Top Nav

Archive | WordPress

WordPress Cron With HTTP Auth

If you have a WordPress site that is password protected with HTTP Basic Auth, then you may encounter problems with the WordPress cron failing to run. A workaround is to install the “WP Cron HTTP Auth” from here:

WP Cron HTTP Auth

After you install and activate the plugin, go to “Settings->WP Cron HTTP Auth” and enter the HTTP Basic Auth credentials.


Find wp-admin url – iThemes Security / Solid Security

Quick way to find the wp-admin login slug on WordPress sites with iThemes Security or Solid Security installed:

If the sub-name changes then try:




WordPress External Cron

For low traffic WordPress sites, the internal cron will not run on a reliable schedule resulting in missed jobs. For high traffic sites the internal cron can result in excessive cron runs. The solution is to disable the internal cron and setup an external cronjob at the operating system level.

To disable the internal cron add the following to wp-config.php:

For the external cron you can use curl or wget, but my preference is wp-cli like this:

On a Plesk server this might look like:


WordPress Admin Dashboard Slow Due To WordFence

Recently worked a WordPress site where the admin dashboard was taking a minute or more to load. Tracked the problem to the “Updates Needed” section in the “WordFence” block displayed on the dashboard. The Updates Needed section calls the WordPress  “wp_version_check()” function. This function, as part of building the data sent to with the update version check, calls the WordPress “count_users()” function. The “count_users()” function runs a query like this:

The number of “COUNT(NULLIF” columns depends on the number of user groups. For a site with a small number of users and groups this query is not a problem. But for a site with over 100K users this query took over 100 seconds to run.

To fix the problem, we used “wp-cli” to disable the “Updates Needed” section in WordFence:

Now the admin dashboard loads with no delay. This is a great example of the types of problems that come with scaling a WordPress site to large numbers of users.





WordFence / CloudFront – Automatically Update Trusted Proxies

If you are using WordPress with CloudFront and WordFence then some extra configuration is required. WordFence does blocking based on IP address but it will fail to determine the correct IP address when you have CloudFront and an Elastic Load Balancer in front of the site. The work around is to setup a cronjob that updates the list of trusted proxies in WordFence.

  1. Login to WordPress admin and to to WordFence -> All Options. Under “How does Wordfence get IPs” select “Use the X-Forwarded-For HTTP header”.  Click “Save Changes”
  2. Add a cronjob using the script shown below to update the list of trusted proxies.

Here’s a simple script for the cronjob: