In WordPress xmlrpc.php file enabled by default. Jetpack use this file to track visitors stats. So it may less your blog security by xmlrpc ddos attack. You have to be aware about this problem. If you go to yourdomain.com/xmlrpc.com it will show you a default message: XML-RPC server accepts POST requests only. It means xmlrps.php is enabled default on your server.
Hackers can easily push any scripts to your site by using this file. They can get your password by xmlrpc DDoS attacks and may harm your website.
So you have to turn off this file you will not have any harm if you turn off this file. So it will better to turn off this file on your server. So you have to do it on .htaccess on your root folder.
Go to .htaccess and edit the file and paste the code below on the bottom of your file.
#BEGIN protect xmlrpc.php
deny from all
#END protect xmlrpc.php
Now save the file and browse this file by yourdomain.com/xmlrpc.php. Hope you will see a message about 404 Error. It means your xmlrpc.php file is disabled. Sometimes you may see a page that contain server request error.
Now you have to protect .htaccess file, to protect this file you have to paste the below code bottom on your file.
deny from all
Now go to your WordPress Dashboard>Settings>Discussion Now uncheck two item in default article settings. Hope you are safe now.
These will help you to protect your WordPress site security, so do it before anyone attack to your site.