Since WordPress 3.5 xmlrpc is enabled by default without the possibility to disable it from the admin dashboard.
Recently there was a post published in Sucuri’s Blog about Brute Force Amplification Attacks Against WordPress XMLRPC, recommending to turn off the XMLRPC in our WordPress installations.
You are able to turn off the XMLRPC via a filter hook
But I would say the best way to do this is blocking the requests from the .htaccess file before the actual requests get to WordPress.
In order to let plugins that use xmlrpc ( if you have any installed ) continue to do so you may deny all access except the IP you need it to access.
# Block WordPress xmlrpc.php requests <Files xmlrpc.php> order deny,allow deny from all allow from ( hosting IP ) </Files>