Is it safe to deny requests to wp-cron.php?

[ad_1]

Hey everyone!

I wanted to discuss a common practice I follow in managing WP-Cron with WP-CLI and disabling the default WordPress cron from wp-config.php. However, I have concerns about the wp-cron.php file being potentially vulnerable to attacks. To address this, I’ve been contemplating denying requests to wp-cron.php entirely from NGINX. Is there any downside to this approach? I’d appreciate your insights!

[ad_2]
1 Comment

  1. >*To address this, I’ve been contemplating denying requests to wp-cron.php entirely from NGINX. Is there any downside to this approach?*

    Yes, all the WP triggered cron jobs will fail. WP uses cron to check for things like Core, theme and plugin updates, scheduling publishing posts, cleaning up tasks, etc

    [https://developer.wordpress.org/plugins/cron/])

    (if you want to see your cron jobs, install something like

    It would be better to deny requests to wp-cron from outside your web server i.e. only allow your web server IP and 127.0.01 and you should be ok. I haven’t done this so can’t guarantee it will work.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer