What is xmlrpc.php and what does it do?
The WordPress system comes with an XML-RPC protocol that allows external software to use WordPress services to publish posts, save copies, advanced editing options, publish to multiple blogs simultaneously, and more. All under a convenient and fast interface. These options pose a security risk because they open the door to receiving external information without interruption.Starting with WordPress version 3.5, this function is enabled by default, and there is no way to disable it through the WordPress management interface. However, you can edit files through the website storage management interface to disable it.
Do I need it?
Probably not. Most users do not need xmlrpc.php, and most people prefer the visual interface that comes with WordPress. However, sites such as Blogger and mobile programming for WordPress need the protocol.
Disabling xmlrpc.php from the .htaccess file
Let's say we want to allow access only from the IP address 123.123.123.123 and block all others. In order to block all requests to the xml-rpc.php file except for the IP we specify, enter these lines in the .htaccess file:
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from 123.123.123.123 </Files>