This topic describes how to prevent WordPress Pingback attacks with Alibaba Cloud WAF.
What is a WordPress Pingback attack
WordPress is a blog platform developed using the PHP language, and pingback is a plug-in of WordPress. Hackers can use pingback to initiate WordPress Pingback attacks against the website.
After suffering from the WordPress attack, you can see a lot of requests with User-Agent containing WordPress and pingback on the server log.
As a variant of HTTP flood attack, WordPress Pingback attacks typically have the following symptoms: slow webpage loading, excessive server CPU consumption, response/data loss, and so on.
How to use WAF for defense
- Log on to the Web Application Firewall console.
- Go to the page.
- Locate to the domain name to be configured and click Policies.
- Enable HTTP ACL Policy, and click Settings.
- Click Add Rule and add the following access control rules respectively.
- Block the access containing pingback in User-Agent.
- Rule name: wp1
- Matching field: User-Agent
- Logical operator: Includes
- Matching content: pingback
- Action: Block
- Block the access containing WordPress in User-Agent.
- Rule name: wp2
- Matching field: User-Agent
- Logical operator: Includes
- Matching content: WordPress
- Action: Block
Note You must add both the rules separately. - Block the access containing pingback in User-Agent.