To restrict access to your xmlrpc.xml file you need to have access to your .htaccess file. If you are using a host that has cPanel or DirectAdmin, you can easily do this from within there.
If your host does not allow you access to your files directly, you can install a plugin call File Manager. This is an excellent plugin that will allow you access to your files on your hosting account from within WordPress.
Locate your .htaccess file (it’s normally in your /public_html folder). Open the file and add the code below to the bottom of the file
<Files xmlrpc.php> Order Deny,Allow Deny from all </Files>
Now if you wish to allow access to this file you can limit it to certain IP’s but adding the line allow from xxx.xxx.xxx.xxx above the </Files>.