Seeing the ‘Unable to establish a secure connection’ error in WordPress can be frustrating. This common error typically occurs when you try to install or update a plugin or theme from the official WordPress.org directory.
In our experience, understanding the potential causes of the error is the first step to solving it.
So, in this article, we’ll start by clearly explaining the reasons behind the error message. After that, we’ll go on to provide simple solutions to fix the secure connection error in WordPress.
What Causes the Unable to Establish Secure Connection Error in WordPress?
WordPress comes with a built-in system to manage updates. This system regularly checks for updates and shows notifications for you to install plugin and theme updates.
However, it needs to connect to the WordPress.org website in order to check for updates or install them. Due to some misconfiguration on your WordPress hosting server, your website may fail to connect with the WordPress.org website.
This will result in a secure connection error, and you will see an error message like this:
An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums. (WordPress could not establish a secure connection to WordPress.org. Please contact your server administrator.) in /home/username/public_html/wp-admin/includes/update.php on line 122
That being said, let’s see how to easily fix the secure connection error in WordPress.
Fixing Secure Connection Error in WordPress
There are multiple ways to fix the unexpected secure connection error in WordPress. You can try one of the following solutions based on your situation.
Hosting and Server Related Issues
If your shared hosting server is under a DDoS attack, then it is likely that the connection to WordPress.org will timeout causing the secure connection error.
In that case, you can wait for a few minutes and try again. If the error persists, then you need to reach out to your web hosting provider’s support team.
Cloud or VPS Server Connectivity Issue
If you are on a cloud server or VPS hosting, then it is possible that your server is unable to connect to WordPress.org due to some DNS issues.
In that case, you can point your server directly to WordPress.org servers. You will need to connect to your server using SSH.
SSH is short for secure shell which is an encrypted protocol that allows you to connect to your server using command line tools.
Windows users can use a tool called PuTTy whereas macOS and Linux users can use the terminal app.
You will need login credentials for the account with shell access to your hosting account. You can get this information from your hosting account’s cPanel dashboard or ask your web hosting server provider.
In the terminal, you can connect to your server like this:
ssh username@example.com
Don’t forget to replace ‘username’ with your own username and ‘example.com’ with your own domain name.
Once connected, you need to run the following command:
sudo nano /etc/hosts
This will open a file, and you will need to add the following code at the bottom of the file:
198.143.164.251 api.wordpress.org
You can now save your changes and exit the editor. Visit your WordPress website to see if this has resolved the error.
Fixing WordPress Secure Connection Error on Localhost
If you are running WordPress on your own computer (localhost), then you may not have the cURL extension enabled for PHP. This extension is required to access Wordpress.org for updates.
You will need to edit the php.ini file on your computer. This file is usually located in the PHP folder of your MAMP, XAMPP, or WAMP folder.
If you are on a Windows computer, then look for the following line:
;extension=php_curl.dll
Mac and Linux users would have to look for this line:
;extension=curl.so
Now you need to remove the semicolon before the text to enable the extension. Don’t forget to save your php.ini file.
Lastly, don’t forget to restart the Apache server for changes to take effect.
Check Open Ports in Your Firewall
If the cURL extension is properly installed on your local server, then the next step is to check your internet connection firewall.
Your computer’s firewall may be blocking outgoing connections from the local server to WordPress.org. If you are on Windows, then press the Start button and search for ‘Windows Firewall’. Mac users can find firewall settings in System Settings » Network » Firewall.
You need to add Apache to your firewall’s allowed programs and allow both incoming and outgoing connections.
You will need to restart Apache for your changes to take effect.
We hope this article helped you solve the WordPress secure connection error. You may also want to see our ultimate step-by-step WordPress security guide for beginners and our expert pick of the best Twitter plugins for WordPress.
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
samaneh
hey guys
whenever I want to search a new plugin in my wordpress dashboard i see this error and it doesn’t list any plugins there, what can I do?
“An unexpected error occurred. Something may be wrong with WordPress.org or this server’s configuration. If you continue to have problems, please try the support forums.”
WPBeginner Support
If the method in this guide does not work for you, we would recommend reaching out to your hosting provider to ensure there are no errors on their end.
Admin
Barnaby
I actually had to remove the ‘66.155.40.202 api.wordpress.org’ from /etc/hosts/ to make it work (it must have been there from an old wordpress project)
WPBeginner Support
Thanks for sharing what worked for you
Admin
Jon Curtis
Another reason one can get this error is when WP_HTTP_BLOCK_EXTERNAL is set in wp-config.
I had set this in order to work on a local server while offline, and needed to stop WP from timing out and slowing the site down. But then forgot to turn it back on when I got back online.
WPBeginner Support
Thanks for sharing that for those who may have added this and are looking for other reasons for this error.
Admin
Zubayr Ahmed
Sir, in my php.ini there is no file as “;extension=php_curl.dll or extension=php_curl.dll” what should I do?
WPBeginner Support
You would want to ensure php_curl is installed and if it is, you would want to try the other recommendations in the article
Admin
Neel
I simply changed the php version to second latest in the cpanel and it seems to have worked out..
no other changes made
WPBeginner Support
Your host may have made some automatic changes when updating your php but thank you for sharing what worked for you
Admin
Bipul
Thank you for the post , WP new API IP is 198.143.164.251, so it might be 198.143.164.251 api.wordpress.org
WPBeginner Support
Thank you for sharing that IP should someone have trouble
Admin
Anisur Rahman
Thank you so much brother for sharing the updated API IP, Now solved the issue, that was a headache for me. Thanks once again.
Wayne Mwandi
Thank you kind Sir. This was extremely helpful.
Sankacoffee
Beware, the IP for api.wordpress.org is not correct anymore, anyone having this problem, just write “ping api.wordpress.org” in the console and take the IP from the results of your ping.
WPBeginner Support
Thank you for letting us know that they updated their IP, we’ll certainly look into clarifying the IP in our article
Admin
Akin
Please I have tried everything you mentioned above but still receiving same error message. I installed wpV4.9.8 on windows 8.1. What do I do?
Vivek
Hello ,
First thanks for sharing post. I have done all steps you given but thereafter my wordpress on localhost giving same error. any other step remaining.
I install wordpress 4.9.0 on windows 8.1
Thanks
Aqib
I have read https://www.wpbeginner.com/wordpress-security/ this guide of your in which you mentioned that username must not be admin for security purposes but username is easy to identify by clicking on author name.
So, keeping the username as admin doesn’t cause any security risk as new username is also identifiable
WPBeginner Support
Hi Aqib,
Many common malware installation hacks use commonly used user names in order to break into your website. Username admin is on top of their automated scripts. You are right there are other attempts that try to guess usernames, here is how to discourage brute force by blocking author scans in WordPress.
Admin