WordPress Site Health, How to fix cURL error 28 for REST API failure?

The digital world is currently experiencing incredible growth and change. Competition leads to the search and development of new ways to capture the market, as well as tools that could do this as efficiently and quickly as possible.

Due to the need to be the most competitive in their niche, digital applications are increasingly being improved and updated providing their users with a wider range of options and capabilities. Which in turn leads to the fact that applications require regular updates and corrections to maintain maximum efficiency. However, with this approach, there is one drawback – a fairly frequent update often leads to appearing more compatibility errors.

In our example, such kind of errors was caused by the new version of WordPress 5.2 and the introduction of a new tool called Site Health.

You may have already seen similar errors when using the new Site Health tool. Their description on the Status page of Site Health tool is as follows

The REST API encountered an error
The REST API request failed due to an error.
Error: cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received (http_request_failed)

Your site could not complete a loopback request
The loopback request to your site failed, this means features relying on them are not currently working as expected.
Error: cURL error 28: Operation timed out after 10000 milliseconds with 0 bytes received (http_request_failed)

What causes the issue

REST API and loopback requests issues due to cURL error 28 is happening due to the fact that PHP script in curl waits for the session to free itself from the first script that calls the API.

In most cases, the real reason of the above errors is the incorrect mechanism for using PHP sessions within plugins or themes when they are using the session_start () function.

For example, within some plugins or themes, you can find a similar to below piece of code that is responsible for a PHP session activation and may cause the above errors.

function custom_session_init()
    if ( !session_id() ) {

Manually check for plugins and theme compatibility

One of the best way to find the source of the issue is to deactivate all plugins and switch to a default WordPress theme like Twenty Twenty or similar. If issues disappear then you need to activate your plugins one by one, until you will see the error on Status tab of WordPress Site Health tool. Then you need to check your custom theme by activating it and disabling all plugins.

Step by step guide:

  1. Create your WordPress site backup. You can do this manually or by using a backup plugin such as BackupBuddy
  2. Log in to your WordPress site
  3. Go to Appearance -> Themes
  4. Install and activate the latest default WordPress theme, for example, Twenty Twenty. Be careful, in some cases(custom themes), the settings or widgets may be reset.
  5. Go to Plugins -> Installed plugins
  6. Choose all plugins and deactivate them
  7. Activate one plugin at a time and check the Status page of Site Health tool
  8. Repeat step 7 until you will find the issue
  9. If you do not find the issue during plugin check than keep all plugins deactivated. Switch to your custom theme and check whether your theme causes the issue.

How to fix REST API and Loopback request issues due to cURL error 28

1. WordPress Native PHP Sessions Plugin

According to the statement of the WordPress team – WordPress does not use sessions in any way at all. All user states controlled with cookies.

It also means you should avoid using a session within your code for WordPress. However, if your site or plugin requires using PHP sessions for some specific tasks and you can’t avoid using sessions, you can try WordPress Native PHP Sessions Plugin.

The plugin will not solve all session based issues, but in the particular case it may help. If after installing this plugin errors will still be present, you need to consider other solutions to this problem using one of the tips below.

2. Use session_write_close()

PHP sessions created with session_start() function may cause issues with REST API and loopback requests due to cURL error 28. According to recommendations of WordPress core team active PHP session should be closed before making any HTTP requests

In order to close an active session, you can to use one of the two options below

1) If you need to make changes to the session, then after entering the data, close the session from writing:


2) If you are sure that you do not need to make changes to the session data, use the read_and_close option when starting the session:

    'read_and_close' => true,

3. Use cookie

A cookie is a small portion of data which web server sends to the user’s browser. After receiving the piece data, the browser saves it locally on computer. Next time when you are requesting another page from the same server, browser sends the cookie back to the server inside Cookie HTTP header.

Usually, cookie used for recording and analyzing user behavior, storing using preferences and settings, shopping carts, logins, and any other data that server should remember.

How to create, update and delete cookie

In order to set cookies we need to use the PHP function setcookie(options) which can accept various options, such as:

  • Name – name of the cookie
  • Value – a piece of data which you want to store
  • Expires – time during which cookies exist
  • Path – the path on the server in which the cookie will be available on
  • Domain – the (sub)domain that the cookie is available to
  • Secure – Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client
  • httponly – When TRUE the cookie will be made accessible only through the HTTP protocol. This means that the cookie won’t be accessible by scripting languages, such as JavaScript
setcookie(name, value, expire, path, domain, secure, httponly);


To create cookies, you just need to add a few simple lines of PHP code to function.php file of you active theme or inside your custom plugin files. In the example below, you can see how to create a ‘map_data cookie’ cookie with 30 days lifetime which containing value ‘John’

$cookie_name = 'mwp_data_cookie'; // set the name of the cookie
$cookie_value = 'John'; // set the value of the cookie
$cookie_expire = time() + 60*60*24*30; // set cookie lifetime for 30 days
setcookie($cookie_name, $cookie_value, $cookie_expire); //  30 days

Next piece of code will show you how to receive cookie value:

// Now you can receive cookie value
if(!isset($_COOKIE[$cookie_name])) {
        print 'Cookie "' . $cookie_name . '" does not exist';
} else {
        print 'Cookie "' . $cookie_name . '" value is:'.$_COOKIE[$cookie_name];


In order to update cookie you need to overwrite it with a new one by using the same name.

$cookie_name = 'mwp_data_cookie'; // set the name of the cookie
$cookie_value = 'John Doe'; // set updated value of the cookie
$cookie_expire = time() + 60*60*24*30; // set cookie lifetime for 30 days
setcookie($cookie_name, $cookie_value, $cookie_expire); //  30 


If you want to delete the cookie you need to set date in the past, to trigger the removal process.

$cookie_name = 'mwp_data_cookie';
setcookie($cookie_name, '', time() - 3600); // set expiration date 1 hour ago

If you don’t know how to program or don’t want to do it on your own, then you better find a good developer and assign this task to him. Or you can just contact us

See Also: WordPress site health guide: How to get 100% check score?

8 thoughts on “WordPress Site Health, How to fix cURL error 28 for REST API failure?

    1. Usually, this code is placed in the main plugin file and initiated with wordpress “action”.

      function custom_session_init() { if ( !session_id() ) { @session_start(); } }

      add_action( 'init', 'custom_session_init' );

      Please remember, this may cause to the REST API and loopback requests issues due to cURL error 28

  1. Can someone please help me. I received this message and don’t know how to fix it. I looked at the answers that were given but I still don’t understand. “A PHP session was created by a session_start() function call. This interferes with REST API and loopback requests. The session should be closed by session_write_close() before making any HTTP requests.”

  2. First of all, you need to determine the source of the error. It can be either one of the plugins or a custom WordPress theme that uses PHP session. The following code session_start() is responsible for initializing the PHP sessions.

    In your case :

    1) Please read, “Manually check for plugins and theme compatibility” in the article.

    2) You can hire a web developer whom will fix the issue

Leave a Reply

Your email address will not be published. Required fields are marked *