This snippet disables XML-RPC functionality in WordPress to prevent common attack vectors such as brute-force login attempts and pingback attacks. Recommended for sites that do not rely on XML-RPC (e.g., mobile app publishing or remote posting tools).
/**
* Disable XML-RPC completely
*/
add_filter( 'xmlrpc_enabled', '__return_false' );