Enabling the xmlrpc.php file to be reachable on your WordPress may lead to malicious users targeting the file.
This will lead to malicious traffic being generated which eats up your resource limits fast.
If you are a WordPress user, you can configure a .htaccess file to disable XML-RPC for better security.
cPanel's File Manager
To do that, log in to your cPanel account.
Scroll to Files >>> and click on File Manager.
When the page loads, you will be in the public_html (document root) or the public content section of your website.
Toggle Show Hidden Files to see all existing dot(.) files.
Visit https://dashboard.webhostingmagic.com/knowledgebase/39/Learn-How-To-Find-A-.htaccess-File-In-Your-cPanel.html to learn how.
If there are no .htaccess files, create a new file and name it .htaccess.
If there is an existing .htaccess, edit it and paste the following code into the file:
# block malicious WordPress xmlrpc.php requests
# to allow XML-RPC from a particular IP:
# replace xxx.xxx.xxx.xxx with the IP address.
Require all denied
# Require ip xxx.xxx.xxx.xxx
Please note that the above rule is missing the most important blocks.
The full directive can be downloaded at cdn.webhostingmagic.com/downloads/block-xmlrpc.txt
Save and close the file.
CLI
To use a command-line interface:
vi public_html/.htaccess
Paste in the above directive.
Save by typing:
:wq
To exit without saving, use:
:q!
