It looks like we can deny access to the XMLRPC file by adding some code to our .htaccess files, but doing that affects pingbacks. I guess it is the cost of being secure.
Deny from all
New Brute Force Attacks Exploiting XMLRPC in WordPress
Brute force attacks against WordPress have always been very common. In fact, Brute Force attacks against any CMS these days is a common occurrence, what is alwa
Google+: View post on Google+