XMLRPC exposes WordPress websites to potential hacks, so if you don’t specifically use it, your website is more safe if it’s turned off.
Starting May 1, 2025 access to xmlrpc is no longer accessible for WordPress. If you happen to be one of the few users that uses xmlrpc, please contact us for an exception. For the other 99% your website(s) will be more safe.