via blog.cloudflare.com => original post link
At CloudFlare a lot of our customers use WordPress, that's why we have our own plugin, we hang out at WordCamp and we wrote a WordPress specific ruleset for our Web Application Firewall.
WordPress' ubiquity on the web can make it an ideal target for Layer 7 attacks, and its powerful features as a blogging platform can be demanding on small web and database servers, meaning Layer 7 attacks can be effective in making a WordPress server go offline using a relatively low number of requests.
Recently the folks at Sucuri observed a large DDoS using WordPress' pingback mechanism. A pingback is a way of one website telling another that it has linked to their content. We’ve seen this attack in the past and already had WAF rules in place to block it.