Disabling wp-cron php Script in WordPress

I noticed in my log files a large amount of calls to wp-cron.php. The following site provides a useful discussion of this event.

http://www.lucasrolff.com/wordpress/why-wp-cron-sucks/

The instructions at the site provided above explain how to use cPanel to enable cron. But what if you don’t have cPanel?
I run a site where I have root access and no intervening panel to take care of the administrative chores.
My webserver is running with a user that is not allowed to login which should also disallow it to run a cron job from the operating system.

 harvey:x:48:48:An invisible 6' 3.5" tall rabbit:/var/www:/sbin/nologin

I know I can use the root crontab but I certainly do not want to run the process as root nor do I want to enable a login shell for the user that is running the webserver process. After all no one wants an invisible 6 ft 3.5 in tall rabbit running around on the server. Who knows what mischief it could cause.
But I need the wp-cron.php to run only with the permissions and ownership of the website owner. So the following is how I solved this problem.

Testing execution of wp-cron.php

Edit /var/www/pathtowordpress/wp-cron.php

Add the following temporary code at the top of the file.
If the cronjob is executed correctly there will be a file written with the appropriate user and group ownership of the user running it. Your owner and group will of course be different from mine. No doubt, it will be owner: apache and group: apache.

Reference: http://php.net/manual/en/function.file-put-contents.php

    $file = '/tmp/pooka.txt';
    // Open the file to get existing content
    // $current = file_get_contents($file);
    // Append a new person to the file
    $current .= "Peekin at the Pookas\n";
    // Write the contents back to the file
    file_put_contents($file, $current);

To test run the following commands at the command line. You must be root to do this.

# su --shell=/bin/bash harvey -c '/usr/bin/wget -q -O - "http://domain01.com/wp-cron.php?doing_wp_cron=`date +\%s`" > /dev/null 2>&1'

# ls -l /tmp/pooka.txt
            check owner and group
# rm /tmp/pooka.txt

# su --shell=/bin/bash harvey -c '/usr/bin/php /site1path/wp-cron.php'
# ls -l /tmp/pooka.txt
            check owner and group 
# rm /tmp/pooka.txt

To check the file ownership:

$ ls -l /tmp/pooka.txt
    -rw-r--r--  1 harvey  pookas     9 Sep 21 15:17 pooka.txt

Installing execution of wp-cron.php in root cron

Once the test is successful, i.e. the file is not owned by root or anyone else other then the webserver process owner,  remove the test code and install the code into the root crontab. I have only two sites and I don’t use many cron features, that I know of.
To start I chose to use 60 minutes and offset the second site by 5 minutes. If I notice any abnormalities I can back it down until I get a reasonable and working configuration. Your choice will depend upon how many sites you have, the plugins installed and how you use the site. See the refernce site above for a “multisite” discussion.

# m h  dom mon dow   command
# .---------------- minute (0 - 59)
# |   .------------- hour (0 - 23)
# |   |   .---------- day of month (1 - 31)
# |   |   |   .------- month (1 - 12) OR jan,feb,mar,apr ...
# |   |   |   |  .----- day of week (0 - 7) (Sunday=0 or 7)  OR sun,mon,tue,wed,thu,fri,sat
# |   |   |   |  |
# *   *   *   *  *  command to be executed
################################################################################
# becuase we turned this off in wp-config.php.
# Everytime someone hits a page it kicks off a wp-cron.php process.
################################################################################
*/60 * * * * su --shell=/bin/bash harvey -c '/usr/bin/wget -q -O - "http://domain01.com/wp-cron.php?doing_wp_cron=`date +\%s`" > /dev/null 2>&1'
#Sometimes it might be required to run PHP directly:
#*/60 * * * * su --shell=/bin/bash harvey -c '/usr/bin/php /site1path/wp-cron.php'
################################################################################
*/65 * * * * su --shell=/bin/bash harvey -c '/usr/bin/wget -q -O - "http://domain02.com/wp-cron.php?doing_wp_cron=`date +\%s`" > /dev/null 2>&1'
#Sometimes it might be required to run PHP directly:
#*/65 * * * * su --shell=/bin/bash harvey -c '/usr/bin/php /site2path/wp-cron.php'
################################################################################

Now the only question i have left is why not just run the php script directly. This would be the crontab entries which I have commented out.
One benefit is that I get logging when the commands are executed.
I will leave them commented out for now so I can see what happens.


Leave a Reply

Your email address will not be published. Required fields are marked *

*