Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.
You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.
What is this endpoint?
wp-cron.php
WordPress pseudo-cron task runner, sometimes hit to trigger jobs or for DoS
What an attacker could do
Repeated direct requests can trigger scheduled jobs on demand and exhaust server resources, causing denial of service on shared or low-resource hosting.
How to defend it
Disable the HTTP-triggered cron with `define('DISABLE_WP_CRON', true)` and schedule a real system cron to call wp-cron at controlled intervals, optionally rate-limiting the path.
Connect with the Security Engineer
Learn More
Want to dive deeper into this topic? Check out the official documentation.
Read Official Documentation