How to mitigate wordpress-xml-rpc-attacks?
An attacker will try to access your site using xmlrpc.php by using various username and password combinations. They can effectively use a single command to test hundreds of different passwords. This feature in xmlrpc.php gives hackers a nearly endless supply of IP addresses to distribute a DDoS attack over.
Manually block xmlrpc in webserver document root.
—————-
For Apache paste the code in the configuration file.
<VirtualHost>
<files xmlrpc.php>
order allow,deny
deny from all
</files>
</VirtualHost>