It's true that most of the POST type accesses are likely miscreants trying to suborn your site -- they try to leverage WordPress/Drupal/Joomla CMS vulnerabilities on older versions/plugins to achieve an access point. I don't run those CMS on my site, so the POST attempts just get 404-not found and there's no need to block them.. their attempts don't work. Since the attempts come from a wide range of IP addresses, it's a whack-a-mole game that I don't want to play.
The majority of my scripts will use GET mode (on URL arguments) -- the contact form is the exception.. it uses POST mode.
I have found that stringent software blocks like ZB-Block or others can lead to slow site response and false-positives to deal with. If you are running a site that has no software that allows user upload and you have allow_url_include = no; that your site is likely secure enough against what the miscreants throw against it via either GET or POST mode URLs. If you're on a shared server, you are far more likely to be hacked by sitemates who have sloppier security practices or a non-mainstream hoster with poorly configured inter-user file permissions.