Sooner or later, every website runs into a bug or error that’s difficult to troubleshoot. Often, that’s because the error itself doesn’t give you many details. The 429 Too Many Requests error is one such example.
We know what its most common causes are, fortunately. Since there are several potential culprits, however, you’ll often need to try more than one fix before you can resolve it.
In this article, we’re going to talk about what causes the 429 Too Many Requests error and what it looks like. Then we’ll go over five ways you can troubleshoot your website if you ever run into this particular issue. Let’s get to work!
How to Fix 429 Too Many Requests in WordPress:
You’re receiving the 429 Too Many Requests error message because the user has sent too many requests in a given amount of time (could be a plugin, a DDos, or something else). It’s a server telling you to please stop sending requests.
To fix it in WordPress, try one of these 5 methods:
- Change your WordPress default login URL
- Check whether your HTTPS internal links are causing the issue
- Deactivate all your WordPress plugin
- Switch to a default WordPress theme
- Contact your hosting provider
What Causes the 429 Too Many Requests Error
In some cases, when your server detects that a user agent is trying to access a specific page too often in a short period of time, it triggers a rate-limiting feature. The most common example of this is when a user (or an attacker) repeatedly tries to log into your site.
However, your server may also identify users with cookies, rather than by their login credentials. Requests may also be counted on a per-request basis, across your server, or across several servers. So there are a variety of situations that can result in you seeing an error like one of these:
- 429 Too Many Requests
- 429 Error
- HTTP 429
- Error 429 (Too Many Requests)
The error may also include additional details regarding the reason for the 429 status code, and how long the user must wait before attempting to log in again. Here’s an example of what that might look like:
HTTP/1.1 429 Too Many Requests Content-type: text/html Retry-After: 3600
<html> <head> <title>Too Many Requests</title> </head> <body> <h1>Too Many Requests</h1> <p>I only allow 50 requests per hour to this website per logged in user. Try again soon. </p> </body> </html>
Regardless of how the error appears, it always means the same thing – there’s a user or a snippet of code that’s overwhelming your server with too many requests. Sometimes, the problem can go away on its own. In other situations, such as those caused by issues with a plugin or Denial of Service (DDoS) attacks, you’ll need to be proactive in order to resolve the error.
The problem is that the 429 error most often affects your login page, which can make it impossible for you to access your website’s dashboard. That can make fixing it a little tricky, but it’s still achievable if you know what to try.
How to Fix the 429 Too Many Requests Error (5 Methods)
As you might imagine, we deal with a lot of WordPress support requests due to the nature of the services we offer. That means we’re intimately familiar with the 429 error, and its many potential causes.
In the following sections, we’ll cover five of the most common causes we’ve seen for the 429 Too Many Requests error in WordPress. For each potential issue, we’ll also teach you how to go about fixing it, so you can get your site back up and running quickly.
1. Change Your WordPress Default Login URL
Brute-force login attempts are one of the leading causes of the 429 error on WordPress websites. One quick way to prevent attackers from trying to break through your WordPress login page is to change its URL from the default option, so they can’t find it in the first place.
By default, you can find your login page by navigating to yourwebsite.com/wp-admin. That’s pretty easy to remember, but it’s also downright insecure since everyone on the web will know exactly where to access it.
The easiest way to change your default WordPress URL is by using the free WPS Hide Login plugin:
Let’s walk through the process of using this particular tool. You’ll first want to install and activate the plugin just as you would any other, and then navigate to the Settings > WPS Hide Login tab in your WordPress dashboard:
Here, you can easily change your login URL by typing in whatever extension you’d like to use. Make sure to stay away from easy-to-guess options such as login, wp-login, and so on. This would defeat the purpose of changing your URL in the first place, so you’ll want to come up with something unique to your site.
Note that this plugin also enables you to redirect users who try to access your old login URL to another page. For example, the default option will show anyone who tries to visit /wp-admin a 404 error page, so they’ll know they’re looking in the wrong place. When you’re done, remember to save the changes to your settings, and you’ll be good to go.
2. Disable the Really Simple SSL Plugin and Replace Your Internal Links
These days, there’s no good reason you shouldn’t have a Secure Sockets Layer (SSL) certificate set up for your website. Likewise, your entire website should load over HTTPS. This is far more secure than using the older HTTP protocol, and it can even have a positive effect on your site’s Search Engine Optimization (SEO).
This plugin’s appeal is that it forces your entire website to load over HTTPS with just a couple of clicks. However, in our experience, it can also lead to occasional bugs. For instance, under some circumstances, it can trigger the 429 error we’ve been talking about.
There’s nothing inherently wrong with this plugin, but it’s definitely not the best way to implement HTTPS use. The problem is that, even if you implement HTTPS manually, you’re still left with the problem of what to do about internal links. Chances are there are a lot of internal links throughout your website, so you’ll need to find a way to replace all of them with their HTTPS versions after disabling the plugin.
First, you’ll want to take care of the plugin itself. If you have access to the WordPress admin area, disabling Really Simple SSL shouldn’t be an issue – just hit Deactivate and you’re done:
Either way, once the Really Simple SSL plugin is gone, the 429 error should be resolved. That means you can access your dashboard to set up a new plugin, which will help you replace all of your internal links in one swoop. That plugin is called Search and Replace:
Go ahead and activate the plugin, then navigate to the Tools > Search & Replace tab in WordPress. Inside, select the wp_postmeta table, and then enter the following parameters alongside the Search for and Replace with fields respectively:
Then select the dry run option, which will let you know how many instances of your HTTP URLs the plugin will replace within your database. After that dry run, execute the plugin for real and it will replace all the necessary links.
Keep in mind that after disabling the Really Simple SSL plugin, you’ll also need to set up a site-wide HTTPS redirect using your .htaccess file. This will enable you to implement HTTPS effectively, without the risk of further 429 errors.
3. Temporarily Deactivate All of Your WordPress Plugins
So far, we’ve focused on a single plugin that may cause the 429 error. However, in practice, any plugin could cause this issue if it makes too many external requests. If neither of the above methods leads to a solution in your case, it may be time to try disabling all of your plugins at once, to ensure that they aren’t the problem.
For this section, we’ll assume you don’t have access to your dashboard and can’t disable plugins the usual way. In that case, you’ll need to access your website via FTP using a client such as Filezilla, and navigate to the public_html/wp-content/ directory.
Inside, there should be several folders, one of which is called plugins:
Right click on that folder, and change its name to something else, such as plugins.deactivated. Once you do that, WordPress won’t be able to ‘find’ any of the plugins, and it will automatically deactivate all of them. However, before you try to access your site again, go ahead and create a new empty folder called plugins, so WordPress will still function as normal.
If the 429 error is gone when you next visit your site, you can assume that one of the plugins you turned off was the culprit. That means you need to narrow down which one caused the problem. To do that, you’ll want to:
- Delete the empty plugins directory you set up a minute ago, and restore the previous folder to its original name.
- Access the plugins directory.
- Rename one of the plugin folders within to anything else, which will deactivate only that specific plugin.
- Try to access your website, and see if the 429 error is gone.
- If the error persists, return that plugin folder to its original name and repeat steps 3 and 4 with the next one.
By moving down your list of active plugins one by one, you should eventually discover which one is the culprit. Once you figure out which plugin is behind the 429 Too Many Requests error, you can delete it altogether, which should fix the issue.
4. Switch to a Default WordPress Theme
If it turns out that a plugin isn’t the cause of your 429 error, it’s possible that your active theme might be at fault. To figure out if that’s the case, you can disable your active theme manually, forcing WordPress to switch to one of the default templates that ships with the CMS.
This process works much the same as disabling plugins manually. You’ll want to launch your trusty FTP client once more, and this time navigate to the public_html/wp-content/themes directory. Once there, look for the folder that corresponds to your active theme and rename it to anything else you want.
If you try to access your website after that, the 429 Too Many Requests error should be gone. You’ll also notice that everything looks quite a bit different. Don’t panic, though, your theme and all of its customizations are still there.
All you need to do is return the theme folder to its original name and activate it once more. If the 429 error returns afterward, then you might need to contact the theme’s developers or consider changing your site’s theme and delete it eventually.
5. Contact Your Host If You Still Can’t Resolve the Error
In some instances, it’s possible that the cause behind the 429 error originated with your server, rather than with your website itself. If this is the case for you, no amount of work on your part will be able to fully resolve the problem.
For example, some web hosts will block requests from specific third-party services or platforms. These can include search engines, crawlers, and other apps (such as Google Search Console) that make large numbers of requests to your website.
Contacting your hosting provider and asking them to allow these requests can solve the issue. Additionally, even if limitations placed on your server by your host aren’t the cause of the problem, they may be able to provide valuable insight and advice that can help you find the correct solution.
Encountering an error on your website is always frustrating. However, as far as errors go, those with number codes at least give you enough information to start fixing them. If you run into the 429 Too Many Requests error, you’ll know that something is overwhelming your server with too many requests, so it’s only a matter of identifying what the source of the problem is.
If you do happen to experience the 429 error, here are five ways you can go about troubleshooting it:
- Change your default WordPress login URL.
- Disable the Really Simple SSL plugin.
- Temporarily deactivate all of your WordPress plugins.
- Switch to a default WordPress theme.
- Contact your host if you still can’t resolve the error.
Do you have any questions about how to fix the 429 Too Many Requests error in WordPress? Let’s talk about them in the comments section below!
If you enjoyed this tutorial, then you'll love our support. All Kinsta's hosting plans include 24/7 support from our veteran WordPress developers and engineers. Chat with the same team that backs our Fortune 500 clients. Check out our plans