Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#50918 closed defect (bug) (invalid)

Failed to update to WordPress 5.5

Reported by: stinatreats's profile stinatreats Owned by:
Milestone: Priority: normal
Severity: major Version: 5.5
Component: Upgrade/Install Keywords:
Focuses: Cc:


Hi there,

My site is
I've tried to update WordPress to version 5.5 but failed with the following prompt. Please advice. Thank you!

Download failed.: The checksum of the file (d41d8cd98f00b204e9800998ecf8427e) does not match the expected checksum value (494096091668ab9bd591a32331bc128b).

Installation Failed

Change History (5)

#1 @johnbillion
4 years ago

  • Component changed from General to Upgrade/Install
  • Keywords reporter-feedback added
  • Version changed from 5.4.2 to 5.5

Welcome and thanks for the report @stinatreats .

Are you able to try this update again please?

#2 @stinatreats
4 years ago

Hello @johnbillion , I tried again just now but it still didn't work.

#3 @desrosj
4 years ago

  • Keywords reporter-feedback removed
  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @stinatreats,

I've been talking this through with @johnbillion separately, and this one is definitely odd. I don't think there is anything that the Core team or contributors can do to help.

The checksums that are mentioned in your report (which are just MD5 hashes of the ZIP file) do not match up with any WordPress release (you can find all of the checksums for past releases on the Release Archive page.

Doing a basic search for the expected hash yields no results anywhere. However, a search for the file hash as determined by the server indicates that is the MD5 hash for a 0 bytes (which is typically used maliciously). This can be verified in this simple example.

There are a few possible issues that could be happening. Some of these are vary far reaches, but they theoretically could be contributing to the issue you are seeing in some way.

  • The server could be out of space or encountering an inability to write the file. When the server attempts to retrieve the WP update ZIP file, it would "drop" the resulting download because it cannot fit or be written. If the server runs md5() on the file it _thinks_ it received, that would generate a 0 byte hash (d41d8cd98f00b204e9800998ecf8427e). But this wouldn't explain the other mysterious hash.
  • The server could be encountering a network hiccup and is receiving a 0 byte 200 response. This would also result in d41d8cd98f00b204e9800998ecf8427e as an MD5 hash.
  • If the update was attempted over HTTPS and a network issue was encountered resulting in a zero byte file, the TLS decryption would fail and there would be a different error message. It's possible that the update is still being attempted over HTTP even though your site is HTTPS.
  • It's possible (though highly unlikely) that some type of cached version of the WordPress upgrade package is being served by your hosting company.
  • It's possible your hosting company is intercepting the update request and offering a modified version of WordPress (though highly unlikely).
  • It's possible that something is redirecting the update requests on your site to a malicious source.

I recommend that you reach out to your hosting company for further help debugging as these are not things we can help you with.

If you are able to figure it out, feel free to circle back and share your findings!

#4 @dd32
4 years ago

For future reference for others..

The MD5 494096091668ab9bd591a32331bc128b here was for the file, so an expected hash value. As it's a package that's only used by WordPress during upgrade, the hash isn't exposed anywhere on currently (6e346d80366a88d373de737d10f22008 for would also be valid and expected)

This error is related to WP_HTTP "successfully" downloading the file, but the MD5 of the downloaded file did not match the Content-MD5 header supplied by the server. This indicates a failure of the HTTP transport (or far more unlikely a MITM attack or caching server failure).

In this case, the download was "successful" but likely corrupt, either due to a network or filesystem issue. Retrying the update operation would likely succeed.

As noted above, d41d8cd98f00b204e9800998ecf8427e is the MD5 for an empty file, I suspect a filesystem-related failure.

#5 @SergeyBiryukov
4 years ago

  • Summary changed from Failed to WordPress 5.5 to Failed to update to WordPress 5.5
Note: See TracTickets for help on using tickets.