#REmove this comment if using this code snippet. Insert this in the htaccess file that is in the main WordPress file area (where wp-config etc) are located. A Plugin is also available to do this, but if you can find or create an htaccess file, why use it? Certain IPs can be excepted below, see https://www.hostinger.com/tutorials/xmlrpc-wordpress for a full explanation


#begin Block WordPress xmlrpc.php (file on root WordPress) requests as this is a definite security liability. The xmlrpc functionality is an unsecure outdated WP feature that was used so adminstrators could edit the site offline on some other bloging platform and then upload changes from any URL remotely. Disabling it may cause some outdated plugins not work.

<Files xmlrpc.php>
order deny,allow
deny from all
</Files>

#end Block WordPress xmlrpc.php