<FilesMatch "xmlrpc\.php$">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
</FilesMatch>

# BEGIN LSCACHE
## LITESPEED WP CACHE PLUGIN - Do not edit the contents of this block! ##
<IfModule LiteSpeed>
RewriteEngine on
CacheLookup on
RewriteRule .* - [E=Cache-Control:no-autoflush]
RewriteRule litespeed/debug/.*\.log$ - [F,L]
RewriteRule \.litespeed_conf\.dat - [F,L]
RewriteRule ^xmlrpc\.php$ - [F,L]


Function.php

// Disable XML-RPC functionality
add_filter('xmlrpc_enabled', '__return_false');

// Disable X-Pingback HTTP Header
add_filter('wp_headers', function($headers) {
    unset($headers['X-Pingback']);
    return $headers;
});

// Disable XML-RPC methods from being accessible
add_filter('xmlrpc_methods', function($methods) {
    return [];
});

// Prevent direct access to xmlrpc.php
add_action('init', function() {
    if (isset($_SERVER['REQUEST_URI']) && strpos($_SERVER['REQUEST_URI'], 'xmlrpc.php') !== false) {
        wp_die('Access denied', 'Error', ['response' => 403]);
    }
});