How to disable xmlrpc.php via .htaccess

Introduction

Oftentimes, malicious traffic is created by rapidly accessing a xmlrpc.php file, creating a high server load, or causing limits to be reached on the server. Configuring a .htaccess file to disable xmlrpc in a cPanel account can provide better security.

Procedure

1. Log in to the affected cPanel account.
2. Go to File Manager.
3. Access public_html (or your website content's document root).
4. Create a new file and name it .htaccess.
5. Paste the following code into the file:

   # Block WordPress xmlrpc.php requests
   <Files xmlrpc.php>
   order deny,allow
    deny from all
    allow from xxx.xxx.xxx.xxx
   </Files>

   To allow xmlrpc from a particular IP, replace xxx.xxx.xxx.xxx with the IP address.

6. Save and close the file.