[wp-hackers] ALTERNATE_WP_CRON... Is it worth it?

Otto otto at ottodestruct.com
Tue Oct 9 19:04:55 UTC 2012

On Tue, Oct 9, 2012 at 1:59 PM, Mike Schinkel <mike at newclarity.net> wrote:
> Downside is that the doing_wp_cron= param show up in the browser and users bookmark them, email them, share them, etc.  not to mention they are confusing and ugly.
> Better option IMO is to have server admin set up a real cron task and have it call /wp-cron.php.
> -Mike

Ideally, those would not show up very often. If you had a very large
number of cron jobs running on the system, then they'd be likely to
get them more often, but realistically the only ways core sets up a
cron job that a user could see would be Future Posting and the
twice-daily version update checks. Crons are also used for pingbacks,
but those happen at the same time as the post, so the very next admin
hit after a post is likely to trigger them instead of a user process.

And even when the link does get saved or shared, it doesn't really
affect anything. The flag is ignored for everything that isn't cron

The best option is to make it so that your server is capable of making
http hits back to itself. If you're blocking loopback, then that's
really not a valid security measure to begin with.


More information about the wp-hackers mailing list