XMLRPC is a protocol that is enabled by default in WordPress. However, since version 3.5 the option to disable this function was removed from the WordPress backend. Since this protocol is prone to attacks, which can be used to try several hundreds of username and password combinations in one single request, it’s paramount to disable this.

You could do this through a plugin, but a more efficient way would be to add following RewriteRule to your .htaccess:

RewriteRule ^xmlrpc.php$ "" [R=301,L]