So there is a new Security Advisory for Drupal, with XMLRPC.

If you have a ton of sites, it’s going to be a pain in the ass to update.

Just block the file if you aren’t doing anything with this (chances are you aren’t).

Add this to all your virtualhosts server block, then reload nginx.

 location ~ /xmlrpc.php {
 deny all;
 }