xmlrpc.php is part of wordpress. It is used for some API. This is used by hackers to bruteforce WordPress installations, that can cause high server load and slow server performance.
On cpanel server, to prevent xmlrpc.php attack go to
WHM > Service Configuration > Apache Configuration > Include Editor
click on “Pre Main Include”, then select your apache version.
On text box below, paste
RedirectMatch 301 /xmlrpc.php http://127.0.0.1/
All request to xmprpc.php will be blocked.