I am from time to time still reciving this attacks (WP 4.0)
=> “1.0”?>wp.getUsersBlogs admin “some password”
one somekind of solution is to add this code in funcions.php
<php
function Remove_Unneeded_XMLRPC( $methods ) {
unset( $methods['wp.getUsersBlogs'] );
return $methods;
}
add_filter( 'xmlrpc_methods', 'Remove_Unneeded_XMLRPC' );