One way to Prevent DDOS attacks in WordPress

If you scan your WordPress site with wpscan tool, you would see a message like this:

 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  -
 |  -

It means that a hacker can generate a DDOS attack on your host using this URL, cause this URL return a blank page and a 200 HTML Response Code.

Also, this script will use a considerable amount of RAM and CPU, due to its heavy database queries.

So you have to do some workarounds to prevent these problems:

1. edit wp-config.php file and add below line to disable running the above script for every visits:

define('DISABLE_WP_CRON', true);

2. create a crontab record for running this script periodically:

*/10    *       *       *       *       /usr/bin/php /path_of_script/wp-cron.php >/dev/null 2>&

3. secure the script and return a 403 error code. to do so, you have to edit your webservice config file (/etc/httpd/conf/httpd.conf) and add the follow: ( is your web server ip address)

<Directory "/path_to_your_weblog">
	Order allow,deny
	Allow from all
	<Files "wp-cron.php">
		Require ip 123.123.123
		Require ip