Operating system: Debian
OS version: 9
attempting to update a wordpress on virtual server and i get the following error…(individual plugins also fail to update as well)
Update WordPress
Downloading update from https://downloads.wordpress.org/release/wordpress-5.7.2-new-bundled.zip…
The authenticity of wordpress-5.7.2-new-bundled.zip could not be verified as no signature was found.
Unpacking the update…
Could not create directory.
Installation failed.
The most recent virtual server error immediately after i try to run automatic wordpress update is as follows:
[Sat Jun 26 10:06:09.823147 2021] [:error] [pid 17096:tid 140560237025024] [client 180.149.125.175:25979] [client 180.149.125.175] ModSecurity: Warning. Pattern match “^[\\d.:]+$” at REQUEST_HEADERS:Host. [file “/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf”] [line “793”] [id “920350”] [rev “2”] [msg “Host header is a numeric IP address”] [data “104.156.233.188”] [severity “WARNING”] [ver “OWASP_CRS/3.0.0”] [maturity “9”] [accuracy “9”] [tag “application-multi”] [tag “language-multi”] [tag “platform-multi”] [tag “attack-protocol”] [tag “OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST”] [tag “WASCTC/WASC-21”] [tag “OWASP_TOP_10/A7”] [tag “PCI/6.5.10”] [hostname “104.156.233.188”] [uri “/”] [unique_id “YNZvcWic6bwAAELIs2MAAAAQ”]
I dont even know what this log file error means for problem solving the wordpress core auto update issue
EDIT
I changed setting in mod security such that
SecRuleEngine DetectionOnly
restarted apache
still get the same error when i try to run wordpress core updates.