How to Block XML-RPC Attacks?
How to Disable xmlrpc.php in WordPress?
What is XML-RPC?
XML-RPC is a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism. In short, it is a system that allows you to post on your WordPress blog using WordPress mobile app. It is also needed if you want to make connections to services like IFTTT.
If you want to access and publish to your blog remotely, then you need XML-RPC enabled.
How to Disable XML-RPC
Login Security – Disable XML-RPC authentication
All you have to do is paste the following code in a site-specific plugin:
Simply paste the following code in your .htaccess file:
<Files xmlrpc.php> order deny,allow deny from all allow from 10.0.10.102 </Files>
WAF – Web Application Firewall
Cloudlfare – Firewall Rules – URI contains xmlrpc.php