XML-RPC is a remote procedure call (RPC) protocol used by WordPress that can potentially be used to launch brute-force attacks and other malicious activities. For example, if your site is experiencing unrecognised login attempts through xmlrpc.php, you might want to disable the functionality completely. Luckily it’s just one line of code!
add_filter( 'xmlrpc_enabled', '__return_false' );This code filters the xmlrpc_enabled hook and returns false, which disables XML-RPC functionality in WordPress. Once you have added this code to your functions.php file, XML-RPC will be disabled on your website. Please note that this will break REST API functionality.