From Wikipedia, the free encyclopedia
Jump to: navigation, search

A pingback is one of four types of linkback methods for Web authors to request notification when somebody links to one of their documents. This enables authors to keep track of who is linking to, or referring to their articles. Some weblog software and content management systems, such as WordPress, Movable Type, Serendipity, and Telligent Community, support automatic pingbacks where all the links in a published article can be pinged when the article is published. Other content management systems, such as Drupal and Joomla, support pingbacks through the use of addons or extensions.

Essentially, a pingback is an XML-RPC request (not to be confused with an ICMP ping) sent from Site A to Site B, when an author of the blog at Site A writes a post that links to Site B. The request includes the URI of the linking page. When Site B receives the notification signal, it automatically goes back to Site A checking for the existence of a live incoming link. If that link exists, the pingback is recorded successfully. This makes pingbacks less prone to spam than trackbacks. Pingback-enabled resources must either use an X-Pingback header or contain a <link> element to the XML-RPC script.


In March 2014, Akamai published a report about a widely seen exploit involving Pingback that targets vulnerable WordPress sites.[1] This exploit led to massive abuse of legitimate blogs and websites and turned them into unwilling participants in a DDoS attack.[2] Details about this vulnerability have been publicized since 2012.[3]

See also[edit]

  • Webmention, a modern re-implementation of PingBack using HTTP and x-www-urlencoded POST data.
  • Linkback, the suite of protocols that allows websites to manually and automatically link to one another.
  • Refback, a similar protocol but easier than Pingbacks since the site originating the link doesn't have to be capable of sending a Pingback
  • Trackback, a similar protocol but more prone to spam.
  • Search engine optimization


  1. ^ Brenner, Bill. "Anatomy of Wordpress XML-RPC Pingback Attacks". The Akamai Blog, March 31, 2014 5:42 AM. Retrieved July 7, 2014. 
  2. ^ Cid, Daniel. "More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack". Sucuri Blog, March 10, 2014. Retrieved July 7, 2014. 
  3. ^ Calin, Bogdan. "WordPress Pingback Vulnerability". Accunetix, December 17, 2012 - 01:17pm. Retrieved July 7, 2014. 

External links[edit]