Hello @floadrmd 👋
If your security policy is preventing the plugin from connecting and you are unable to adjust it you’ll want to manually add the OptinMonster embed code to your site instead.
You can copy the embed code from your OptinMonster account, and place it in the footer.php template file, just before the closing </body> tag.
See our general embed guide here to get started: https://optinmonster.com/docs/how-to-add-optinmonster-to-any-website/
Hi @ericakfranz,
Thank you for suggesting this alternative integration.
I’m curious to understand why the plugin is using HTTP connections instead of HTTPS.
Is there a specific reason for this choice? Also, is there a way to enforce HTTPS for all these connections?
Thanks again for your help!
Hello @floadrmd 👋
So glad I could help!
I’d like to reassure you that the OptinMonster plugin always communicates with our servers securely over HTTPS (which uses port 443). Your concern is completely valid, but thankfully, an insecure connection attempt is not what’s occurring.
The key to understanding the problem is the error itself: cURL error 28. This is a standard timeout error. It means your server tried to establish a connection with our API at api.omwpapi.com, but our server did not respond back to your server within the time limit set by your server’s configuration.
The mention of ‘port 80’ in the error message is a bit of a red herring. When a cURL connection times out and fails to establish properly, the error reporting can sometimes default to showing the standard, non-secure HTTP port (80), even though the actual connection attempt was correctly and securely aimed at port 443.
So, the issue isn’t about connecting to the wrong port, but rather that the connection is being blocked or interrupted, causing it to time out. This is almost always caused by a setting in your site’s hosting environment.
If you would like to pursue using the plugin here are some things you can further investigate in allowing the connection to pass successfully:
- A Firewall or Security Plugin: Most often, a firewall on your web server or a WordPress security plugin (like Wordfence, Sucuri, iThemes Security, etc.) is blocking the outgoing connection from your server to our API.
- How to Fix: You or your developer will need to “whitelist” or “allow” our API domain to ensure it’s not being blocked. The domain to whitelist is:
api.omwpapi.com. You may need to check the settings or logs in your security plugin or ask your hosting provider to do this for you.
- Hosting Provider Restrictions: Some web hosts, particularly on shared plans, block or limit outgoing connections from websites to prevent abuse.
- How to Fix: You will need to contact your hosting provider’s support team. You can ask them the following question: “My website is getting a
cURL error 28 when trying to connect to api.omwpapi.com. Can you please check if you are blocking outgoing requests to this domain and, if so, allow them?”
In summary, this is a server connectivity issue, not a security flaw in the OptinMonster plugin. Your server is having trouble reaching our API, which is leading to a timeout.
Let me know if I can further assist. 🙂
