<LocationMatch "wp-cron\.php$">
<IfModule mod_authz_core.c>
Require local
</IfModule>
<IfModule !mod_authz_core.c>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</IfModule>
</LocationMatch>
# Block WordPress xmlrpc.php Globally
<FilesMatch "xmlrpc\.php">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</FilesMatch>
# Block WordPress User Enumeration & Trackbacks to reduce Server Overhead
<IfModule mod_rewrite.c>
RewriteEngine On
# Block Author Scanning
RewriteCond %{QUERY_STRING} ^author=([0-7]|[9]|0[0-9]|1[0-9]) [NC]
RewriteRule .* - [F]
# Block Trackbacks
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)/wp-trackback\.php [NC]
RewriteRule .* - [F]
</IfModule>