Task Schedulers

How to block a request to a site using doing_wp_cron?

Good morning! They attack the site through a request like:

[u][26/Sep/2018:00:24:06 +0300] 0.950 0.950 301 105.105.212.128 www.volga37.ru GET /?doing_wp_cron=1537910643.3970870971679687500000 HTTP/1.1 "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" "-" 252 141.8.192.166 volga37

from different IP addresses, requests go around the clock. What is the way to solve the problem? Wordpress Version 4.9.8
Hosting support advised to make adjustments to the .htaccess file, but did not help

.In this case, the original scheduler wp-cron.php does not work. Based on the nature of the requests, an attempt is made to find vulnerabilities on the site and carry out an attack using the SQL injection method.
In this regard, we checked your account for malicious activity. No suspicious scripts were found.
We recommend that you do the following as soon as possible:
1. Change the site administrator password.
2. Check for the presence of users with administrative rights - some of them may not have been created by you.
3. Check your website content for legitimacy.
You can also restrict access to the site for the specified IP. To do this, add the following rule to the .htaccess file:
Order allow,deny
Allow from all
Deny from 106.222.255.207
In addition, you can add a rule to the .htaccess file that will allow you to deny such requests at the web server level:
RewriteEngine on
RewriteCond %{QUERY_STRING} UNION [NC,OR]
RewriteCond %{QUERY_STRING} CHAR [NC,OR ]
RewriteCond %{QUERY_STRING} SELECT [NC,OR]
RewriteCond %{QUERY_STRING} UNHEX [NC,OR]
RewriteCond %{QUERY_STRING} VOID [NC,OR]
RewriteCond %{QUERY_STRING} SLEEP [NC]
RewriteRule .* - [F]