How to mitigate wordpress-xml-rpc-attacks?

An attacker will try to access your site using xmlrpc.php by using various username and password combinations. They can effectively use a single command to test hundreds of different passwords. This feature in xmlrpc.php gives hackers a nearly endless supply of IP addresses to distribute a DDoS attack over.

Manually block xmlrpc in webserver document root.
—————-

For Apache paste the code in the configuration file.

<VirtualHost>

<files xmlrpc.php>

order allow,deny

deny from all

</files>

</VirtualHost>