Update failed: Download failed. cURL error 28

Home Forums BulletProof Security Pro Update failed: Download failed. cURL error 28

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #41346


    I constantly get an error like this:

    “Update failed: Download failed. cURL error 28: Connection timed out after 10004 milliseconds”

    No matter the browser, it just pops up. I have stopped to update as it is a pain in the you know where 😉 to try it a dozen of times and hope that this time it will do its job.

    It works in a random way.

    Today I have logged into one website, updated it, went to another of mine, and boom the error of doom. So I have tried my third website and the same. Cleared cache, used another browser and always the same error.

    Any hints what to do?

    AITpro Admin

    This help post on wpbeginner.com covers a few possible causes for this problem > https://www.wpbeginner.com/wp-tutorials/how-to-fix-curl-error-28-connection-timed-out-after-x-milliseconds/.

    Before you do any of these things below you should first check to see if your host is experiencing problems.  Typically web hosts will not tell you that they are experiencing global outages or problems.  So you would need to check sites such as IsItDownRightNow > https://www.isitdownrightnow.com/ to check that.  Or a site like Host-Tracker > https://www.host-tracker.com/ to check your host server.

    The first thing you should check/change is your PHP server version.  If your host offers PHP 8.x.x then switch to PHP 8.x.x in your web host control panel.  Next check your php memory on the BPS System Info page.  You should have at least 256M of allocated php memory.  The most likely plugins that could cause some sort of WP API connectivity problems would be caching plugins or plugins that use a WAF (Wordfence, Sucuri, et) or Proxy (Cloudflare, etc).  BPS Pro uses an htaccess firewall and not a WAF. So BPS Pro would not interfere with the WP API.  Temporarily deactivate any plugins that could be causing a connectivity/communication problem.

    Also if the wordpress.org site is having issues then you will see this error.  I have only seen that happen a couple of times in 10 years. So it is very unlikely that wordpress.org is having issues.



    The server admins ask me to show them to which web address is my website calling.

    AITpro Admin

    BPS Pro does a plugin upgrade check to my API server here > api.ait-pro.com.


    They have advised me to check any blockades I may have and pointed to and example connected to my website and giving something like this:


    They also suggested that some of my settings might be blocking the rest api and suggest to turn off the security plugins – I only have BPS Pro, google authenticator and No Category Base (WPML) so none of those can be doing anything shady behind the scenes.

    Here are the php errors/warings:

    [10-Feb-2022 13:09:41 UTC] PHP Warning:  rename(/tmp/pl_PL-De317f.tmp,wordpress-5.9-pl_pl.zip): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-admin/includes/file.php on line 1201
    [11-Feb-2022 13:09:31 UTC] PHP Warning:  rename(/tmp/pl_PL-KyevAb.tmp,wordpress-5.9-pl_pl.zip): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-admin/includes/file.php on line 1201
    [16-Feb-2022 13:49:12 UTC] PHP Warning:  copy(/usr/home/fw190/domains/infolotnicze.pl/public_html/wp-content/bps-backup/autorestore/wp-content/plugins/bulletproof-security/includes/class.php): Failed to open stream: No such file or directory in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-content/plugins/bulletproof-security/includes/arq-cron.php on line 790
    [16-Feb-2022 13:51:31 UTC] PHP Warning:  rename(/tmp/latest-n0Xzxb.tmp,wordpress-5.9.zip): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-admin/includes/file.php on line 1201
    [16-Feb-2022 13:51:40 UTC] PHP Warning:  rename(/tmp/google-authenticator.0.53-L7T5qQ.tmp,google-authenticator.0.53.zip): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-admin/includes/file.php on line 1201
    [16-Feb-2022 13:51:47 UTC] PHP Warning:  rename(/tmp/twentytwentytwo.1.0-80aJBT.tmp,twentytwentytwo.1.0.zip): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-admin/includes/file.php on line 1201
    [18-Feb-2022 13:07:52 UTC] PHP Warning:  rename(/tmp/pl_PL-DocEe2.tmp,wordpress-5.9-pl_pl.zip): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-admin/includes/file.php on line 1201
    [20-Feb-2022 20:18:42 UTC] PHP Warning:  file_get_contents(/usr/home/fw190/domains/infolotnicze.pl/public_html/wp-content/plugins/dreamobjects/aws/Aws/Ec2/Resources/ec2-2014-10-01.php): Failed to open stream: No such file or directory in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php on line 2206
    [20-Feb-2022 20:18:43 UTC] PHP Warning:  unlink(/tmp//.ICE-unix): Operation not permitted in /usr/home/fw190/domains/infolotnicze.pl/public_html/wp-content/plugins/bulletproof-security/includes/mscan-ajax-functions.php on line 2461
    AITpro Admin

    You have an nginx server.  So htaccess files are not processed by nginx and are instead ignored. So that means the xmlrpc.php file is being blocked by your web host and not BPS or anything else that uses htaccess code.

    This looks similar to an open_basedir problem or Jail problem, but you typically would see open_basedir or Jail in the php error message.  My guess is you have an Ownership problem occurring.  The Owner of all your website folders and files should be the same.  You can check that on the BPS Pro > System Info page under the folder/file Ownership and Permissions table.

Viewing 6 posts - 1 through 6 (of 6 total)
  • You must be logged in to reply to this topic.