2. Check xmlrpc.php access log from domlogs and deny access using the following script in .htaccess,
=--=-=-=-==-=-
root@server [/home]# cat .htaccess
<Files xmlrpc.php>
Order Deny,Allow
Deny from all
</Files>
=-=-=-=-=--=-=
3. You can get the acces log IP from the below script,
--=-=-=-=-==-=-=-=-
grep -r "xx/Aug/2014" /usr/local/apache/domlogs/ | grep "xmlrpc.php" | awk '{ print $1 }' | cut -d : -f2 | sort | uniq -c | sort -n > /root/testwp
=-=--==-=-=-=-=-=-=-
4. Deny IPs from the above script using csf.
5. You can deny "xmlrpc.php" web access using mod_security,
-=--==--=-=-=-=-=-=
SecRule REQUEST_URI "/xmlrpc.php" nolog,allow
-==--=-=-=-=-=-=-==-
6. Tried to turn off xmlrpc.php by adding the below entries to wp-config.php
--=--==--=-=-=-=-=-=
add_filter('xmlrpc_enabled', '__return_false');
=--=-=-=-=-=-=-=-=-=-=