ /**
3
+ * Remove XMLRPC Pingback Ping
4
+ *
5
+ * Prevent WordPress From Participating In Pingback Denial of Service Attacks
6
+ *
7
+ * @package Remove_XMLRPC_Pingback_Ping
8
+ * @author Brad Vincent <bradvin@gmail.com>
9
+ * @license GPL-2.0+
10
+ * @link http://wordpress.org/plugins/remove-xmlrpc-pingback-ping
11
+ * @copyright 2014 Brad Vincent
12
+ *
13
+ * @wordpress-plugin
14
+ * Plugin Name: Remove XMLRPC Pingback Ping
15
+ * Plugin URI: http://wordpress.org/plugins/remove-xmlrpc-pingback-ping
16
+ * Description: Prevent WordPress From Participating In Pingback Denial of Service Attacks
17
+ * Version: 1.0.0
18
+ * Author: Brad Vincent
19
+ * Author URI: http://fooplugins.com
20
+ * License: GPL-2.0+
21
+ * License URI: http://www.gnu.org/licenses/gpl-2.0.txt
22
+ * GitHub Plugin URI: https://github.com/fooplugins/remove-xmlrpc-pingback-ping
23
+ */
24
+
25
+ // If this file is called directly, abort.
26
+ if ( ! defined( 'WPINC' ) ) {
27
+ die;
28
+ }
29
+
30
+ add_filter( 'xmlrpc_methods', 'remove_xmlrpc_pingback_ping' );
31
+
32
+ function remove_xmlrpc_pingback_ping( $methods ) {
33
+ unset( $methods['pingback.ping'] );
34
+ return $methods;
35
+ }