WordPress.org

Make WordPress Core

Opened 6 years ago

Closed 6 years ago

#5311 closed defect (bug) (invalid)

HTTP-header X-Pingback when pingbacks are turned off

Reported by: ose Owned by:
Milestone: Priority: low
Severity: minor Version: 2.3.1
Component: General Keywords: http pingback security
Focuses: Cc:

Description

When switching off pingbacks under options/discussion, wordpress still sends an X-Pingback http header back to the browser.

This has two disadvantages:

  • It causes unnecessary traffic by other servers trying to ping wordpress
  • It reveals more information then necessary (essentially reveals that a server is running wordpress even if the web master tries to hide that fact in other places for security reasons).

Expected behavior: When pingbacks are disables, wordpress should not send the X-Pingback header to the browser.

Change History (1)

comment:1 westi6 years ago

  • Milestone 2.4 deleted
  • Resolution set to invalid
  • Status changed from new to closed

The options under options..discussion are not a global option for whether or not pingbacks are enabled but are just the defaults for new posts.

There is no option to disable pingbacks.

Note: See TracTickets for help on using tickets.