Did they actually tell you it was infected? You’ll need to replace that file then. If it was really infected though I’d have thought your web host would have quarantined that file, replaced it, or else fixed it for you.
They may have mentioned XML-RPC as a potential security problem if you don’t need it though. According to some of the core team members, it’s no more a security threat than any other core feature in WordPress.
Anyway, here’s a good discussion on that subject with several suggestions on removing that feature from WordPress if you don’t need it.
https://www.wpbeginner.com/plugins/how-to-disable-xml-rpc-in-wordpress/
I hope this helps and after you disable it and find you don’t need it for sure you can probably remove it but do know that a future WordPress update might put that file back.
There is no “wp-xmlrpc.php” file in WordPress.
There is a file named “xmlrpc.php” which should not be deleted, as it is part of WordPress. However, if it has been modified, then you should replace it with a fresh copy from the WordPress zip file.
.htaccess dsoyanızın en alt kısmına
# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from 123.123.123.123
</Files>
bunu kopyala yapıştır yapın 123.123.123.123. yazan yere kendi ip adresinizi yazın
ip adresinizi bilmiyorsanız google’a yazın hemen bulursunuz.
biz aylardan beri saldırganlarla başımız belada bunu uyguladık şuanda bir kişi bile saldırı yapamıyor.