XML-RPC is a remote procedure call protocol that relies on Extensible Markup Language (XML) for call encoding and on HTTP for transporting.
Daniel Cid, CTO at Sucuri, a company that offers services for preserving the integrity of a website, says that this type of attacks have increased lately, because using XML-RPC works faster and the attempts are more difficult to detect.
Starting July 4, Sucuri has seen that attacks leveraging these parameters have become more frequent. The numbers are impressive, with a ten-fold increase since the beginning of the month: two million attempts originating from 17,000 different IP addresses.
Cid reports:- 200,000 attempts in some days.
Daniel Cid mentions other forms of protection, such as WordPress plugins, but it seems that during his tests none of the tried ones managed to offer protection against XML-RPC calls.