Error: cURL error 28: Operation timed out after X milliseconds

I mostly face this error in all my WordPress admin panels in plugin updates or any other external operation
I have seen many community threads but couldn’t find any useful

It would be greatly appreciated if someone could get this solved and let me know how actions to take in cyberpanel admin panel


Hello @ideveloppro

cURL operation timed out. Check PHP memory limit, PHP timeout settings, WordPress timeout settings, Firewall settings e.g. CSF or Imunify settings

These are the PHP settings, I guess they are fine. Let me know your view

I am using CSF not imunify
These are the following settings, let me know if you can find anything wrong

Also, it would be great if you can share what security settings are best to set in cyberpanel so that I don’t face these types of problem next

Hello @ideveloppro

It could also be caused by a plugin. Check your wordpress plugins. To check for a plugin conflict you can temporarily deactivate all other plugins, and then see if it Screenshot by Lightshot this works like try to update wordpress core.

  • First disable all security modules - CSF, modsecurity etc

  • Secondly disable all plugins

  • Test if you can update WordPress core

  • Activate plugins one by one testing editing a post or page/ updating core/ leveraging WP-REST API etc

Post here if you need more clarification

Till I know, the firewall is the one conflicting because this is happening in all WordPress accounts and they have been built for 2 3 years running on other servers and now on cyberpanel so it’s not about plugins

Can you share with me the best settings for cyberpanel firewall CSF/ModSecurity etc


Personally I do not use CyberPanel ModSecurity because development stopped long time ago. And i do not recommend it for any of my customers. Prefer CloudFlare WAF, Imunify

As for CSF its just a packet inspection app that from experience only stops intrusions such as bruteforce exploitations such as wordpress XMLRPC. The default configuration is sufficient enough. Install as is and csf will do the rest. Prefer CrowdSec

I am not using ModSecurity in my server (screenshots below)

My CSF is turned on in cyberpanel

Let me know if I can do anything else then this

I see you have an extra rule in the ModSecurity rules. The default is sually modsecurity SecRule 99999

SecRule ARGS "\.\./" "t:normalisePathWin,id:99999,severity:4,msg:'Drive Access' ,log,auditlog,deny",

and nothing else. WordPress should run as expected