In March there was a DDOS attack that used many (160,000) wordpress sites to flood other websites.  This was done because wordpress now has xml-rpc on by define. It is possible to turn off xml-rpc using a plugin. http://wordpress.org/plugins/remove-xmlrpc-pingback-ping/ This adds a filter without the