See: https://www.hostinger.com/tutorials/xmlrpc-wordpress
What Is Xmlrpc.php in WordPress and Why You Should Disable It
Simply navigate to the Plugins › Add New section from within your WordPress dashboard. Search for Disable XML-RPC and install the plugin .
If you’d want to only turn certain elements of XML-RPC off, but still allow certain plugins and features to work, then use the following plugins instead:
- Stop XML-RPC Attack. This plugin will stop all XML-RPC attacks, but it’ll continue to allow plugins like Jetpack, and other automatic tools and plugins to retain access to the xmlrpc.php file.
- Control XML-RPC Publishing. This allows you to retain control and use over the remote publishing option afforded by xmlrpc.php.