Nginx
To block access to xmlrpc in nginx use the following configuration:
location = /xmlrpc.php { deny all; return 404; }If you have access to your main Apache configuration file, use the code below there. Alternatively, create a file named .htaccess in your WordPress directory with the following contents:
<Files "xmlrpc.php"> Require all denied </Files>https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/