DISABLE_WP_CRON on its own does not prevent the wp-cron script from being executed via HTTP, meaning it is still vulnerable to exploitation by DDOS attacks. This script terminates any attempt to run wp-cron by any means other than the command line.

deactivate-wp-cron.inc.php

<?php
/**
 * Plugin Name:     eggMUP: Deactivate WP Cron
 * Plugin URI:      https://gist.github.com/ianpegg/36568e85cf692d3a901b475e4a14204e
 * Description:     Prevents wp-cron from being run via HTTP.
 * DISABLE_WP_CRON on its own does not prevent the wp-cron script from being
 * executed via HTTP, meaning it is still vulnerable to exploitation by DDOS attacks.
 * 
 * Version:         1.0.1
 * Author:          Ian Pegg
 * Author URI:      https://eggcupwebdesign.com
 * php version 8.2.14
 *
 * @category Must_Use_Plugin
 * @package  WordPress_Plugin
 * @author   Ian Pegg <[email protected]>
 * @license  GNU/GPLv3 https://www.gnu.org/licenses/gpl-3.0.txt
 * @link     https://eggcupwebdesign.com
 */

namespace EggCup\MUP\DeactivateWPCron;

if (!defined('ABSPATH')) {
    exit;
}


/**
 * Prevents WP Cron from being called via an HTTP request.
 * This does not impact real cron jobs as the cron scheduler 
 * calls wp-cron directly via PHP-CLI instead.
 *
 * @return void
 */
add_action('plugins_loaded', function () {
    if (defined('DOING_CRON') 
        && constant('DOING_CRON') 
        && 'cli' != php_sapi_name()
    ) {
        die();
    }
});