If you scan your WordPress site with wpscan tool, you would see a message like this:
[+] http://ictbank.ir/blog/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
It means that a hacker can generate a DDOS attack on your host using this URL, cause this URL return a blank page and a 200 HTML Response Code.
Also, this script will use a considerable amount of RAM and CPU, due to its heavy database queries.
So you have to do some workarounds to prevent these problems:
1. edit wp-config.php file and add below line to disable running the above script for every visits:
define('DISABLE_WP_CRON', true);
2. create a crontab record for running this script periodically:
*/10 * * * * /usr/bin/php /path_of_script/wp-cron.php >/dev/null 2>&
3. secure the script and return a 403 error code. to do so, you have to edit your webservice config file (/etc/httpd/conf/httpd.conf) and add the follow: (123.123.123.123 is your web server ip address)
<Directory "/path_to_your_weblog">
Order allow,deny
Allow from all
<Files "wp-cron.php">
Require ip 123.123.123
Require ip 127.0.0.1
</Files>
</Directory>