What Are Pingbacks?
Pingbacks were originally designed to notify you when another WordPress site links to your content. When enabled, your WordPress site sends and receives automated comments (pingbacks) between linked posts. In theory, this promotes cross-linking and discussion. In reality, pingbacks are now one of the easiest ways hackers can abuse your site. If left enabled, they allow attackers to:
- Send hundreds of fake comments via xmlrpc.php.
- Use your site to attack other websites.
- Create DDoS chains that overload your server.
- Trigger resource spikes and take your site offline.
And the worst part? You may never realize it is happening.
Why Pingbacks Are a Security Risk
|
Risk |
Potential Impact |
|
Pingbacks enabled |
Your site can be used to ping other sites (botnet-style) |
|
High server load |
Site becomes slow or unresponsive |
|
Hosting account suspension |
Some hosts block sites that trigger DDoS alerts |
|
Search engine penalties |
IP blacklisting due to malicious traffic |
Here’s how to disable Pingbacks through WordPress Manager;
STEP 1: Log in to your cPanel.
There are three methods to log into your cPanel.
- Method 1: Log in to your cPanel directly.
- Method 2: Log in to your cPanel through your Customer Portal.
Through your Customer Portal;
- Log in to your Customer Portal.
- Click on "Log in to cPanel".
- Method 3: Log in using the details sent to your Email.
Through your Email;
- When you purchase a hosting plan, your cPanel login details (including username, password, and cPanel URL) are automatically sent to your registered email address. Simply check your inbox (or spam folder), locate the email, and use the provided credentials to access your cPanel.
STEP 2: Locate the Software section and click on Softaculous Apps Installer.
STEP 3: Click the box for Installations.
An alternative is to select the “All Installations” icon from the menu in the upper-right corner.
STEP 4: Click the WordPress icon next to the installation you want to manage.
STEP 5: In WordPress Manager, select the website you want to secure.
STEP 6: Tap on the Security Measures section.
STEP 7: Checkmark the box for “Turn off pingbacks”, and click Apply.
This does two things:
- Disables XML-RPC pingbacks at the server level.
- Removes pingback functionality from older posts.
How to Check If Pingbacks Are Enabled
Want to double-check?
- In your WordPress dashboard, go to:
- Settings → Discussion → Make sure “Allow link notifications from other blogs (pingbacks and trackbacks)” is unchecked.
- Or, use a security plugin or server log to see if xmlrpc.php?pingback.ping requests are happening frequently
Frequently Asked Questions (FAQs)
Q: Can disabling pingbacks affect SEO or backlinks?
Not at all. Pingbacks don’t influence SEO directly. Disabling them only stops the server-side communication, your links and content visibility remain intact.
Q: Will I still get notifications when someone links to my blog?
No. But you can track backlinks using tools like Google Search Console, Ahrefs, or SEMrush instead.
Q: What if I’ve already received malicious pingbacks?
Disable them first. Then, clean up spam comments and review your server logs. Our support team can assist if needed.
If your server has already been impacted or you suspect unusual activity, kindly reach out to our support team to investigate and apply the right fixes.
