[wp-hackers] Plugin to stop wp-trackback DOS attack

Glenn Ansley glenn at glennansley.com
Tue Oct 20 14:31:59 UTC 2009

Hi All,
There have been several reports this morning of a DOS attack affecting
the WordPress wp-trackback.php file.

    * [original post] http://www.stevefortuna.com/new-0-day-wordpress-exploit/
    * http://jarraltech.com/2009/10/new-0-day-wordpress-exploit/
    * http://www.hashbangcode.com/blog/wordpress-dos-attack-script-solution-2135.html

All the the solutions have been the same thus far and require editing
your .htaccess file or the wp-trackback.php file.

FullThrottle has composed this quick plugin that accomplishes the same
thing as the edit to the wp-trackback.php file.

We will update this post and our code if further insight into the
attack deems it necessary.
We'd greatly appreciate any feedback this list has as well.

You can download the plugin to test here:

or place the following in your theme's functions.php file:

function ft_stop_trackback_dos_attacks(){
	global $pagenow;
	if ( 'wp-trackback.php' == $pagenow ){
		// DoS attack fix.
		if ( isset($_POST['charset']) ){
			$charset = $_POST['charset'];
			if ( strlen($charset) > 50 ) {  die; }

Glenn Ansley

More information about the wp-hackers mailing list