If you scan your WordPress site with wpscan tool, you would see a message like this:
[+] http://ictbank.ir/blog/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299
It means that a hacker can generate a DDOS attack on your host using this URL, cause this URL return a blank page and a 200 HTML Response Code.
Also, this script will use a considerable amount of RAM and CPU, due to its heavy database queries.
So you have to do some workarounds to prevent these problems:
1. edit wp-config.php file and add below line to disable running the above script for every visits:
2. create a crontab record for running this script periodically:
*/10 * * * * /usr/bin/php /path_of_script/wp-cron.php >/dev/null 2>&
3. secure the script and return a 403 error code. to do so, you have to edit your webservice config file (/etc/httpd/conf/httpd.conf) and add the follow: (22.214.171.124 is your web server ip address)
<Directory "/path_to_your_weblog"> Order allow,deny Allow from all <Files "wp-cron.php"> Require ip 123.123.123 Require ip 127.0.0.1 </Files> </Directory>