XML-RPC

 XML-RPC  is an outdated and verbose use of XML over HTTP to make API calls, sometimes errantly used as a synonym of MetaWeblog API (the most well known example thereof), that enables and implicitly encourages using your actual username and password (instead of OAuth) with client software, thus overprivileging that software, as well as possibly transmitting your password in the clear over HTTP.

WordPress XML-RPC
If you have any experience with these methods, please add it here!


 * There is a plugin Disable XML-RPC
 * Or follow these instructions: http://wordpress.stackexchange.com/a/219666

Verbose
“XML-RPC does not add any value over XML … 4 times the number of bytes compared to plain XML to encode the same objects, which is itself verbose compared to JSON.” More:
 * https://en.wikipedia.org/wiki/XML-RPC#Criticism

Encourages Password Antipattern
XML-RPC depends on the user’s username and password being entered into every third party XML-RPC client software to send to the XML-PRC server, an example of the password antipattern.

Even for just this reason, XML-RPC is to be avoided by both client and server software, and OAuth based protocols (e.g. Micropub) should be used instead.

Encourages passwords over HTTP
Even if both client and server are from the same manufacturer / project, because XML-PRC depends on username and password being transmitted, possibly in the clear (i.e. over HTTP not HTTPS), it makes the user vulnerable to network traffic sniffing, and thus use of XML-RPC apps creates a likely security risk for users.