By default, this feature is enabled in all Wordpress installs, and isn't quite easy to turn off. Add the following API filter to Wordpress:
add_filter( ‘xmlrpc_methods’, function( $methods ) {
unset( $methods['pingback.ping'] ); return $methods;} );
Removing xmlrpc.php is not recommended as it will breack a number of other features that will use the API.
