XML-RPC is a protocol that allows for communication between WordPress and other systems. It allows for remote publishing and editing capabilities without having to log in to the WordPress back-end. XML-RPC support has been included in WordPress since early versions of the software, and it is still available in current WordPress versions.
There are some plugins that still require you to have XML-RPC enabled, a common example is the JetPack plugin. While JetPack’s functionality does not strictly depend on XML-RPC (and it uses the protocol securely), it still checks for it’s availability, and displays a warning when it has been disabled.
If your WordPress site does not rely on XML-RPC, it is typically recommended to disable it to reduce your risk surface. Attackers could abuse the XML-RPC interface to facilitate mass brute-force login attempts, and the pingback.ping method has been used in distributed DDoS attacks. Really Simple Security Pro allows you to either block the XML-RPC protocol entirely, or to create a tailored policy that only allows specific XML-RPC requests.
The WordPress REST API provides a more modern, flexible, and secure method for plugins and applications to communicate with WordPress.