I am using this outside WordPress to get access to different WordPress’ tables:
define('WP_USE_THEMES', false); require('./wp-load.php');
It works perfectly. But is there a higher security risk? Can I be hacked that way if e.g. someone knows the name of the php script?
I am not passing any values to the script. It’s just called by cron to create pseudo materialized views out of some very slow MySQL views for statistical purposes.
Read more here: Using wp-load.php outside WordPress. Security risk or not?