Method 1: Disable via .htaccess (Apache)
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>Method 2: Nginx Block
location /xmlrpc.php {
deny all;
return 403;
}Method 3: Using Plugin
Install "Disable XML-RPC" plugin.
Method 4: Allow Only Specific IPs
RewriteCond %{REQUEST_URI} ^/xmlrpc.php$
RewriteCond %{REMOTE_ADDR} !^192.168.1.100$
RewriteRule .* - [F,L]