Is XML-RPC still a security risk?
Is XML-RPC still a security risk?
Should it always be disabled if there is no use case for it?
Let's say starting at WP Version 5.9.1.
yes it is a security risk. Should it be disabled? most likely. Is it a OMG BBQ type of emergency? no.
If you have strong passwords for your accounts, it is not more of a security risk than the login form. It is a pointless security risk in the sense that it provides an additional attack vector and it code is probably not well maintained.
About
Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.