Our app will post content to your website via /xmlrpc.php. However, if that page is currently showing "Page Not Found" or "403 Permission Denied", it means either your web hosting company disables xmlrpc for all of their clients, or your Wordpress security or firewall plugin disabled it.
xmlrpc is enabled by default. But your plugin might have disabled it, so your Wordpress system doesn't allow any external apps to post to your blog.
It's totally secure to just leave xmlrpc enabled. Most Wordpress websites (even the most popular ones) have it enabled. For examples,
http://techcrunch.com/xmlrpc.php, http://www.biztechmagazine.com/xmlrpc.php. They are all showing "XML-RPC server accepts POST requests only.", which means it is ready to accept secure post requests.