Wordfence has posted a well written blog post that describes the XML-RPC API and how disabling it will affect your WordPress hosted web site.
Recent improvements to WordPress and Wordfence’s blocking tools have lessened the need to disable the API.
Here is the blog post: https://www.wordfence.com/blog/2015/10/should-you-disable-xml-rpc-on-wordpress/
Wordfence is one of the most effective plugins to manage security for WordPress powered web sites. Learn more about it here: https://www.wordfence.com/