WordPress 2.6: The issue of “wp-cron.php”
I love WordPress. When I needed something simple, robust, and easy to use for a company project, I found out really quick how easy it is to use WordPress for almost anything. If you are willing to spend the time and find the right plugins for what you need, the sky is the limit. But sometimes I just have to kind of scratch my head at how WordPress does things.
So I’ve been working on this project for a few months now and I’m only just now starting to understand the inner workings of how the nuts and bolts of WordPress fit together. I’m also new to PHP, but have a background in Perl. Things were great until my server admin informed me that the install of word press was hitting a file called “wp-cron.php: over 381 times a day, and we haven’t even opened it up to the public yet. That seemed really weird to me so I did some poking around and found that this is a known issue with WordPress.
What is “wp-cron.php”?
Simply put, is the part of WordPress that takes care of all the scheduled tasks that WordPress has to preform in order to work correctly. For instance, changed a post from Unpublished to Published when it has been set to publish at a future date. Now WordPress is designed to be easy to install, easy to set up, and easy to use. So if you are a new user to the WordPress platform, the wp-cron.php file is something that takes care of a lot of the stuff you never even thought about. Until, that is, your system administrator for you web host turns you site off because you are “bogging” down the server.
Is this Bad?
There is a lot of discussion out there about what to do if your hosting service does that. The answer range from, “switch to a host who has a real sever set up” or “work with your host to see if there is a compromise you can make with them”. There are ways to edit the “wp-cron.php” file so that it can be run by the system cron every night with all of the normal sever jobs that clean things up when no one is looking. But still, this does not take away from the root of the issue, which is why I’m writing this rant.
- Gripe 1: Process Intensive
The “wp-cron.php” file is just another script that pulls data values that have been stored in the system memory of the sever, while a user load a page from WordPress. In normal speak, every time a person view a page on a WordPress blog, there are a lot of processes that get run in that moment that allow the user to see the pages they were intended to be seen, and “wp-cron.php” is one of those processes. So on every page load, this process get run. EVERY PAGE LOAD!! So there is my first gripe: Why Every Page Load? There has to be some way of accomplishing this task without running the script every time a new page is loaded by a person viewing the site.
The answer I have found to the why is that this is all done as a bundle of PHP scripts, which means all of these tasks are stored in system memory. This means every page load the information can change, so it has to execute ever page load. My response to that is…isn’t WordPress already connected to an database that could be used for that sort of thing? The updated processes could be run by perl scirpts or other such things that run on severs these days, and not having to hit the CPU of the server every time a new page load is run, but when it needs to be run.
- Gripe 2: Security
“wp-cron.php” is run by the web sever, not by a system process initiated by the actual server it’s self. This may seem confusing to some people, because most people think that a web server is the actual computer they are connecting to when the view a web page. That’s only partially correct. A Web Server is an actual process on a computer that gives you information based on how the server is set up to display it. This means the web server, just like any other person trying to preform a task on a server, is a user of that computer. A user that his triggered to do something when someone else is view the any page/post/image in the Word Press Blog
I personally don’t like the idea of the web server being told to do something by a user who may not even be authenticated as a user of my blog, let alone have access to my host server.
Does anyone out there resonate with this? Don’t get me wrong. I love the WordPress team and all the amazing stuff they do for the WordPress community. But it just seems a little odd that such a basic thing as hitting the web server CPU multiple times from one page view, seems to have become a common practice.