Getting trackback spam, even with trackbacks disabled

If you are using a twentyten/eleven theme, they hardcode the pingback meta tag into the head.php file. Remove that line or use your own theme. Also, and maybe it’s only in multisite, but the X-Pingback header is sent along with the xmlrpc endpoint url as well. Removed with the following:

/**
 * Remove the X-Pingback header, since pingbacks are disabled
 */
add_filter('wp_headers', 'custom_remove_xmlrpc_header', 1, 2);
function custom_remove_xmlrpc_header($headers, $wp_object){
  if (array_key_exists('X-Pingback', $headers))
    unset($headers['X-Pingback']);
  return $headers;
 }

Related Posts:

  1. how to reduce the number of spam comments
  2. A spam bot loves me, what can I do?
  3. How to spam-filter a custom content type with the Akismet plugin?
  4. How to block a someone from commenting?
  5. Reducing spammy user sign-ups
  6. How to reduce spam
  7. How do I permanently disable Pingbacks?
  8. What are all these spam subscribers doing here?
  9. How to disable WordPress trackbacks?
  10. How can I delete all my existing trackbacks?
  11. How can I delete all users which have never commented / have posted spam comments?
  12. Comment Spammed vs Trashed
  13. Contact Form 7 being hijacked to send spam? [closed]
  14. getting casino links on my woocommerce site [closed]
  15. How to locate & delete hidden pages on a site
  16. How is my non-published blog getting so much spam?
  17. Contact Form 7 Plugin send emails to my Gmail as spam [closed]
  18. Automated spam being caught in 2 posts. Can this be used to help get rid of spam on everyone’s sites?
  19. WordPress Site has 35K spam images
  20. WordPress Phone Verification
  21. Is the tagline area spam-bot proof?
  22. Spam email sent from my [email protected] account
  23. How to block spam blocks pointing to a same website [closed]
  24. WordPress VPS out of Memory Problem
  25. Is it possible to determine proxy based comments?
  26. How to track down a phantom contact form?
  27. How to get rid of spam forever?
  28. Spams, Scams on WordPress site – what to do?
  29. Auto block ALL IP’s indicated by Akismet?
  30. Simple comments spam solution
  31. How to stop people from using my domain to send spam? [duplicate]
  32. Reading settings from app.config or web.config in .NET
  33. Encrypt Password in Configuration Files?
  34. How to set NotebookApp.iopub_data_rate_limit and others NotebookApp settings in JupyterHub?
  35. Control verbosity level of WP DEBUG?
  36. Improve wordpress security by hiding non public resources
  37. Experiences with adding Nonces to the comment form
  38. Tips for finding SPAM links injected into the_content
  39. How do I transition multiple installations to a single Multisite installation?
  40. How to deal with small scale comment spam on small commercial sites? [closed]
  41. Hosting multiple WordPress sites on single server – best practices?
  42. What’s the easiest way to close comments on media/attachments?
  43. How to use live images on local install?
  44. What is the best way to provide plugin users with a way to customized the styles
  45. Add robots.txt to root
  46. Website is being flooded [closed]
  47. Using wp-uploads instead of wp-content/uploads
  48. How Do I Prevent Junk Account Creation?
  49. Set wp-content folder to Dropbox folder
  50. How to backup and restore configurations
  51. Allow download_url for lan addresses
  52. Subdomain and subdirectories together in one installation
  53. Akismet plugin is deleting spam despite preferences
  54. Hacked website redirect, only on desktop, help with restoring it [closed]
  55. Buddypress Fake (non-bot) Users [closed]
  56. New users must comment when requesting username
  57. Report spam button
  58. Does WordPress MultiSite use separate MySql databases?
  59. wp_redirection_404 table has grown to 7GB
  60. Set WP_MAX_MEMORY_LIMIT higher than PHP.ini memory_limit
  61. Can somebody tell me how I am supposed to be using blogs.dir for network / MU sites?
  62. Why edits to wp-config.php must come before “That’s all” comment
  63. nginx.conf appeared in all WordPress installations on folder
  64. Gutenberg Block Development: Trying to add custom js script to npm start command by modifying webpack.config
  65. WordPress Ignoring .user.ini
  66. WordPress – Promoting A Dev Build In A Subdirectory To Production / Root Directory
  67. Work flow for multiple developers
  68. How can I run a multi language WordPress site in two folders in one install? [closed]
  69. How to block comments and pings?
  70. Batch approve comments
  71. Show wordpress locally in xammp and in iPhone via ip
  72. How do I filter users based on email address?
  73. Is there a spam comment blocker that blocks IP addresses for a limited amount of time? [closed]
  74. Spam injected in w3 total cache page cache [closed]
  75. Stop SPAM from custom form
  76. What should index.php contain on Synology NAS to get external access to WordPress to work?
  77. Why when I try to access to this old WordPress site it is opened the installation page?
  78. Move wordpress files to sub-folder
  79. “GET / HTTP/1.1” 304 186 “-” inside access_log for a WordPress site, but the admin side works
  80. How to stop direct HTTP POST to a PHP script?
  81. How do you set the default page in WordPress?
  82. can’t upgrade wordpress or install plugins, it seems to “think” it’s still on a local installation
  83. Block registration by URL referrer?
  84. XML Sitemap Generator and 404 problem
  85. WordPress comment processing . Default unapproved comments detection before posting
  86. Block internal search queries with pre_get_posts and regex rules
  87. Changes not being reflected on new server
  88. Subpage is redirecting to spam site
  89. Using htaccess to prevent spam through wp-comments-post.php
  90. How can I automatically delete comments that contain a URL?
  91. Front-end pages messed up due to HTTPS
  92. Copy wordpress settings to another blog
  93. New accounts daily at WP Multi-User site under development, Analytics reports no traffic. What gives?
  94. Where do I add my own configuration needs and how do I access them?
  95. nginx + wordpress: Best practices for configuring it to be secure, reliable, and fast? [closed]
  96. command for checking Apache configuration
  97. Difference in sites-available vs sites-enabled vs conf.d directories (Nginx)?
  98. Fighting Spam – What can I do as an: Email Administrator, Domain Owner, or User?
  99. Adding a directory to $PATH in CentOS?
  100. How to check for modified config files on a Debian system?

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)