Question posted in 
I added this to .htaccess of a WordPress site:
<files xmlrpc.php>
order allow,deny
deny from all
</files>
It works, when someone tries to access http://example.com/xmlrpc.php, this message is displayed:
Forbidden
You don’t have permission to access /xmlrpc.php on this server.
But still, the log displays (less /var/log/apache2/error.log):
[Thu May 02 10:02:03.316061 2019] [access_compat:error] [pid 19467]
[client 1.2.3.4:49409] AH01797: client denied by server
configuration: /path/to/xmlrpc.php
How to deny access to xmlrpc.php (possibly from .htaccess) but prevent it to appear in the Apache logs?
2
Answers
Using the [F] flag causes the server to return a 403 Forbidden status code to the client.
The [L] flag causes mod_rewrite to stop processing the rule set.
Use of the [NC] flag causes the RewriteRule to be matched in a case-insensitive manner.
For more infos:
https://httpd.apache.org/docs/2.4/rewrite/flags.html
You probably know beter as I can see your over 19k reputation 🙂
xmlrpc is false as default in wp and not recomended to open global.
you should have something like this in
.htaccessor infunctions.phpadd_filter('xmlrpc_enabled', '__return_false')rpc is disabled.if not ? then add it to your
functions.phpit will solve your problem.if didnt solve then use a plugin
To deny from all its beter to do it with a plugin like instead manuel Manage XML-RPC.
İf you want to allow only for your self.
Check if you dont have rpc false in your
.htaccessand add the code below to enable only for your ip.Or allow only from GET,PROPFIND,POST,OPTIONS,PUT,HEAD[403]
if you want to allow rpc then go here and follow the steps:
https://www.wikihow.com/Enable-XML-RPC-in-WordPress