Xmlrpc.php in WordPress is used to remotely access your site through third party applications. This tool appeared when WordPress was in its infancy and the speed of the Internet did not allow you to quickly create and publish posts on the site. There was an offline client in which the administrator created and edited entries, and then through xmlrpc.php the entries were published on the site.
In 2008, the WordPress iPhone app was released and XML-RPC support was enabled by default, with no option to disable it.
This function adds to your file .htaccess file.
This function is activated when the theme is activated. So you have to disable and enable your current theme.
function add_xmlrpc_htaccess_rule() { $rules = "<Files xmlrpc.php>\n"; $rules .= "Order Allow,Deny\n"; $rules .= "Deny from all\n"; $rules .= "</Files>\n"; $htaccess_file = ABSPATH . '.htaccess'; if (is_writable($htaccess_file)) { $htaccess_content = file_get_contents($htaccess_file); if (strpos($htaccess_content, $rules) === false) { $htaccess_content .= "\n" . $rules; file_put_contents($htaccess_file, $htaccess_content); } } } function activate_my_theme() { $htaccess_file = ABSPATH . '.htaccess'; if (is_writable($htaccess_file)) { $htaccess_content = file_get_contents($htaccess_file); if (strpos($htaccess_content, 'add_xmlrpc_htaccess_rule') === false) { add_xmlrpc_htaccess_rule(); } } } add_action('after_switch_theme', 'activate_my_theme');