I had quite a few XML-RPC attacks in a short space of time so installed Jetpack.
That didn't stop the attacks so I used the code a2enconf block-xmlrpc but now I can't get my website's theme to update.
How can I disable the code I used but still keep my site protected?
You can disable it by running a2disconf block-xmlrpc.
When you install theme you can enable it again by executing a2enconf block-xmlrpc.
Keep in mind this will unprotect your site in time installing.
Other way would be installing theme manually.
You can download theme on your local PC, or directly on server.
Unpack if it is in archive.
Copy all content to wp-content/themes.
When you finish, go to admin panel and activate it in themes.
This method doesn't require disabling block-xmlrpc and would be best for you.
Edits: formating, rewording