However, it's not the first time when Web security firms have reported DDoS attacks leveraging the WordPress pingback functionality. Security firm Incapsula reported that in July 2013 one of its customers was targeted in a pingback DDoS attack from 50,000 bots that generated a total of 8 million page hits at a rate of 1,000 hits per second.
Many Web application firewalls are likely to have detection and blocking rules for this type of attack already. The Sucuri blog post also contains a snippet of code that WordPress site owners can add to their themes to disable the pingback feature and prevent their sites from being misused in attacks.
Sign up for Computerworld eNewsletters.