XML-RPC was a solid solution for some of us, till the day when problems occurred due to remote publishing
to a WordPress site. However, with wp_xmlrpc, just because the XML-RPC specification was developed
before WordPress was even created, came some security holes that ended up being pretty nasty
for some WordPress site owners.
One Way or another, there are always ways trying to avoid getting on this trail,
use plugins, or some code, which means you are going to disable that features (wp_xmlrpc) entirely.
When you’re on that golden road, that you need some features, you should use the work around plugIns
available for these features.
Getting more sleep and less headaches, the way we handle it here, is adding some code to .htaccess.
(be aware and knwo what you are doing, we don’t care, and we are not to blame if somehing goes wrong)
# ---- Block WordPress xmlrpc.php requests ----
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
# ---------------------------------------------
This will disable wp_xmlrpc, and answer requests with 403.