WP-Cron Control SOP
The default wp-cron.php fires on visitor traffic and is a public DoS handle. Take it server-side.
— Step 1: Set DISABLE_WP_CRON to true in wp-config.php.
— Step 2: Add a real system cron hitting wp-cron.php?doing_wp_cron every 5 minutes via loopback.
— Step 3: Block external POST/GET to wp-cron.php from outside 127.0.0.1.
— Step 4: Verify scheduled jobs still fire: check a known event's next-run timestamp advances.
— Step 5: Audit the cron table for orphaned events from removed plugins.
— Step 6: Confirm no job is scheduled to run every minute by mistake.
Do this on every production site.
Run this every time.
Lockdown Ledger
@LockdownLedger
WP-Cron Control SOP
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.