High load caused by xmlrpc.php seems to be a known issue that can occur on a WordPress site:
Some sites during attack become inaccessible or get broken and show Too Many Redirects error.
A quick fix is to add this to .htaccess :
RewriteRule ^xmlrpc\.php$ “http\:\/\/0\.0\.0\.0\/” [R=301,L]
Or just delete / disable file (set permissions 000).
More details about XMLRPC :
If you need XMLRPC you can use these to filter requests: