Deny xmlrpc.php file but don't log the failed requests
RewriteRule ^(xmlrpc\.php) - [F,L,NC]
Using the [F] flag causes the server to return a 403 Forbidden status code to the client.
The [L] flag causes mod_rewrite to stop processing the rule set.
Use of the [NC] flag causes the RewriteRule to be matched in a case-insensitive manner.
For more infos:
You probably know beter as I can see your over 19k reputation :)xmlrpc is false as default in wp and not recomended to open global.you should have something like this in.htaccess
or in functions.php
add_filter('xmlrpc_enabled', '__return_false')
rpc is disabled.
if not ? then add it to your functions.php
it will solve your problem.if didnt solve then use a plugin
To deny from all its beter to do it with a plugin like instead manuel Manage XML-RPC.
İf you want to allow only for your self.Check if you dont have rpc false in your .htaccess
and add the code below to enable only for your ip.
<Files xmlrpc.php> order deny,allow deny from all allow from 10.123.456.000 //Replace with your ip</Files>
Or allow only from GET,PROPFIND,POST,OPTIONS,PUT,HEAD[403]
RewriteCond %{REQUEST_METHOD} !^(GET|HEAD|POST|PROPFIND|OPTIONS|PUT)$ [NC]RewriteRule .? - [F,NS,L]
if you want to allow rpc then go here and follow the steps:https://www.wikihow.com/Enable-XML-RPC-in-WordPress