Create the configuration file:
1 | touch /etc/apache2/conf-available/block-wp-xmlrpc .conf
|
Fill it with the following contents:
1 2 3 4 5 6 | < Directory /home/*/public_html/*/>
< files xmlrpc.php>
order allow,deny
deny from all
</ files >
</ Directory >
|
And then enable it:
1 2 | a2enconf block-wp-xmlrpc.conf
service apache2 reload
|
When looking for advise on hardening your WordPress sites many blogs recommend adding the following in a .htaccess file in each sites upload folder:
1 2 3 | < Files *.php>
Deny from All
</ Files >
|
For those of us with a large amount of WordPress Sites, this is obviously labor prohibitive. If you have a regularized folder structure you may be able to do something like this:
1 2 3 4 5 6 | < Directory /home/*/public_html/*/wp-content/uploads>
< FilesMatch "\.(php|php\.)$" >
Order Allow,Deny
Deny from all
</ FilesMatch >
</ Directory >
|
And put it into a Apache configuration file as such:

And then enable it:
1 | a2enconf block-wp-uploads-php.conf
|
Geek. Mac Cultist. IT Guru.