How to block wp-cron.php HTTP requests via Apache or CSF
Hi Team,
As wp-cron.php is a known performance issue and loop hole on WP platform. I have several servers and want to implement a blanket protection rule to stop wp-cron.php being accessed externally. Yes I am aware you can disable wp-cron.php in /wp-config.php with directive and also implement a manual cron job in cpanel. However this would require doing so to over 300 websites manually etc etc.
Example I had another issue with .git folders being publicly exposed and was able to keep "git working" just fine for developers but BLOCK access to the folder world wide externally, as well as xmlrpc issues which i blocked access externally and only allowed access from JetPack IPs.
Edited Apache pre_virtualhost_global.conf
I was wondering if I could add to this at the bottom
I would need to come up with a solution to blanket cover servers that are only using CSF and some others are using CSF + Cloudflare. I am sure I am not alone on this, but much research online only leads to a solution doing it manually 1 by 1 via cPAnel and a manual cron job and modifying wp-config.php not ideal or realistically achievable with so many websites. Any help anyone can provide would be AWESOME! thanks
Order Deny,Allow
# Whitelist Jetpack IPs (you can remove/replace all the Allow lines)
Allow from 192.0.64.0/18
Allow from 122.248.245.244
Allow from 54.217.201.243
Allow from 54.232.116.4
Allow from 209.15.0.0/16
Allow from 66.155.0.0/17
Allow from 64.34.206.0/24
Allow from 185.64.140.0/22
Allow from 198.181.116.0/22
Allow from 76.74.248.128/25
Allow from 76.74.255.0/25
Deny from all
Order 'deny,allow'
Deny from all
I was wondering if I could add to this at the bottom
Order Deny,Allow
Allow from127.0.0.1
Allow from SERVERIPADDRESS
I would need to come up with a solution to blanket cover servers that are only using CSF and some others are using CSF + Cloudflare. I am sure I am not alone on this, but much research online only leads to a solution doing it manually 1 by 1 via cPAnel and a manual cron job and modifying wp-config.php not ideal or realistically achievable with so many websites. Any help anyone can provide would be AWESOME! thanks
-
hi team to kindly update adding this to Apache pre_virtualhost_global.conf Order Deny,Allow Allow from 127.0.0.1 Allow from SERVERIPADDRESS Deny from all
BLOCKS the wp-cron.php page from being access but question I have and want to know is will this impact functions of wordpress website? will it stop the cron job from running all together or impact website performance or functions? Does anyone know impact0 -
As long as you're allowing access to wp-cron.php from the local server IP, you should be fine. To know for sure, you can check the Apache logs or the Health Status info in a WordPress installation on the server after adding the code and visiting the WordPress website. 0
Please sign in to leave a comment.
Comments
2 comments