Disable WordPress XML-RPC
Attacks on xmlrpc.php are common. Not many websites actually use the XMLRPC functionality so one simple way of avoiding these attacks was to simply delete the xmlrpc.php file. However the file is restored every time you update WordPress, so this isn’t a very good solution.