XML-RPC is an old API used for remote access. Today, it’s mostly a target for hackers to try thousands of password combinations in a single request.
How to Disable: Paste this into your .htaccess file:
Order Deny,Allow Deny from all
This simple block reduces server load and significantly hardens your security wall.