1. The BackupBuddy plugin needs to be updated as it has a critical flaw.
2. If one allows the pingback feature (which tries to notify the blog that a someone linked to it) or notifies another blog that got linked to. It is about a service that notifies when blogs link and get linked.
If one allows link notification from other blogs (pingbacks and trackbacks) an old issue inside WordPress code according to Wordfence (a security plugin company for WordPress) blogpost.
The pingback function is checked by default, so one has to uncheck it to remove the function.