Block the xmlrpc.php file in WordPress. Set the IP addresses to allow access from if necessary:
<Files xmlrpc.php> <IfModule !mod_authz_core.c> order deny,allow deny from all allow from <IP ADDRESS> </IfModule> <IfModule mod_authz_core.c> Require ip <IP ADDRESS> <IP ADDRESS> </IfModule> </Files>
A simpler way is just to deny from all:
<Files xmlrpc.php> order deny,allow deny from all </Files>
Leave a Reply