[wp-hackers] WP’s XML-RPC functionality a security vulnerability?
Joshua Eichorn
joshua.eichorn at pagely.com
Mon Jul 21 16:57:18 UTC 2014
Likely they are talking about xml-rpc ping attacks.
http://wordpress.org/plugins/remove-xmlrpc-pingback-ping/
-josh
On Mon, Jul 21, 2014 at 9:52 AM, Stephen Harris <contact at stephenharris.info>
wrote:
> I too have noticed some DoS attacks using XML-RPC to target the site. But
> the e-mail from the hosts said:
>
> > Attackers are abusing the feature to launch DDoS attacks against other
> sites.
>
> so it would seem they are referring to something like
> https://core.trac.wordpress.org/ticket/4137 (which is fixed).
>
> So I would follow their advice (disable XML-RPC if you don't need it), but
> it's not clear what vulnerability they are referring to
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list