After updating to WishList Member 3.33.0 or higher, you may see a notice on your WordPress dashboard that reads “WishList Member now requires an authenticated secret for hosting cron commands. If you run a server-level cron, copy the updated command from Advanced Settings → Cron Settings.” This article explains what the notice means, who needs to take action, and how to update your cron command.
Do I Need to Do Anything?
For most sites, the answer is no.
WishList Member uses built-in WordPress Cron (WP-Cron) by default to run its scheduled tasks, such as sequential upgrades (drip content) and sending queued emails. If you have never manually set up a cron job at your hosting or server level, you are using WP-Cron and you can safely dismiss this notice. Nothing will change for you in this case.
This notice only requires action if you (or your host) previously set up a server-level cron job that calls WishList Member directly. That is an optional setup some sites use to run scheduled tasks more reliably than WP-Cron.
Why the Command Changed
WishList Member includes a layer of security in its server cron endpoint.
The address your server cron job calls can trigger WishList Member's scheduled tasks. To make sure only your own cron job can trigger it, WishList Member requires the request to include an authenticated secret. This secret is a unique, site-specific value. Requests that do not include the correct secret are no longer accepted.
Because of this, any older hosting cron command you set up before the update no longer includes the required secret and will stop working. You will need to replace it with the new signed command.
How to Update Your Server Cron Command
- In your WordPress dashboard, go to WishList Member.
- Navigate to Advanced Options > Cron Jobs section.
- Copy the command shown on that screen. It already includes your site's authenticated secret.
- Replace your existing hosting cron command with this new command. If you are not comfortable editing your cron job, you can provide the new command to your hosting provider and ask them to update it for you.
A schedule of once per day is recommended for the cron job. On most systems this is written as: 0 0 * * *
If the standard command does not run on your server, the Cron Jobs screen in WishList Member also provides an alternate command you can try instead.
Keep Your Secret Private
The authenticated secret in the command is site-specific and grants the ability to trigger your cron endpoint. Treat it like a password:
- Do not post the full command in public forums, paste bins, or anywhere it could be seen by others.
- When contacting support, you do not need to share the secret itself. Let us know you are updating your server cron and we can guide you without it.
For Advanced Users: Rotating the Secret
If you ever need to issue a new secret (for example, if you believe the old one was exposed), you can reset it and then return to the Cron Jobs screen in WishList Member to copy the new command. After rotating the secret, remember to update your hosting cron job with the newly generated command, since the previous command will no longer authenticate.
