XMLRPC or WP-Login: Which do Brute Force Attackers Prefer

Wordfence blog has an article discussing common attack methods in brute-forcing WordPress login attempts:

https://www.wordfence.com/blog/2017/01/xmlrpc-wp-login-brute-force/