Categories

Backup & Restore
4
Billing
2
CloudLinux
10
cPanel
24
Databases
11
Domains
10
Email
18
FTP
9
General
3
ISPConfig
5
Linux
3
Mail Filters & SPAM
9
Mobile
11
Nextcloud
1
Other
3
Plesk
46
Security
11
Softaculous
70
SSL
5
Tutorials
2
WHM
13
WordPress
22

  Categories

  Tag Cloud

account address Admin affiliate api apple apple email setup guide apple mail setup guide Archive Authentication Autoresponder backups billing blog cli Cloud Compliance contact create cron cryptocurrency Dashboard debian Dedicated Deliverability DIGEST-MD5 directories disk space disk usage DKIM DMARC Docker domain domains Dovecot email email account setup email client emails error files Filtering form forward forwarder forwarding hosting imap inodes IPv6 ispconfig large mailboxes Limits linux list lists local log Login macbook mail mail setup mailbox microsoft migration monero mozilla name Nextcloud occ Office 2024 LTS open source outlook outlook alternative payment PCI Performance permissions pgp encryption Phishing PHPMyAdmin plesk pointing POPIA Private PST RAID register registration rest rsync saving scheduled search security Server set up setup softaculous Software spam SPF Spoofing Storage support thunderbird TLS tools transfer troubleshooting tutorial Ubuntu User website whois Windows WordPress wp wp-cron.php

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket

Why WordPress wp-cron.php sucks Print

  • WordPress, Performance, wp, cron, wp-cron.php
  • 0

What is wp-cron.php & How does it work?

The wp-cron.php file is how WordPress handles scheduled events by default. Any function that relies on scheduling, such as updates, scheduled posting etc is handled by this file.

In order for this file to work correctly, it needs frequent execution, but no more than once per minute. The default behavior unfortunately does not implement a system level cron job. Instead it triggers on every incoming request to the site. When a new request comes in, WordPress generates an additional request to wp-cron.php over HTTP(s).

Why is this a problem?

The default method works fine for a small website with only a few visitors per hour. On a medium or larger site however, with a large number of requests, or with a large number bot scans, the site is more than  doubling the number of wp-cron.php requests to itself. WordPress essentially DDoS attacks itself. This slows the site, and places additional pressure on the web server. It's a really bad idea.

What are the alternatives.

Aside from signing up for a Managed WordPress hosting plan, the next best is to set up a system cron and disabling the wp-cron.php from the wp-config.php file. This way you can ensure the scheduled tasks get executed by the system, but prevents it from executing every time a request is sent to the site. The cron should execute via sell rather than via HTTP(s) to keep the web server from generating undue memory consumption.

How do I disable wp-cron?

Simple, include the following setting at the end your wp-config.php file:

define('DISABLE_WP_CRON', true);

This file is generally located in your websites root directory, something like "public_html" but will differ by web server or host.

How do I set up a system cron?

This depends on what control panel you are using. See the following articles for the respective methods for creating a cron job:

  • ISPConfig 3
  • Plesk
  • cPanel
  • Ubuntu CLI (If you have a managed cloud server, simply request this from one of our admins)

Why should I do this?

WordPress is so widely used today, that this design flaw is almost unforgivable. The default scheduling mechanism creates an undue attack vector for a website, and for an entire hosting network since so many of the sites use this resource heavy method of handing scheduled tasks.

If you are not yet skilled enough to handle this kind of change, I would recommend signing up for a managed WordPress plan, to have the change handled by default. You will notice a huge performance boost in your site, and you will receive many of the other benefits of our Managed WordPress plans.

Was this answer helpful?

Related Articles

WordPress Security Checklist The following checklist is essential to securing your WordPress installation. - Restrict access... How to Remove Sample Comments and Posts From WordPress You get sample comments and posts in a fresh WordPress install. You can easily remove them in the... How to Write and Publish Your First Blog Post in WordPress Writing your first blog post is a fascinating thing. Follow the steps below to do so in... How to Remove a Post in WordPress You can remove the published or draft post in WordPress.1. Log in to the WordPress dashboard. 2.... How to Bulk Delete Posts in WordPress It is possible to delete posts in bulk using WordPress. You can also delete selected posts in...
« Back

  Tag Cloud

account address Admin affiliate api apple apple email setup guide apple mail setup guide Archive Authentication Autoresponder backups billing blog cli Cloud Compliance contact create cron cryptocurrency Dashboard debian Dedicated Deliverability DIGEST-MD5 directories disk space disk usage DKIM DMARC Docker domain domains Dovecot email email account setup email client emails error files Filtering form forward forwarder forwarding hosting imap inodes IPv6 ispconfig large mailboxes Limits linux list lists local log Login macbook mail mail setup mailbox microsoft migration monero mozilla name Nextcloud occ Office 2024 LTS open source outlook outlook alternative payment PCI Performance permissions pgp encryption Phishing PHPMyAdmin plesk pointing POPIA Private PST RAID register registration rest rsync saving scheduled search security Server set up setup softaculous Software spam SPF Spoofing Storage support thunderbird TLS tools transfer troubleshooting tutorial Ubuntu User website whois Windows WordPress wp wp-cron.php

  Support

My Support Tickets
Announcements
Knowledgebase
Downloads
Network Status
Open Ticket