Why CF use wp-cron or isnt CF? May I close to access to wp-cron.php?

For example log like this:
[u][27/Jul/2020:00:05:29 +0300] 1.377 1.377 200 172.68.245.84 xxxxx POST /wp-cron.php?doing_wp_cron=xxxxxxxxx HTTP/1.1 “WordPress/5.3.4; https://zaitcev.ru” “https://zaitcev.ru/wp-cron.php?doing_wp_cron=xxxxxxxxxxx” …

172.68.245.84 - is CF IP
May I close to access to wp-cron.php from CF?

WordPress uses wp-cron.php for a variety of internal purposes.

You need to set up some sort of cron mechanism for WordPress to operate properly, although there are options that don’t require the URL to remain open. It is also largely harmless, WordPress is designed to have it accessible as a fallback so it is relatively harmless.

Check WordPress’s documentation for more details.

You cannot necessarily guarantee that a webserver is available to localhost, so it is safer to just implement a standard HTTP request. This will normally land on the current server eventually anyway, although when there is a reverse proxy (Cloudflare, as an example) or other more advanced configuration the request will end up bouncing around a bit.

As for why it makes a connection at all, this allows the current thread to complete a user’s request promptly, while a non-blocking call to wp-cron.php can take as long as it likes in the background without hurting anything.

Unless you have a compelling reason, I’d probably suggest not doing anything as there is little harm in leaving this open. If you’re confident that you’ll remember to update it when your webserver’s IP changes (maybe not any time soon, but you might change hosts in 19 months, will you think of this?) you could use Cloudflare’s firewall or an Access rule to control access to the specific request. You could also configure your local web server to only allow the request if Cloudflare passes your web server as the originating IP for the request.

Even better, set up one of the alternate cron options (e.g. run the php locally or via localhost yourself) and then you can block external access completely.

You could also configure your local web server to only allow the request if Cloudflare passes your web server as the originating IP for the request.

How do it?