XML-RPC on WordPress is actually an API or “application program interface“. It gives content creators the ability to talk to your WordPress site from another source or platform. Typical actions that you can perform without actually logging into your site include:
- Publish a post
- Edit a post
- Delete a post.
- Upload a new file (e.g. an image for a post)
- Get a list of comments
- Edit comments
Disabling xmlrpc.php also disables these features, so its definitely important to weigh the benefits for yourself.
How do I disable xmlrpc?