How can I deny access to the file xmlrpc.php to all virtual hosts in my OpenLiteSpeed server?

I am running an OpenLiteSpeed server with CyberPanel on a Linode. I need to block access to the WordPress file xmlrpc.php for all domains, as it is a security concern. I know how to block the file for each domain using .htaccess, but there has got to be an easier way for this to apply to all domains on the server.

Thank you for you help in advance!

Method: Use a global rewrite rule in OpenLiteSpeed config

Step 1: Login to CyberPanel

• Go to Websites > List Websites
• Click Manage on any website to access OpenLiteSpeed WebAdmin Console
• Or directly access WebAdmin Console via:

https://YOUR_SERVER_IP:7080

(default username: admin, password you set)

Step 2: Add a global rewrite rule

1. In WebAdmin Console, go to:

Virtual Hosts > Default Virtual Host (or any common virtual host you want to edit)

2. Click Rewrite tab
3. Add this rule to block xmlrpc.php:

RewriteCond %{REQUEST_URI} ^/xmlrpc\.php$
RewriteRule .* - [F,L]

This tells the server to forbid (403) any request to xmlrpc.php.

Step 3: Apply to all virtual hosts (global level)

• Instead of adding per site, you can edit Server Configuration > Rewrite Rules to apply globally.
• In WebAdmin Console:

Configuration > Server > Rewrite

Add the same rewrite rules there:

RewriteCond %{REQUEST_URI} ^/xmlrpc\.php$
RewriteRule .* - [F,L]

Step 4: Save and restart OpenLiteSpeed

• After saving, go to Actions > Graceful Restart

This will apply the rule globally — blocking access to xmlrpc.php on all sites.

Alternative: Using CyberPanel custom configurations

CyberPanel allows you to add custom configurations at the server level:

• Go to CyberPanel dashboard
• Navigate to Server > Custom Configurations
• Add the rewrite rules above in the Global Rewrite Rules section

Summary