XMLRPC is used by external blogging clients (like MarsEdit) to write your content locally and then push it to the WP site. I'm 99% sure we don't allow this and should just block access to XMLRPC. We're seeing it probed today on ADA Pacific in some attempt to hack the site.

I'm not worried, but we could stop the calls from being handled by WP at all and rejected at the server level with an adjustment to our .htaccess rules. The code below blocks everyone but the specifically allowed IP address. I don't think we need to allow anything though.

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
 deny from all
allow from 123.123.123.123
</Files>

Deployed
Composer: https://github.com/proudcity/wp-proudcity/releases/tag/2024.04.04.0737
Build: https://github.com/proudcity/proud-recipes/releases/tag/2024.04.04.0737