Attackers abused the WordPress pingback feature allowing websites to cross-reference blog posts. By sending hundreds of spoofed requests per second to the /xmlrpc.php file making these requests appear to come from the target site, the attacker tricks the website's servers into flooding the target with more traffic than it can handle.
XML-RPC (XML remote procedure call) is a protocol by WordPress and other web applications used to provide services such as pingbacks, trackbacks, and remote access to some users.
This option is preferred for Websites using mobile apps or Jetpack modules.
- Login to your WP Dashboard > Plugins > Add New
- Search Plugins for 'Disable XML-RPC Pingback' By Samuel Aguilera.
- Install & Activate 'Disable XML-RPC Pingback' plugin