How to disable the Wordpress Pingback feature

The Wordpress plugin XML-RPC Pingback is used for tracking when your Wordpress blog pages are linked externally. Due to security problems with the implementation of the XML-RPC Pingback feature, CETS requires that all SEAS users disable this feature when using Wordpress. Follow the steps below to secure your Wordpress installation by disabling the feature.

Disabling XML-RPC pingback

  1. Log into the Wordpress admin panel for your Wordpress installation. If you see updates available, apply these before continuing.
  2. Hold your cursor over Plugins from the left-hand navigation menu and click Add New from the menu that appears.
  3. Type Disable XML-RPC Pingback in the search box and click Search.

  4. The top plugin listed in the results should be Disable XML-RPC Pingback.

  5. Click Install now, then Yes in response to the Do you really want to install? question.
  6. After Wordpress reports Successfully installed, click the Activate plugin link. Wordpress will confirm the change, as shown in the screenshot below.

That's it! Once you have installed and activate the plugin, the pingback feature will be disabled in your Wordpress installation. This makes your Wordpress site more secure by preventing attackers from leveraging the pingback feature to send spam pingbacks to other websites. As always, if you have additional questions, send email to CETS.

© Computing and Educational Technology Services | Contact CETS
cets@seas.upenn.edu | 215.898.4707