XML-RPC is a remote procedure call protocol that allows anyone to interact with your WordPress website remotely. In other words, it’s a way to manage your site without having to log in manually via the standard wp-login.php page.
It’s widely used by plugins, most famously by Automattic’s own Jetpack plugin. These days, however, the word XML-RPC has gotten a bad name. In this tutorial, we will explain what is WordPress XML-RPC and how to stop an XML-RPC attack on your WordPress website.