Thousands of legitimate WordPress websites have been hijacked by hackers. The attack exploited an issue with the XML-RPC (XML remote procedure call) of the WordPress. The Pingback mechanism allows anyone to initiate a request from WordPress to an arbitrary site. WordPress administrators can check online WordPress DDOS Scanner tool to find if their blogs are vulnerable to this attack. To stop your WordPress website from being misused, you will need to disable the Pingback (Pingback) functionality on your site, but it’s unlikely because it’s needed for important features.
Source: https://thehackernews.com/2014/03/162000-vulnerable-wordpress-websites.html