server crash due to ddos attack xmlrpc.php

Hello, I have a problem with a DDOS attack carried out on the xmlrpc.hph files of my host. We have detected that the host has a high CPU consumption, checking the load indicates that there are many processes of the type: /opt/cpanel/ea-php74/root/usr/bin/php-cgi /home/DOMAIN.LTD/public_html /index.php and in the apache status it indicates many requests of the type: http/1.1 subdomain.domain.ltd:443 POST /xmlrpc.php HTTP/1.1 This happens to me if I have port 80 open, since if I only leave port 443 open, the server consumes little cpu or an acceptable pcu again. We have assumed that it is a security problem in the wordpress xmlrpc.php file and we have taken the following measures: in apache in the configuration directory we have created a configuration file to prevent the loading of the file if requested inside /etc/apache2/conf.d I have created the file xmlrpc.conf with the following code: Require all denied I have also created my own configuration according to cpanel instructions: