[wp-hackers] ALTERNATE_WP_CRON... Is it worth it?

Micky Hulse mickyhulse.lists at gmail.com
Tue Oct 9 19:17:21 UTC 2012

Thanks for the additional info Otto, I really appreciate it.

On Tue, Oct 9, 2012 at 12:04 PM, Otto <otto at ottodestruct.com> wrote:
> The best option is to make it so that your server is capable of making
> http hits back to itself. If you're blocking loopback, then that's
> really not a valid security measure to begin with.

Unfortunately, we are blocking loopback. When I mentioned *not*
blocking loopbacks, our IT guy had some concerns about tweaking the
server for the sake of WP (or something to that effect).

So, to summarize the solutions:

* I could just roll with the ALTERNATE_WP_CRON setting and let the
URIs do their thing (if/when the cron needs to run, which shouldn't be
too often).
* Disable ALTERNATE_WP_CRON, turn off debug (for the production
server) and setup a standard cron task and have it call wp-cron on a
set interval.

I think for now we'll go with the former solution... Based on Otto's
reply, I don't even think we have any WP cron jobs that would affect a
front end user... But if things do get wonky (i.e. lots of URIs with
doing_wp_cron= query string, then we'll consider switching to the
latter solution.)

Now that I understand how things work, for our site, I have a feeling
that ALTERNATE_WP_CRON won't be a problem.

On the other hand, if I were to make the final decision about our
server setup, I'd just allow loopbacks!!!! I guess our network/IS guys
are just super security strict.

Thanks so much folks!



More information about the wp-hackers mailing list