Defending WordPress from XML-RPC brute force attacks

Over the course of the last year a tremendous remote brute force (password guessing) attack campaign has been waged against web sites built with the popular blogging platform WordPress. Until recently the primary attack vector utilized by those waging this attack had been crafted requests to the wp-login.php script, however a new pattern has recently emerged.