Some possible vulnerabilities have been found in several versions of Wordpress, even very recent ones, which allow an attacker to use the xmlrpc service to obtain administrative access to the site. The xmlrcpc functionality is natively present in wordpress, therefore we suggest to proceed as follows:
- update wordpress and all plugins (and keep them updated) to the latest version available
- remove any unused plugins
- use only strong passwords, alphanumeric, long and with special characters
- disable the xmlrpc service through the plugin "All In One WP Security & Firewall", which supports several other tools to increase the security of your wordpress site.