In WordPress the XML-RPC protocol is used to add additional functionality to WordPress.
Starting with WordPress 3.5 you can't disable xmlrpc.php requests by default.
Should I leave WordPress XML-RPC alone?
Most WordPress users don't need the XML-RPC functionality for their site. If you've been getting a lot of POST attempts to the WordPress xmlrpc.php file it's generally best to restrict access to this file to only certains services that might need it.
These services include the WordPress mobile app as well as Blogger.
Limit access to WordPres xmlrpc.php with .htaccess
You can easily limit access to your WordPress xmlrpc.php file with these .htaccess rules:
# Block WordPress xmlrpc.php requests
deny from all
allow from 18.104.22.168
If you wanted to outright block all access to the xmlrpc.php script, just don't add the allow line above with the IP address that has access.