So you’re trying to use your favorite WordPress plugin but an ugly cURL error 28 is being displayed in your screen or error log… Something like
cURL error 28: Connection timed out after X milliseconds
cURL error 28: Operation timed out after X milliseconds with 0 out of 0 bytes received
What’s going on? If you search in Google you will find that in fact it’s a very common issue and it’s not tied to any plugin or WordPress itself, it’s something directly related with a server component, the cURL library, so it can affect to any web software using cURL.
In this article I’m going to explain you a few things that hopefully will help you to understand what’s the issue and things that you may check in order to fix it.
But what the hell is cURL?
When talking about WordPress, cURL is a PHP library that helps WordPress to communicate with other sites. Being a PHP library means that if you’re using an obsolete PHP version (anything older than PHP 7.0) you’re for sure also using an obsolete cURL version. So the first thing you need to do if you’re having issues with cURL is to upgrade your PHP version to at least 7.0.x or the latest PHP 7.x stable release.
Note that on some server setups (e.g. cheap shared hosting) selecting a newer PHP version to run your site doesn’t necessarily means that you’re going to use a recent cURL version.
To be clear, I would recommend you to ensure that your site meet actual requirements for secure connections. Your server must be able to perform connections using SHA-2 and TLS 1.2, as this is required for third-party services as PayPal, Stripe, Authorize.net and many others that are using the HTTPS protocol to ensure privacy in connections to their services. So make a favor to yourself and ensure that your site is hosted on a server with at least cURL version 7.34.0 or higher, a recent build of OpenSSL/1.0.1 or higher (another library) and also a recent version of PHP, currently 7.1 is the recommended choice.
I have an up to date PHP, cURL and OpenSSL but still getting cURL error 28
The cURL error 28 literally means that your site tried to perform a request using the cURL library but the specified timeout period was reached before getting a successful result for the request.
In general terms, this could be caused by a very short timeout time specified for the cURL request or because the server is not able to establish the connection or complete the operation before reaching the timeout for whatever reason.
Things to check in the server
If you already checked that you’re running the recent versions mentioned above. Other common causes at server side for this error are:
- Issues with the DNS resolving (your server is not able to resolve the IP for the third-party domain or at least not in time).
- Firewalls or security modules (e.g. mod_security ) blocking the outgoing request.
- Your host is not able to “talk” with the third-party server due to unavailable required protocols. This can occur if the server has a recent cURL/OpenSSL but it’s not correctly configured to use TLS 1.2 as SSL procotol.
- Network issues (something at network level prevents your server to reach the third-party server).
- Your server is blocking connections to your own site. Some hosts don’t allow sites hosted in their servers to connect their self using cURL. It’s very common for a WordPress site to perform connections to itself (e.g. AJAX requests) and I can’t see any valid reason to apply this blocking in a server. But for some reason there are many hosts doing this (specially in cheap hosting plans). So you will want to contact with your host support about this and request to remove that limitation if it’s set in the server.
- Something in the site setup disabled certificate validation and the host doesn’t allow requests without certification validation.
These are only a few things, the most common causes, your server admin should be able to check anything that could cause cURL to fail at server side.
Also checking the PHP and web server (Apache, nginx, etc) error logs can probably give you additional information about what’s going on. If you don’t have access to these logs ask for them to your server admin.
Things to check in WordPress when cURL fails
First thing I would recommend you to do is to enforce the certificate validation by using the https_local_ssl_verify filter in your theme’s functions.php file or a custom functionality plugin:
If the above doesn’t help try setting a higher timeout value. By default WordPress set the timeout value in wp-includes/class-wp-http-curl.php to 5 seconds and the same value is also set in wp-includes/class-http.php that is a newer class for making HTTP requests that can use also cURL if it’s present in the server.
You may think that 5 seconds is a very short time, but in terms of doing an HTTP request 5 seconds should be enough in most cases.
Anyway this value can be overridden using a few WordPress core filers: http_api_curl, http_request_timeout or http_request_args. Below you can find an example of how to set the timeout value to 30 seconds using all these filters.
To troubleshoot the issue you can temporarily set the timeout value to a crazy high value like 120 seconds just to see if the HTTP request is completed at some point… Bear in mind with this value in the timeout you will need to wait up to 2 minutes to see the result.
You can also use the Core Control plugin to monitor all outgoing connections done by WordPress providing you a lot of useful information like the time taken for the request and even the response headers and body. It’s a very handy companion for the troubleshooting!
Another WordPress plugin that can help you is TLS 1.2 Compatibility Test, with this plugin you can test your server compatibility for TLS 1.2 directly in your WP dashboard.
The third-party side of things
If your site is trying to connect to a third-party server, you need to keep in mind also that you don’t have any control over the third-party server, and they could have also issues at their side or things (e.g. server busy or network issues) or they could be blocking your requests… So if all other fails you should start considering this also and try to contact with the third-party service for assistance.
And… That’s all Folks! ;) Let me know in the comments if you found this post useful.