Hi Team,
As wp-cron.php is a known performance issue and loop hole on WP platform. I have several servers and want to implement a blanket protection rule to stop wp-cron.php being accessed externally. Yes I am aware you can disable wp-cron.php in /wp-config.php with directive and also implement a manual cron job in cpanel. However this would require doing so to over 300 websites manually etc etc.
Example I had another issue with .git folders being publicly exposed and was able to keep "git working" just fine for developers but BLOCK access to the folder world wide externally, as well as xmlrpc issues which i blocked access externally and only allowed access from JetPack IPs.
Edited Apache pre_virtualhost_global.conf
I was wondering if I could add to this at the bottom
I would need to come up with a solution to blanket cover servers that are only using CSF and some others are using CSF + Cloudflare.
I am sure I am not alone on this, but much research online only leads to a solution doing it manually 1 by 1 via cPAnel and a manual cron job and modifying wp-config.php not ideal or realistically achievable with so many websites.
Any help anyone can provide would be AWESOME! thanks
As wp-cron.php is a known performance issue and loop hole on WP platform. I have several servers and want to implement a blanket protection rule to stop wp-cron.php being accessed externally. Yes I am aware you can disable wp-cron.php in /wp-config.php with directive and also implement a manual cron job in cpanel. However this would require doing so to over 300 websites manually etc etc.
Example I had another issue with .git folders being publicly exposed and was able to keep "git working" just fine for developers but BLOCK access to the folder world wide externally, as well as xmlrpc issues which i blocked access externally and only allowed access from JetPack IPs.
Edited Apache pre_virtualhost_global.conf
<FilesMatch "^(xmlrpc\.php)">
Order Deny,Allow
# Whitelist Jetpack IPs (you can remove/replace all the Allow lines)
Allow from 192.0.64.0/18
Allow from 122.248.245.244
Allow from 54.217.201.243
Allow from 54.232.116.4
Allow from 209.15.0.0/16
Allow from 66.155.0.0/17
Allow from 64.34.206.0/24
Allow from 185.64.140.0/22
Allow from 198.181.116.0/22
Allow from 76.74.248.128/25
Allow from 76.74.255.0/25
Deny from all
</FilesMatch>
<Directorymatch "^/.*/\.git/">
Order 'deny,allow'
Deny from all
</Directorymatch>
I was wondering if I could add to this at the bottom
<FilesMatch "^(wp-cron\.php)">
Order Deny,Allow
Allow from127.0.0.1
Allow from SERVERIPADDRESS
I would need to come up with a solution to blanket cover servers that are only using CSF and some others are using CSF + Cloudflare.
I am sure I am not alone on this, but much research online only leads to a solution doing it manually 1 by 1 via cPAnel and a manual cron job and modifying wp-config.php not ideal or realistically achievable with so many websites.
Any help anyone can provide would be AWESOME! thanks
Last edited by a moderator:
