Due to a security issue in earlier versions of WordPress that allowed posting from xmlrpc.php, bots scan remote servers for the vulnerability which can cause high loads.
You can enter the following code to your .htaccess file which will block access to that file and keep them bots from wasting your accounts resources:
<Files "xmlrpc.php">
Order Allow,Deny
deny from all
</Files>