At a distant space view post, we chat about codes.

the Wild Wild West continuous — maintaining my WordPress blog

Brute force attack is so common on WordPress sites. Let’s deal with it.


You can tell from this access log, someone is trying to brute force my admin account password. Beside that, everything time this ‘visit’ comes,  WordPress calls its wp-cron.php.

I Googled wp-cron.php. It’s a task runner function that helps setup and run your scheduled mundane tasks.

First, event driven task runners are great things, but triggered by every HTTP requests? Hmm.

( The more I learn about WP, the more I finds out all the functions and DB calls back and forward by WP on every requests.)

Second, I don’t need it, for now.

So, let’s deal with the brute force, then disable wp-cron.php.


Reduce brute force attacks with ReCapcha

I’m very satisfy with ReCaptcha within my portfolio email form. Let’s reuse it here. Thanks to WordPress impressive community, a well written plugin is already there: WordPress ReCaptcha Integration. Just a few clicks and it’s working for my admin login page, the beauty of WordPress really. Let’s see if it’s enough to discourage the attacks.


Disabling wp-cron.php

Add two lines of code to wp-config.php in your site’s root directory.

/** Disable wp-cron.php */
define('DISABLE_WP_CRON', 'true');


Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

the Wild Wild West continuous — maintaining my WordPress blog