To answer your question, you just need to add another files block
<Files xmlrpc.php>
order deny,allow
deny from all
</Files>
but if your server is properly configured you shouldn’t need the code you posted as access to htaccess and htpasswd is blocked by default - as I say, if the server is properly configured.