At the root of your WordPress website is a file named
xmlrpc.php that has the power to control content publishing to your website from anywhere on the internet.
If you publish live content to your website from remote locations you may need it.. so scramble the name.
If you don’t, you can disallow access to it altogether and if you ever need it, enable it at that time.
It’s just spam bait and I know they will never get in but it bothers me when I get thousands of hits on it.. the server could be doing better things.
If you want to test it out, look at your stats.. you will see hits (maybe lots) on it.
Add this at the beginning of your
<Files xmlrpc.php> order deny,allow deny from all # If you want to allow only your own IP #allow from xxx.xxx.xxx.xxx </Files>
Remove the second ‘#’ and replace xxx.xxx.xxx with your own IP for exclusive access.
I’ve been watching traffic closely and it doesn’t cut out the crap but just shaves off another layer.