It's a good idea to turn off XML-RPC in WordPress. It's mostly abused by botnets and irresponsible people.
The easiest thing is to install a plugin called Disable XML-RPC. That's it.
The next step is to change the configuration in the .htaccess file in your web file. All you have to do is add (if it doesn't already exist) the following code to your .htaccess file.
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all </Files>