This is still a problem even with the latest version of wordpress (3.9.2) and all plugins up to date (I do not use very many).
I mitigated the problem server side, but my xmlrpc.php was getting hit by thousands of ip .
The people behind the exploit are moderately sophisticated and can adapt to many security measures.
