Enable/Disable XML-RPC for all or based on IP list, also you can control pingback and Unset X-Pingback from HTTP headers.
You can now disable XML-RPC to avoid Brute force attack for given IPs or can even enable access for some IPs. XML-RPC on WordPress is actually an API that gives developers who build mobile apps, desktop apps and other services, the ability to talk to a WordPress site. The XML-RPC API that WordPress provides gives developers, a way to write applications (for you) that can do many of the things that you can do when logged into WordPress via the web interface.
Block XML-RPC by following way.
/wp-content/plugins/
directory, or install the plugin through the WordPress plugins screen directly.Yes, it’s preferable to take a backup of existing .htaccess file.
You can copy and paste new rule in your .htaccess file from plugin setting page.