Protecting Child Sites From XML-RPC Brute Force Attacks
WordPress in its core has a function called XML-RPC, which a limited number of plugins still use like Jetpack. More plugins used to use it when the only method would have been to use the XML-RPC. Most plugins now use the WordPress REST API to connect to a site to pull data from it, by either read or write access. XML-RPC is still targeted for brute force attacks on WordPress sites. A number of CDNs like Cloudflare and Sucuri will protect XML-RPC by default. Cloudflare even offers an easy way to redirect XML-RPC to the home page of a site