What is this file xmlrpc.php wordfence picks up

This also must be dodgy file they are trying to login to ?

/ALFA_DATA/alfacgiapi/

Hello @kristinubute and thanks for reaching out to us!

XMLRPC.php is a file in the WordPress core that allows remote communication with a WordPress site.

The brute force login attack prevention rules protect against login attacks to the XML-RPC interface in the same way as they protect the login page:

https://www.wordfence.com/help/firewall/brute-force/

Suppose you don’t use the XML-RPC interface to log in to your site, using the WordPress application on a smartphone or tablet for example. In that case, you can disable access using the option Disable XML-RPC authentication on the Login Security >> Settings page.

Thanks!

Should I be blocking the IP address of some dodgy person or bot if that is blocked, as I assume the auto brute block is either for a certain period of time OR totally blocked permanently ?

Also Wordfence is finding wp-admin/error_log and wp-content/error-log etc, these are not part of wordpress core, but I assume they occur when the functionality of some wordpress sections are not working causing the error log. Therefore could this be a sign of a compromised site if there is an error log meaning something is causing an issue somewhere in that directory ?

Please advise so I can understand further.

Should I just download and read (after I have updated all plugins and removed any dodgy files) and then DELETE these error logs so that I can do a fresh scan so they don’t keep getting picked up as possible issues ? As they are not part of core wordpress anyway … the logs arrive when there are issues to help pinpoint fixing issues yes ? So I can remove them?