Hi @tt22tt, thanks for reaching out to us.
Just out of interest, was that a search for your specific URL, or a listed WordPress disclosure dated recently? I just can’t find the direct reference myself.
Wordfence will block repeated attempts to utilise features such as wp-json and XML-RPC as part of either known rules/signatures in the firewall updates that come from our servers or the brute force blocking settings you have configured.
You can find all of the brute force login protection rules in the Wordfence > All Options > Brute Force Protection page. All options are described here:
https://www.wordfence.com/help/firewall/brute-force/
If you start to notice a lot of attempts in your Live Traffic, you can also put manual blocks in place as you see fit, but generally you shouldn’t need to do too much time-consuming management of this nature – if any.
Thanks,
Peter.
