By default, XML-RPC is enabled in WordPress. It is very useful if you are using Open Live Writer or any mobile app to connect your site. But in many cases, XML-RPC can be the cause of brute-force attack. So you need to disable XML-RPC to protect your site from hackers.
Read More