A DDoS attack leveraged more than 162,000 legitimate WordPress installations. The attack was possible because of the pingback function in the XML-RPC implementation used by WordPress. Bypassing the cache means that pages are served in full or the website expends resources looking for something that isn’t there, creating resource exhaustion if several pages are requested at once. WordPress project lead: “No serious attacks (above 2gbps) use it” However, the risk can be mitigated if the Pingback function isn’t required.”]