STEP 1 :
.htaccess
1 2 3 4 5 6 | # Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from xxx.xxx.xxx.xxx </Files> |
Important! Change xxx.xxx.xxx.xxx to IP address you wish to allow access xmlrpc.php or remove this line completely.
STEP 2 :
Disable XML-RPC to reduce the attack surface. You can do this by adding the following code to your theme’s functions.php file:
1 | add_filter('xmlrpc_enabled', '__return_false'); |
STEP 3 :
Use Plugin Wordfence