Currently, Website Log Checker flags rejectred access to xmlrpc.php as issues of "Modsecurity: access denied with access code 403" kinds of errors. Additionally, the requests to xmlrpc.php is being blocked by WP Toolkit security measure "restrict access to xmlrpc.php"

ModSecurity protects website by detecting and blocking dangerous requests. If ModSecurity rules are disabled, the extra layer of protection is lost.

Relying only on WP Toolkit to block access is risky. If I forget to set it up, my site could be left vulnerable. ModSecurity is reliable, and I woouldn’t remove it just to clean up logs.

My Suggestion: Adjust the Website Log Checker
Instead of disabling the rules, I recommend tweaking the Website Log Checker to ignore these specific "errors."
Security Stays Strong: ModSecurity keeps running and protecting all sites as it should.

The Log Checker stops flagging these blocked requests as errors, so the logs stay clear and focused on real problems.

This is the way to not compromising security; by just filtering out unnecessary alerts.

Disabling ModSecurity rules might seem like a quick fix, but it’s insecure—especially since you’d have to manually ensure WP Toolkit is always configured correctly. Adjusting the Website Log Checker is a smarter, safer way to handle this.