(WAF) Managed Challenge & Wp-crone.php

Hey guys, i have question, as you know you can make managed challenge or any challenge for specific page url to avoid any bot bruteforce or something else

my question can you do the same managed challenge for exemple to wp-crone.php url to avoid any ddos/mass request ? is it helpful ? and does it have any negative impact for visitors or visitors who want to make comments or whole website in general ?

I’m supposing you meant wp-cron.php.

For best results, disable WP Cron completely, and set up real system cron on your server. Here’s a handy guide: How to Disable wp-cron in WordPress and Set Up Proper Cron Jobs

Good luck!

Thanks for reply george, so it’s better to disable define(‘DISABLE_WP_CRON’, true);

Thanks for reply, i just disable it, because looks like someone ddos wp-cron, which in (htop) show lot of request. any other suggestion regarding.

Btw regarding proper cron jobs in system, if i don’t use any scheldud option or anything, i don’t think i don’t even need this cron or it’s required? i can just disable like you suggest without setup any proper cron through server/system right ?

If you’ve disabled WordPress’ internal cron and you don’t want those requests coming to your site at all, you can configure a Cloudflare WAF rule to block the URI.

I don’t know what you mean by “scheduled option”, but note that several WordPress core features, such as checking for WordPress/theme/plugin updates and publishing scheduled posts, need cron to function. Many plugins also have time-based task scheduling and need cron. So, in most cases, you need cron (whether from WordPress itself, system/server, or external cronjob services.)

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.