Create the configuration file:
touch /etc/apache2/conf-available/block-wp-xmlrpc.conf
Fill it with the following contents:
<Directory /home/*/public_html/*/>
<files xmlrpc.php>
order allow,deny
deny from all
</files>
</Directory>
And then enable it:
a2enconf block-wp-xmlrpc.conf service apache2 reload
When looking for advise on hardening your WordPress sites many blogs recommend adding the following in a .htaccess file in each sites upload folder:
<Files *.php> Deny from All </Files>
For those of us with a large amount of WordPress Sites, this is obviously labor prohibitive. If you have a regularized folder structure you may be able to do something like this:
<Directory /home/*/public_html/*/wp-content/uploads> <FilesMatch "\.(php|php\.)$"> Order Allow,Deny Deny from all </FilesMatch> </Directory>
And put it into a Apache configuration file as such:
And then enable it:
a2enconf block-wp-uploads-php.conf