Pingbacks and trackbacks are a legacy WordPress mechanism that notifies other sites when you link to them. In practice, most pingbacks are spam and there is no reason to keep the feature enabled. For more on hardening WordPress security.
Disable pingbacks via code – add to functions.php:
add_filter( 'xmlrpc_methods', function( $methods ) {
unset( $methods['pingback.ping'] );
unset( $methods['pingback.extensions.getPingbacks'] );
return $methods;
} );
add_action( 'pre_ping', function( &$links ) {
$home = get_option( 'home' );
foreach ( $links as $l => $link ) {
if ( strpos( $link, $home ) === 0 ) {
unset( $links[ $l ] );
}
}
} );Also disable the option in Settings > Discussion > uncheck “Allow link notifications from other blogs (pingbacks and trackbacks)”.