What is a trackback?
A trackback and pingback notifies you that your blog has been linked to from another blog on the web. Trackbacks will show up in the comment moderation section of your WordPress blog with content, a pingback is a link with no content. Most are just spam although you might get legitimate ones too. A lot of WordPress bloggers use them. A LOT.
Many of our team has used them too but not any longer. Trackbacks and pingbacks pose a serious threat.
If you have trackbacks enabled, it would be in your best interest to totally remove them. The threat is still there if all you do is disable trackbacks. In a nutshell using the script that runs trackbacks poses an ongoing security risk.
Things that could potentially happen:
- Hackers attack using the trackback feature.
- Trackbacks have been known to cause massive distributed denial-of-service attack (DDoS) attacks.
- Other clean WordPress sites can be used by the hacker to do their dirty work. Simply scary!
Why risk getting hacked?
On a personal note, I would much rather turn off these notifications and keep my site from a potential hacking rather than the minor benefit of having someone else possibly see my link on someone else's blog. Plus it's my understanding that WordPress has automatically set nofollow on trackbacks, pingbacks and comment links. So it's a total no brainer for me.
How to disable trackbacks?
You can disable them by going to your WordPress dashboard and clicking on Settings—>Discussion then uncheck the box that says “allow link notifications from other blogs (pingbacks and trackbacks)”. Then scroll to the bottom of the page and click the Save Changes button. See an example below:
Completing this step only works for future posts. You will need to then disable trackbacks on current posts that already exist on your WordPress blog. You can do this by digging in to your cPanel and phpMyAdmin or use the iThemes Security Pro plugin. See below…
How to disable trackbacks for all WordPress pages?
It's easy with iThemes Security Pro. All you need to do is disable XMLRPC completely unless another plugin you use requires it then only choose disable trackbacks in the plugin.
Go to Security—> Settings—> WordPress Tweaks. And then save your changes. Yep that's all.
If you need help going over iThemes Security settings or have any WordPress questions set up a consultation with us.