Tài Hoàng

  • Set up a proper Cron Job system for WordPress

    Set up a proper Cron Job system for WordPress

    Cron job (specifically WP-Cron in WordPress) is one of those hidden features most site owners rarely think about — until scheduled tasks start failing or running late. In this article, I’ll explain why relying on WP-Cron can be problematic and why replacing it with a proper system-level cron job is a smarter choice for security, reliability, and performance.

    What is a WP-Cron

    In WordPress, WP-Cron (wp-cron.php) is a built-in pseudo-cron system that handles scheduled tasks. Think of it as WordPress’s way of running background jobs without needing direct server access.

    Typical tasks handled by WP-Cron include:

    • Checking for plugin, theme, or core updates.
    • Publishing scheduled posts at the right time.
    • Sending scheduled emails (like newsletters or notifications).
    • Cleaning up temporary or expired data (like transients or trash).

    Instead of running continuously like a real cron daemon on Unix/Linux, WP-Cron only runs when someone visits your site. Each time a page loads, WordPress checks whether there are any due tasks and, if so, executes them.

    The Downsides of WP-Cron

    While WP-Cron is convenient, it comes with a few serious limitations:

    • Inconsistent Execution: Since WP-Cron depends on user visits, tasks might not run exactly on schedule. If your site has low traffic, scheduled posts or emails may be delayed.
    • Overhead on Every Request: On busy sites, WP-Cron is triggered often, which can create unnecessary server load. Multiple concurrent visitors may even cause overlapping cron executions.
    • Unreliable on Caching/Headless Setups: If your site uses aggressive caching or serves content statically (e.g., via a CDN), wp-cron.php may not trigger reliably.
    • Can Be Exploited: Since wp-cron.php is publicly accessible, it can be targeted in DoS-style attacks where bots repeatedly call it, putting strain on your server.

    Why Replace WP-Cron with a Real Cron Job?

    A system-level cron job (the kind provided by Linux/Unix servers) is far more reliable than WP-Cron. Benefits of using a real cron job include:

    • Precise timing – tasks run exactly when scheduled, not just when someone visits.
    • Better performance – reduces overhead on every page request.
    • More reliable – works regardless of traffic volume or caching setup.
    • More secure – limits public exposure of wp-cron.php.

    For production sites — especially eCommerce stores, membership platforms, or anything where scheduling matters — relying on WP-Cron is risky.

    How to Disable WP-Cron and Use a System Cron Job

    Disable WP-Cron

    Add this line to your wp-config.php file:

    define('DISABLE_WP_CRON', true);

    This prevents WordPress from auto-loading cron jobs on every page request.

    Set up a System Cron Job

    SSH to your server, and install WP-CLI. Then, in your Ubuntu terminal, type this command to edit the cron table:

    crontab -e

    Add this line to the cron table:

    */5 * * * * sudo -u www-data wp cron event run --path=/var/www/public/wordpress --due-now > /dev/null
    • Remember to replace /var/www/public/wordpress with your current path.
    • Press Ctrl + X, then press Y to Close & Save the cron table.

    In simple terms: This cron job runs every 5 minutes. It executes as the www-data user, uses WP-CLI to process all WordPress cron tasks that are currently due within the installation at /var/www/public/wordpress, and discards normal output to keep server logs clean.

    Done.