Error 521 is a Cloudflare-specific error message (like error 520) that appears when your WordPress site’s server refuses a connection with Cloudflare.
In this post, you’ll learn:
- More about what the Error 521 message is
- What causes the Error 521 message
- How to fix Error 521 for Cloudflare and WordPress
What is Error 521 Web Server is Down?
As you learned above, the Error 521 message is an error message that’s specific to Cloudflare.
Essentially, it means that your web browser was able to successfully connect to Cloudflare, but Cloudflare was not able to connect to the origin web server – AKA your WordPress site’s server.
Specifically, Cloudflare tried to connect to your WordPress site’s server but received a connection refused error in response.
Because Cloudflare cannot connect to your site, it’s unable to display your site to visitors and shows the Error 521 message instead:
What Causes the Error 521 Message?
Typically, the Error 521 message is caused by one of two situations:
First, your WordPress site’s server may be down. Even if everything else is configured properly, if your WordPress site’s server is offline, Cloudflare simply won’t be able to connect.
Second, your web server might be running fine but blocking Cloudflare’s requests for some reason. Because of how Cloudflare works, some server-side security solutions might inadvertently block Cloudflare’s IP addresses.
Because Cloudflare is a reverse proxy, all of the traffic coming to your origin server will appear as if it’s coming from a small range of Cloudflare IPs (rather than each individual visitor’s unique IP address). As such, some security solutions will view high traffic from a limited number of IP addresses as an attack and block them.
When that happens, Cloudflare won’t be able to connect and will display the Error 521 message instead.
How to Fix Error 521 for Cloudflare and WordPress
Now that you know what’s happening, let’s dig into how to fix Error 521 in WordPress.
Step 1: Test if the Origin Server is Online
Before going any further, you’ll want to make sure that your WordPress site’s server is online and functioning normally. If it’s not, there’s no sense digging into further troubleshooting steps.
To test this, you can run a cURL command. If you’re on Mac or Linux, you can run this right from Terminal.
Windows doesn’t have cURL installed by default and, while you can install it, a simpler way is to use KeyCDN’s online HTTP Header Check tool.
All you do is plug in http://1.2.3.4, where 1.2.3.4 is the actual IP address of your server.
If you host at Kinsta, you can find your server IP address in the Sites tab:
Or, you can also take it from the A record for your domain in the DNS area of the Cloudflare web dashboard.
If your server is up, you should see an HTTP 200 response. Or, if you host at Kinsta, you’ll see 404 Not Found, which also means the web server is up (there’s just no page associated with that IP):
If there’s a problem, you’ll see something like Host Not Found or Failed to connect:
If there’s a problem with your server and you’re not sure what’s going on, reach out to your host’s support (you can access Kinsta support from anywhere in your dashboard via the Intercom widget).
Step 2: Whitelist all Cloudflare IP ranges in your server’s firewall
If your WordPress site’s server is functioning normally but you still see the Error 521 message when you try to access your site, the next step is to whitelist all of Cloudflare’s IP ranges to make sure that your server isn’t blocking them.
Here’s a full list of Cloudflare’s IP ranges.
You’ll want to make sure you aren’t blocking these IP addresses in .htaccess, iptables, or your firewall. And you’ll also want to make sure that your hosting provider isn’t rate limiting or blocking IP requests from Cloudflare’s IP addresses.
If you’re not sure how to do this, reach out to your host’s support. At Kinsta, these IP ranges should already be whitelisted.
Step 3: Consider more specific issues
Finally, here are some more specific technical steps you can take, depending on your server’s configuration.
1) If you just started using Cloudflare’s HTTPS, your origin server might not be configured to allow Cloudflare’s IP addresses to access port 443. If you can’t configure your firewall to allow this, try using Flexible SSL instead of Full SSL at Cloudflare.
2) Make sure you’re using the most recent versions of Bad Behavior or mod_security, if applicable.
3) If you’re using the mod_antiloris or mod_reqtimeout Apache modules, disable and unload those modules.
Conclusion
If you host at Kinsta and are still experiencing the 521 Error after implementing these tweaks, our support will be able to help – just reach out through the Intercom chat widget in your Kinsta dashboard.
Suggested reading: How to Set up Cloudflare APO for WordPress and How to Fix the “SSL Handshake Failed” Error (5 Methods).