Using Trackbacks? Be Cautious!

I found this great article from Angie Newton at wpsecuritylock.com.
It stresses why using Trackbacks in WordPress is a bad idea. This is why we disable this feature for all of our clients. For us, the risks outweigh the rewards.
Please read the article and decide for yourself!

What is a “trackback?”

A trackback and pingback notifies you that your blog has been linked to from another blog on the web. Trackbacks will show up in the comment moderation section of your WordPress blog with content, a pingback is a link with no content. Most are just spam although you might get legitimate ones too. A lot of WordPress bloggers use them. A LOT.

Many of our team has used them too but not any longer. Trackbacks and pingbacks pose a serious threat.

If you have trackbacks enabled, it would be in your best interest to totally remove them. The threat is still there if all you do is disable trackbacks. In a nutshell using the script that runs trackbacks poses an ongoing security risk.

Things that could potentially happen:
• Hackers attack using the trackback feature.
• Trackbacks have been known to cause massive distributed denial-of-service attack (DDoS) attacks.
• Other clean WordPress sites can be used by the hacker to do their dirty work. Simply scary!
and more!

Why risk getting hacked?

On a personal note, I would much rather turn off these notifications and keep my site from a potential hacking rather than the minor benefit of having someone else possibly see my link on someone else’s blog. Plus it’s my understanding that WordPress has automatically set nofollow on trackbacks, pingbacks and comment links. So it’s a total no brainer for me.

How to disable trackbacks? …

See https://wpsecuritylock.com/using-trackbacks/ for details on disabling this feature for future posts and existing posts in WordPress.