One of the tests in the plugin is for the xmlrpc.php file – this file is usually not needed for most operations in WordPress and external services. One such service that does use the XML-RPC functionality is Jetpack.
In the plugin, there are two suggestions to protecting your website from attacks via this method, and gives you two pieces of code to block access to the file.
One via functions.php and another via .htaccess. If you want to use Jetpack you have to make sure to remove either of these fixes.