In WordPress, there are several ways to authenticate, or sign in to, your website. The two most common ways to authenticate are using the standard login page located at wp-login.php, and by using XMLRPC.
The XMLRPC method is usually used by applications like mobile apps to authenticate before you are able to perform privileged actions on the site
This article describe how the adversary exploit the WordPress login page and mobile login page (XMLRPC)