5 days ago on the Internet appeared malicious script that exploits vulnerabilities in WordPress Pingback API for DDoS-attacks.
Experts note that by accessing the WordPress XMLRPC API, using the file xmlrpc.php, attackers can not only use it for DDoS-attacks, but also to learn whether a host on the internal network, scan ports hosts inside the network, and even change setting Internal marshrutizatora.Po experts, at the moment the only solution for users who want to protect your site from malicious script that exploits vulnerabilities in WordPress Pingback API, rename or delete the file xmlrpc.php.
For the first time this vulnerability WordPress developers reported 6 years ago, but then did not take these messages seriously, citing the fact that there are so many ways to spend a DDoS-attack on the sites created on WordPress, as well, and how to combat them.