Blockchain
Cannabis
Cryptocurrency
Influencers
Micromobility
On-Demand & Shared Economy
On-Demand Delivery
Robotics
SPACs
Web3
E-Commerce
Education Technology
Esports
Fintech
MSPs
SaaS
Startups
Technology
Life Science Risk Management
Biotech
Dietary Supplement & Nutraceutical
FamTech & BabyTech
HealthTech
Pharmaceutical
Virtual Care, TeleHealth, & Telemedicine
Financial Services
Professional Services
Media & Advertising
info@foundershield.com 
114 E 25th St, New York, NY 10010 
646.970.1834 
Carl Niedbala
COO & Co-Founder
COO & Co-Founder
In a somewhat ironic twist, popular cybersecurity blog Krebs on Security recently suffered a cyber attack. The site, just like ours and at least 60 million others out there, is built on WordPress, and the attack illuminated some troubling WordPress security issues. So what exactly happened and how can you prevent this from happening to your WordPress site?
First of all, Krebs wasn’t the only site to experience the breach. It was actually a distributed denial of service (DDOS) attack that affected about 162,000 WordPress sites! According to Krebs, the hackers used the “pingback” function that WordPress includes with their platform. This function allows the site owner to get “pinged” back (or notified) when an outsider links to a certain page of their site. While clearly a somewhat useful feature, it’s apparently low hanging fruit for the more mischievous.
So what’s the fix? Pingbacks, by the way, are enabled by default and most WordPress users tend to glance over the feature. Here are a few ways to deal with the issue:
1. Disable pingbacks! Go to Settings > Discussion and uncheck:
- Attempt to notify any blogs linked to from the article
- Allow link notifications from other blogs (pingbacks and trackbacks)
2. Install this plugin
3. Create your own plugin for your site and upload it via FTP. It must include the following code:
add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods[‘pingback.ping’] );
return $methods;
} );
Krebs’ post also pointed to this nifty tool to see if your site was used in the recent DDOS attack. Thats right…some WordPress websites were used to attack other sites without the owner’s knowledge! Imagine being sued for something that your website did without your knowledge. Definitely not fun. At least your Cyber Liability Insurance will kick in to cover you, right?
WordPress security issues resolved. Update your settings right now!
Need a quote?
[vc_btn title=”GET A QUOTE” style=”outline-custom” outline_custom_color=”#ee2524″ outline_custom_hover_background=”#ee2524″ outline_custom_hover_text=”#ffffff” shape=”square” size=”lg” align=”center” link=”url:https%3A%2F%2Fapp.foundershield.com%2Fusers%2Fsign_up|||”]
