<b>WP-Cron Hardening SOP</b>

<b>WP-Cron Hardening SOP</b>
Run on every production WordPress site for reliability and DoS resistance.

— Step 1: Disable pseudo-cron. Set <code>DISABLE_WP_CRON</code> to true in <code>wp-config.php</code> — every page load triggering cron is a load and abuse vector.
— Step 2: Schedule a real system cron hitting <code>wp-cron.php</code> at a fixed interval, every 5-15 minutes.
— Step 3: Block public access to <code>wp-cron.php</code> at the server, allowing only localhost.
— Step 4: Audit scheduled events with WP-CLI <code>wp cron event list</code> — orphaned plugin hooks pile up here.
— Step 5: Set <code>ALTERNATE_WP_CRON</code> only as a fallback, never as the default.

Run this every time.