Being the most popular open-source CMS comes with it’s price. Recently the number of attacks against WordPress websites has significantly increased as reported by one of the leaders in the online security Sucuri.
In order to prevent your WordPress website to become victim of such pingback denial of service attacks you should disable the XML-RPC interface which by default is enabled on every clean WordPress installation.
Unfortunately, if you disable the XML-RPC interface this will result in issues with your WordPress website because the Jetpack uses this interface. There would also be issue with the mobile apps as they are depending on the XML-RPC interface to function properly.
Todays plugin of choice deals exactly with this issue and disables some specific features of the XML-RPC interface while you can use the rest of XML-RPC methods.
Once installed the plugin removes the “pingback.ping” and “pingback.extensions.getPingbacks” methods from the XML-RPC interface and makes your WordPress website less vulnerable for such malicious activities.
How should you begin with the plugin?
In order to install the plugin you can simple search for its name – “Disable XML-RPC Pingback” in the search box provided in your WordPress Admin Area -> Plugins -> Add new.
Once you install and activate the plugin you will be able to enable it from your WordPress admin area -> Plugins.
To sums it up here are the links mentioned in the this post:
Disable XML-RPC Pingback plugin url: https://wordpress.org/plugins/disable-xml-rpc-pingback/
TMDHosting WordPress package: http://www.tmdhosting.com/wordpress-hosting.html
TMDHosting plugin installation tutorial: http://www.tmdhosting.com/tutorials/wordpress/wordpress-plugin-installation.html