Stop xmlrpc attacks for good!
Don’t let your wordpress website be bogged down by ping-backs and xml request. If you are the only one accessing your website , there should be no reason for xmlrpc to be active. WordPress sets it as default on installation but it is real easy to disable.
Step 1. Blocking XML-RPC in the .htaccess file
Input the following code near the top of your .htaccess file:
# START XML RPC BLOCKING
Deny from all
# FINISH XML RPC BLOCKING
Step 2. Turn off trackbacks and pingbacks
From your WordPress Dashboard, go to Settings > Discussion.
It should look something like this:
In the top section you will see the following check-boxes. Turn them both off.
Done. The above 2 steps will turn XML-RPC completely off.