Authenticated Origin Pulls + Cron + wget/curl/php scripts

After 2 days of troubleshooting, I’ve determined that the reason my Wordpress cron jobs aren’t running is Authenticated Origin Pulls (AOPs). Disabling the feature allows the jobs to run; otherwise, there’s a handshake failure that prevents the scrips from running.

Background: Wordpress cron is very inefficient. It runs every time a visitor hits a page. It’s better to disable it and set the jobs to run on a schedule via Cron & Crontab. Various tutorials recommend using wget, but others use curl or PHP.

How can I configure my server to run these jobs in harmony with AOPs? Or is that even possible?

This makes sense, if your webserver is only accepting requests that present the appropriate client certificate and your curl request isn’t presenting the certificate…

There are a few approaches. First and best, use WP-CLI which can call cron for you. This basically requires some sort of shell access though.

You could consider calling it locally using PHP using the “php -q wp-cron.php” syntax, this bypasses the webserver and all related authentication completely, but WP-CLI is a bit cleaner. This also probably needs shell access, although some control panels might make this easier than installing WP-CLI.

You could adjust your webserver configuration to allow AOP or traffic from (without AOP), then use curl like this: curl --silent --resolve “” > /dev/null

Or you could just configure curl to connect through Cloudflare and let Cloudflare relay the request to WordPress, since you’re really just calling a URL at this point. I like this the least, especially because there is no guarantee that Cloudflare won’t decide this is automated behaviour and block it since curl can’t complete any JavaScript challenges.

Finally, you could just turn WP’s native cron support back on, it has very little real-world impact on most sites in modern versions of WordPress because the client doesn’t wait for the response from wp-cron.php before proceeding. WordPress has so much overhead anyway that the one extra call to check the database to see if cron tasks are overdue is a drop in the proverbial bucket.

1 Like

Yeah, I had worked out why AOPs blocked the calls.

Thanks for the suggestions. I just installed wp-cli & ran some tests. This worked (wp-cron-user is not the real wordpress owner in this example):

sudo -u wp-cron-user -i -- wp --path=/path/to/wordpress/ cron event run --due-now >/home/wp-cron-user/cronlogs/wp-sitename-cron.log

So then I ran sudo -u wp-cron-user crontab -e and added this:

*/30 * * * * wp --path=/path/to/wordpress/ cron event run --due-now >/dev/null 2>&1

Hopefully that will work.

Final question: how does one configure a server to allow traffic from localhost without AOP? I assume it involves a change to the vhosts config, specifically the lines dealing with AOP.

This topic was automatically closed after 14 days. New replies are no longer allowed.