WP-Cron is a core component of WordPress since it is used for many scheduled tasks including WordPress updates, plugin updates, and other core and plugin functionality. Server configuration, access controls, and other permission issues could cause problems with the WordPress WP-Cron scheduler, but in this article, we’ll discuss a problem that Cloudflare can cause if you’ve enabled certain features.
Diagnose WP-Cron Issues
Unfortunately, WordPress doesn’t provide a way to view your WP-Cron schedules, or even alert you that there’s an issue. I used a plugin called WP Control to help diagnose my issues. This plugin will let you view missed WP-Cron events as well as the schedule. In my case, the plugin would display an error saying “there was a problem spawning a call to the WP-Cron system on your site” then showed me “Unexpected HTTP response code: 403”. A 403 error code means Forbidden, but I didn’t have any firewalls, htaccess, or permissions that would block the wp-cron.php script from being accessed. If you get a different error, check out the WP Control support page for other suggestions.
Cloudflare’s security settings allows you to block bad bots, which can also block wp-cron activities as false positives.
- In Cloudflare, go to Security > Overview
- Click on Add Filter > Source IP > Enter the IP address of your hosting server
- If you see wp-cron.php in the path, then Cloudflare is probably blocking the script from running
Fixing WP-Cron Errors in Cloudflare
While you have more options with a paid Cloudflare account, we’ll discuss the options found using a free Cloudflare account.
Option 1 – Disable Bot Fight Mode
The free Cloudflare WAF and Security Rules allow you to turn on a Bot Fight Mode, which can cause issues with the WordPress WP-Cron system. Disabling this will disable all of Cloudflare’s bot fighting capabilities though.
If you want to turn this off, in Cloudflare, go to Security > Bots then turn off Bot Fight Mode.
Option 2 – Whitelist Server IP in Cloudflare WAF Tools
Another option is to add your server IP address to the Cloudflare WAF tools, which will allow all traffic from your server IP to bypass the Cloudflare Bot and Managed WAF Rules.
- In Cloudflare, go to Security > WAF > Tools
- Enter your server IP and change the action to Allow, then click Add (if you have multiple WordPress sites in Cloudflare, you’ll be prompted to add this rule to all sites in your account)
After making one of these changes, you should be able to see your WP Control events update as the WP-Cron schedules run.