Todd Redfoot, chief information security officer at GoDaddy, told eWEEK that he started to see an uptick in WordPress attacks in late February.
The attacks leverage the XML-RPC (Remote Procedure Call) “pingback” functionality in WordPress to launch DDoS attacks. XML-RPC is legitimately used within WordPress as a mechanism for content owners to do a pingback of posts. The pingback allows content owners to track where their content is getting linked.
Redfoot noted that GoDaddy put counter-measures in place in late February to mitigate the XML-RPC DDoS risk, but has seen another big spike in activity during the first two weeks of March.
Read the full story at eWEEK:
WordPress Feature Leveraged to Launch DDoS Attacks
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.