1) Manually block the xmlrpc in the .htaccess file
Here you can deny the access of xmlrpc file from all users. Simply paste the following code in the .htaccess file in the website document root.
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
# END protect xmlrpc.php