Disable XML-RPC

[thetwopct]

As discussed, I think XML-RPC is still enabled, just not referenced in the header.

From WP Scan:

[+] XML-RPC seems to be enabled: https://www.cncf.io/wp/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/ | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[cjyabraham]

deployed. https://www.cncf.io/wp/xmlrpc.php now produces a 403.