xmlrpc is enabled in all of our instances (is enabled by default in WP). We probably don't rely on that anywhere in our code and it's safe to disable it. Having this enabled is a target for brute-force attacks.

*Tasks*

• Investigate if disabling it has any side effects.
• Disable it preferably through code (not plugin, but maybe check its code).

Copied to Github