Nginx
To block access to xmlrpc in nginx use the following configuration:
location = /xmlrpc.php {
    deny all;
    return 404;
}
Apache
If you have access to your main Apache configuration file, use the code below there. Alternatively, create a file named .htaccess in your WordPress directory with the following contents:
<Files "xmlrpc.php">  
  Require all denied
</Files>
https://blog.wpscan.com/is-wordpress-xmlrpc-a-security-problem/

WordPress Tips

XMLRPC