WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #21509, comment 19


Ignore:
Timestamp:
10/26/2014 07:02:59 PM (5 years ago)
Author:
maxcutler
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #21509, comment 19

    initial v1  
    66That option only applies to XML-RPC methods that check user credentials, but pingbacks/trackbacks are anonymous and thus do not fall under that check.
    77
    8 There are opportunities for the community to write plugins or better documentation on how to block ping/trackback requests either at the PHP level (e.g., by hooking the `xmlrpc_call` method and `die`ing for these methods) or the web server/proxy level (e.g., nginx or Varnish). But just disabling XML-RPC by default will not help with the DDOS issues.
     8There are opportunities for the community to write plugins or better documentation on how to block ping/trackback requests either at the PHP level (e.g., by hooking the `xmlrpc_call` action and `die`ing for these methods) or the web server/proxy level (e.g., nginx or Varnish). But just disabling XML-RPC by default will not help with the DDOS issues.