6. Block on entire server
If you have one server or VPS with tens of hundreds of WordPress installations (like me) any of the solutions above will take time to implement. So the best thing to do is to block access to xmlrpc.php file on Apache level, simply by adding this to httpd.conf file:
Code:
[TABLE]
[TR]
[TD="class: code"]<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
Deny from all
</FilesMatch>
[/TD]
[/TR]
[/TABLE]
Or even better adding this code (that also blocks wp-trackback.php and also prevent’s trackback hacking attempts).
Code:
<FilesMatch "^(xmlrpc\.php|wp-trackback\.php)">
Order Deny,Allow
Deny from all
</FilesMatch>