Add the following filter to the theme’s functions.php file to disable XML-RPC at the application layer:
// Disable XML-RPC
add_filter( 'xmlrpc_enabled', '__return_false' );This method does not prevent HTTP requests to xmlrpc.php from reaching the server. For environments where XML-RPC is not required, a more robust mitigation is to block access at the web server level.
