Sooner or later, every website runs into a bug or error that’s difficult to troubleshoot. Often, that’s because the error itself doesn’t give you many details. The 429 Too Many Requests error is one such example.
We know what its most common causes are, fortunately. Since there are several potential culprits, however, you’ll often need to try more than one fix before you can resolve it.
In this article, we’re going to talk about what causes the 429 Too Many Requests error and what it looks like. Then we’ll go over five ways you can troubleshoot your website if you ever run into this particular issue. Let’s get to work!
- What is the HTTP 429 Error
- What Causes the 429 Too Many Requests Error
- How to Fix the 429 Too Many Requests Error (5 Methods)
How to Fix 429 Too Many Requests in WordPress:
You’re receiving the 429 Too Many Requests error message because the user has sent too many requests in a given amount of time (could be a plugin, a DDos, or something else). It’s a server telling you to please stop sending requests.
To fix it in WordPress, try one of these 5 methods:
- Change your WordPress default login URL
- Check whether your HTTPS internal links are causing the issue
- Deactivate all your WordPress plugin
- Switch to a default WordPress theme
- Contact your hosting provider
What is the HTTP 429 Error?
The HTTP 429 error is returned when a user has sent too many requests within a short period of time. The 429 status code is intended for use with rate-limiting schemes.
Check Out Our Video Guide to the 429 Too Many Requests Error
What Causes the HTTP 429 Too Many Requests Error
In some cases, when your server detects that a user agent is trying to access a specific page too often in a short period of time, it triggers a rate-limiting feature. The most common example of this is when a user (or an attacker) repeatedly tries to log into your site.
However, your server may also identify users with cookies, rather than by their login credentials. Requests may also be counted on a per-request basis, across your server, or across several servers. So there are a variety of situations that can result in you seeing an error like one of these:
- 429 Too Many Requests
- 429 Error
- HTTP 429
- Error 429 (Too Many Requests)
The error may also include additional details regarding the reason for the 429 status code, and how long the user must wait before attempting to log in again. Here’s an example of what that might look like:
HTTP/1.1 429 Too Many Requests
Content-type: text/html
Retry-After: 3600<html>
<head>
<title>Too Many Requests</title>
</head>
<body>
<h1>Too Many Requests</h1>
<p>I only allow 50 requests per hour to this website per logged in user. Try again soon. </p>
</body>
</html>Regardless of how the error appears, it always means the same thing – there’s a user or a snippet of code that’s overwhelming your server with too many requests. Sometimes, the problem can go away on its own. In other situations, such as those caused by issues with a plugin or Denial of Service (DDoS) attacks, you’ll need to be proactive in order to resolve the error.
The problem is that the 429 error most often affects your login page, which can make it impossible for you to access your website’s dashboard. That can make fixing it a little tricky, but it’s still achievable if you know what to try.
How to Fix the 429 Too Many Requests Error (5 Methods)
As you might imagine, we deal with a lot of WordPress support requests due to the nature of the services we offer. That means we’re intimately familiar with the 429 error, and its many potential causes.
In the following sections, we’ll cover five of the most common causes we’ve seen for the 429 Too Many Requests error in WordPress. For each potential issue, we’ll also teach you how to go about fixing it, so you can get your site back up and running quickly.
1. Change Your WordPress Default Login URL
Brute-force login attempts are one of the leading causes of the 429 error on WordPress websites. One quick way to prevent attackers from trying to break through your WordPress login page is to change its URL from the default option, so they can’t find it in the first place.
By default, you can find your login page by navigating to yourwebsite.com/wp-admin. That’s pretty easy to remember, but it’s also downright insecure since everyone on the web will know exactly where to access it.
The easiest way to change your default WordPress URL is by using the free WPS Hide Login plugin:
Let’s walk through the process of using this particular tool. You’ll first want to install and activate the plugin just as you would any other, and then navigate to the Settings > WPS Hide Login tab in your WordPress dashboard:
Here, you can easily change your login URL by typing in whatever extension you’d like to use. Make sure to stay away from easy-to-guess options such as login, wp-login, and so on. This would defeat the purpose of changing your URL in the first place, so you’ll want to come up with something unique to your site.
Note that this plugin also enables you to redirect users who try to access your old login URL to another page. For example, the default option will show anyone who tries to visit /wp-admin a 404 error page, so they’ll know they’re looking in the wrong place. When you’re done, remember to save the changes to your settings, and you’ll be good to go.
2. Disable the Really Simple SSL Plugin and Replace Your Internal Links
These days, there’s no good reason you shouldn’t have a Secure Sockets Layer (SSL) certificate set up for your website. Likewise, your entire website should load over HTTPS. This is far more secure than using the older HTTP protocol, and it can even have a positive effect on your site’s Search Engine Optimization (SEO).
When it comes to enforcing HTTPS use, you can either use the manual route – such as an .htaccess redirect – or a plugin. One of the most popular choices is Really Simple SSL:
This plugin’s appeal is that it forces your entire website to load over HTTPS with just a couple of clicks. However, in our experience, it can also lead to occasional bugs. For instance, under some circumstances, it can trigger the 429 error we’ve been talking about.
There’s nothing inherently wrong with this plugin, but it’s definitely not the best way to implement HTTPS use. The problem is that, even if you implement HTTPS manually, you’re still left with the problem of what to do about internal links. Chances are there are a lot of internal links throughout your website, so you’ll need to find a way to replace all of them with their HTTPS versions after disabling the plugin.
First, you’ll want to take care of the plugin itself. If you have access to the WordPress admin area, disabling Really Simple SSL shouldn’t be an issue – just hit Deactivate and you’re done:
However since the 429 Too Many Requests Error often blocks you from accessing your dashboard, you might have to take the manual route and disable the plugin using an FTP client.
Either way, once the Really Simple SSL plugin is gone, the 429 error should be resolved. That means you can access your dashboard to set up a new plugin, which will help you replace all of your internal links in one swoop. That plugin is called Search and Replace:
Go ahead and activate the plugin, then navigate to the Tools > Search & Replace tab in WordPress. Inside, select the wp_postmeta table, and then enter the following parameters alongside the Search for and Replace with fields respectively:
If your site uses a non-www domain:
http://yourwebsiteurl.com
https://yourwebsiteurl.com
In some cases, there may be www instances of your domain in the database as well, so we also recommend running another search and replace with the settings below.
http://www.yourwebsiteurl.com
https://yourwebsiteurl.com
If your site uses a www domain:
http://www.yourwebsiteurl.com
https://www.yourwebsiteurl.com
To replace non-www instances of your domain in the database, run another search and replace with the settings below:
http://www.yourwebsiteurl.com
https://yourwebsiteurl.com
Then select the dry run option, which will let you know how many instances of your HTTP URLs the plugin will replace within your database. After that dry run, execute the plugin for real and it will replace all the necessary links.
Keep in mind that after disabling the Really Simple SSL plugin, you’ll also need to set up a site-wide HTTPS redirect using your .htaccess file. This will enable you to implement HTTPS effectively, without the risk of further 429 errors.
3. Temporarily Deactivate All of Your WordPress Plugins
So far, we’ve focused on a single plugin that may cause the 429 error. However, in practice, any plugin could cause this issue if it makes too many external requests. If neither of the above methods leads to a solution in your case, it may be time to try disabling all of your plugins at once, to ensure that they aren’t the problem.
For this section, we’ll assume you don’t have access to your dashboard and can’t disable plugins the usual way. In that case, you’ll need to access your website via FTP using a client such as Filezilla, and navigate to the public_html/wp-content/ directory.
Inside, there should be several folders, one of which is called plugins:
Right click on that folder, and change its name to something else, such as plugins.deactivated. Once you do that, WordPress won’t be able to ‘find’ any of the plugins, and it will automatically deactivate all of them. However, before you try to access your site again, go ahead and create a new empty folder called plugins, so WordPress will still function as normal.
If the 429 error is gone when you next visit your site, you can assume that one of the plugins you turned off was the culprit. That means you need to narrow down which one caused the problem. To do that, you’ll want to:
- Delete the empty plugins directory you set up a minute ago, and restore the previous folder to its original name.
- Access the plugins directory.
- Rename one of the plugin folders within to anything else, which will deactivate only that specific plugin.
- Try to access your website, and see if the 429 error is gone.
- If the error persists, return that plugin folder to its original name and repeat steps 3 and 4 with the next one.
By moving down your list of active plugins one by one, you should eventually discover which one is the culprit. Once you figure out which plugin is behind the 429 Too Many Requests error, you can delete it altogether, which should fix the issue.
4. Switch to a Default WordPress Theme
If it turns out that a plugin isn’t the cause of your 429 error, it’s possible that your active theme might be at fault. To figure out if that’s the case, you can disable your active theme manually, forcing WordPress to switch to one of the default templates that ships with the CMS.
This process works much the same as disabling plugins manually. You’ll want to launch your trusty FTP client once more, and this time navigate to the public_html/wp-content/themes directory. Once there, look for the folder that corresponds to your active theme and rename it to anything else you want.
If you try to access your website after that, the 429 Too Many Requests error should be gone. You’ll also notice that everything looks quite a bit different. Don’t panic, though, your theme and all of its customizations are still there.
All you need to do is return the theme folder to its original name and activate it once more. If the 429 error returns afterward, then you might need to contact the theme’s developers or consider changing your site’s theme and delete it eventually.
5. Contact Your Host If You Still Can’t Resolve the Error
In some instances, it’s possible that the cause behind the 429 error originated with your server, rather than with your website itself. If this is the case for you, no amount of work on your part will be able to fully resolve the problem.
For example, some web hosts will block requests from specific third-party services or platforms. These can include search engines, crawlers, and other apps (such as Google Search Console) that make large numbers of requests to your website.
Contacting your hosting provider and asking them to allow these requests can solve the issue. Additionally, even if limitations placed on your server by your host aren’t the cause of the problem, they may be able to provide valuable insight and advice that can help you find the correct solution.
Getting the 429 Too Many Requests error message? That’s a bummer but don’t despair, we’ve got you covered with our guide!😭🤗Click to Tweet
Summary
Encountering an error on your website is always frustrating. However, as far as errors go, those with number codes at least give you enough information to start fixing them. If you run into the 429 Too Many Requests error, you’ll know that something is overwhelming your server with too many requests, so it’s only a matter of identifying what the source of the problem is.
If you do happen to experience the 429 error, here are five ways you can go about troubleshooting it:
- Change your default WordPress login URL.
- Disable the Really Simple SSL plugin.
- Temporarily deactivate all of your WordPress plugins.
- Switch to a default WordPress theme.
- Contact your host if you still can’t resolve the error.
Do you have any questions about how to fix the 429 Too Many Requests error in WordPress? Let’s talk about them in the comments section below!
При взаимодействии с веб-ресурсами можно столкнуться с различными проблемами. Одна их таких проблем – ошибка с кодом 429 Too Many Requests. Существует две самые распространенные причины возникновения этой ошибки сервера, с которыми нам предстоит разобраться самостоятельно.
Причины появления ошибки сервера 429
DDoS-атаки
Начать следует с того, что чаще всего ошибка 429 сопровождается надписью «The user has sent too many requests in a given amount of time», что означает превышение ограничений по запросам к сайту. Соответственно, именно так происходит предотвращение DDoS-атак, которые и являются основной причиной появления рассматриваемой проблемы. Помимо самого кода, вы увидите и несколько других параметров:
-
Общее количество запросов.
-
Запросы с конкретного IP-адреса в секунду.
-
Количество одновременных запросов.
-
Общее количество запросов с одного IP-адреса.
Если же сама ошибка появляется при использовании поисковых систем или сторонних онлайн-сервисов, которые запрашивают доступ к сайту, вполне возможно, что их блокировка осуществляется со стороны хостинга в связи с тем, что количество запросов превышает ограничение. Для ее решения вам потребуется обратиться напрямую в техническую поддержку с просьбой разрешить подобные запросы.
В случае, когда есть уверенность в том, что ошибка http 429 появилась именно из-за атак на ваш ресурс, советую ознакомиться с отдельным материалом, в котором вы узнаете, как обезопасить себя от DDoS эффективными инструментами и банальными мерами предосторожности.
Подробнее: Способы защиты от DDoS-атаки
Некорректная работа плагинов WordPress
Вторая распространенная причина, которая может быть связана с регулярным появлением неполадки 429, – некорректное функционирование плагинов под управлением CMS WordPress. Для решения этой проблемы потребуется выполнить несколько несложных действий.
Для начала по очереди отключайте каждый установленный скрипт через меню управления этими компонентами. Параллельно проверяйте, появляется ли ошибка. Да, на выполнение этой задачи может уйти много времени, однако это самый эффективный метод выявления плагина, который является триггером. Отметим, что сразу несколько компонентов могут вызывать проблему, поэтому постарайтесь проверить их все.
Что касается использования плагинов, то тут всегда лучше подключать только проверенные и качественные решения. Со списком таких плагинов предлагаю ознакомиться в материале по следующей ссылке.
Если после проверки неполадка все еще не исчезла, переключитесь на стандартную тему WordPress, которая называется Twenty Seventeen. Это действие поможет понять, связана ли ошибка сервера 429 со скриптами, которые входят в пользовательский шаблон оформления сайта. В том случае, когда трудность действительно была связана с темой, придется переделать ее вручную или же подыскать новый вариант для своего веб-ресурса.
Действия со стороны обычного пользователя
Обычный пользователь, который сталкивается с неполадкой 429 при попытке просмотреть конкретный сайт, не сможет ничего предпринять самостоятельно, чтобы решить ее. Однако, если есть возможность, стоит обратиться напрямую к владельцу интернет-ресурса или администраторам, сообщив им о появившейся ошибке. Так вы дадите понять, что сайт работает не так, как это нужно, и ускорите процесс решения трудностей.
Ошибка HTTP с кодом 429 – неприятная ситуация, которая может коснуться каждого владельца сайта. Из приведенного выше материала вы поняли, что существует две основные причины, которые могут ее вызывать. Теперь остается только разобраться с каждой из них и провести проверочные работы, чтобы оперативно исправить сложившуюся ситуацию.
Как владелец веб-сайта вы время от времени сталкиваетесь с сообщением об ошибке. Некоторые из этих ошибок будет относительно просто исправить, а другие – сложно. Возьмем, к примеру, ошибку HTTP 429.
Источник изображения
Устранение этой ошибки затруднено, поскольку она содержит мало подробностей. Вы знаете, что что-то не так, и вам нужно это исправить, но вы не совсем уверены, что произошло и почему.
Чтобы убедиться, что вы понимаете и можете решить эту проблему, мы рассмотрим, что означает ошибка 429 и каковы ее наиболее распространенные решения.
Что такое ошибка HTTP 429?
Ошибка HTTP 429 – это код состояния ответа HTTP, который указывает, что клиентское приложение превысило предел скорости или количество запросов, которые они могут отправить за определенный период времени. Обычно этот код не просто сообщает клиенту о прекращении отправки запросов – он также указывает, когда они могут отправить другой запрос.
Ответ 429 технически не является ошибкой – это ответ сервера, интерфейса прикладного программирования (API) или плагина, который сообщает клиентскому приложению о прекращении отправки запросов, потому что у них просто недостаточно ресурсов для его приема в это время. Клиентское приложение обычно относится к веб-сайту или приложению, но также может относиться к отдельным пользователям, таким как администратор сайта, посетитель сайта или хакер.
Например, если пользователь слишком часто пытается получить доступ к странице на вашем веб-сайте в течение короткого периода времени, ваш сервер может отправить ошибку 429. В случае попытки грубой силы входа в систему, когда хакер неоднократно пытается войти на ваш сайт, ограничение скорости является важной мерой безопасности. Но ограничение скорости также сработает, если ваш сайт использует слишком много ресурсов на сервере или службе общего хостинга. Если, например, с IP-адреса получено более 50 запросов в течение одной минуты, PayPal Sandbox заблокирует этот IP-адрес на следующие пять минут.
Хотя ответ 429 может показаться карательным, на самом деле это защитная мера от пользователей, намеренно или случайно злоупотребляющих ресурсами сервера (или API, плагина или другой службы). Он разработан для предотвращения резервного копирования или переполнения запросов, которые могут перегрузить сервер или другую службу, которая предназначена для совместного использования и использования многими веб-сайтами и приложениями. Таким образом, контролируя количество и время запросов, ограничения скорости предотвращают проблемы до их возникновения.
Если вы видите ошибку HTTP 429 на своем сайте по другим причинам, вам может потребоваться уменьшить количество запросов к серверу или вызовов API, которые вы делаете. Обсуждаемые ниже шаги являются общими исправлениями ошибки 429 Too Many Requests. Если у вас есть сайт WordPress, вам могут потребоваться специальные решения для WordPress.
Как исправить ошибку HTTP 429
- Подождите, чтобы отправить еще один запрос.
- Реализуйте экспоненциальную отсрочку.
- Установите свой собственный предел дросселирования.
- Свяжитесь с вашим хостинг-провайдером.
Большинство приведенных ниже шагов направлены на предотвращение, а не на исправление ошибки HTTP 429 задним числом. Взглянуть.
1 Дождитесь отправки другого запроса.
Самый простой способ исправить ошибку HTTP 429 – дождаться отправки другого запроса. Часто этот код состояния отправляется с заголовком «Retry-after», который указывает период времени ожидания перед отправкой другого запроса. Он может указывать всего несколько секунд или минут.
Вот пример, который просит клиента подождать час перед отправкой другого запроса.
HTTP/1.1 429 Too Many Requests
Content-Type: text/html
Retry-After: 3600
<html>
<head>
<title>Too Many Requests</title>
</head>
<body>
<h1>Too Many Requests</h1>
<p>Only 100 requests per hour per logged in user is allowed on this website. Try again soon.</p>
</body>
</html>
2 Реализуйте экспоненциальный откат.
Если заголовок «Retry-after» не отправляется, и вы не знаете, сколько времени ждать перед попыткой, вам следует реализовать повторные попытки с экспоненциальным откатом. Используя этот подход, ваше приложение не будет немедленно повторять неудавшийся запрос; вместо этого он выполнит серию повторных попыток с постепенно увеличивающимся временем ожидания между каждой попыткой. Когда запрос будет окончательно принят, вы узнаете, какое время или скорость ожидания приемлемы.
Вы можете добавить код для реализации этого подхода или использовать такой инструмент, как Celery, который имеет встроенную функцию экспоненциальной задержки.
Источник изображения
3 Установите свой собственный предел дросселирования.
Регулирование – это процесс ограничения количества запросов, которые приложение может отправить за определенный промежуток времени. Если этот предел превышен, запросы к серверу или API обычно отбрасываются или выполняются с кэшированными данными.
Хотя этот подход чаще всего используется сторонними API или платформами для предотвращения превышения клиентскими приложениями своих ограничений, он также может быть полезен для ограничения вашего собственного потребления сторонних API или ресурсов сервера. Фактически, вы можете установить более строгий лимит регулирования для себя, чтобы предотвратить выход за пределы сервера, API или другой службы, которую вы используете. Это особенно хорошая идея, если вы используете дорогостоящий API, например Twitter API, и не хотите выходить за рамки своей политики использования.
4 Свяжитесь с вашим хостинг-провайдером.
Обращение к вашему хостинг-провайдеру – это всегда вариант для любой ошибки на вашем веб-сайте, но это должен быть один из последних вариантов, которые вы пробовали.
Если вы попробовали описанные выше действия и по-прежнему видите ошибку 429, возможно, причина возникла на вашем сервере, а не на вашем веб-сайте. Также возможно, что ваш хост блокирует запросы от определенных сторонних сервисов или платформ, таких как Google Search Console, которая делает множество запросов к веб-сайтам. Обратившись к вашему провайдеру, он может решить проблему или предоставить ценную информацию.
Устранение ошибки HTTP 429
Ошибка HTTP 429 является распространенным явлением, но ее можно избежать, если обратить внимание на ограничения скорости, установленные вашим сервером, API, плагином или другими. Если вы превысите эти ограничения, вы можете предпринять шаги для устранения ошибки 429. Поступая таким образом, вы продолжите предоставлять посетителям удобство работы с вашим сайтом.
Источник записи: https://blog.hubspot.com
Код ошибки 429 Too Many Requests говорит о том, что пользователь отправлял чересчур много запросов за единицу времени. Возвращаемый сервером ответ содержит пояснение, а также может включать заголовок Retry-After. Этот заголовок указывает на время, которое необходимо подождать, прежде чем повторять запрос.
О чем свидетельствует «код 429»
Причина появления ответа с кодом 429 — большое количество запросов, которые посылают пользователи, но чаще — поисковики, боты или специальные скрипты. Возврат ошибки 429 — это способ предотвращения DDoS-атак. При выдаче ошибки учитываются такие параметры, как:
- количество элементов в запросе;
- количество запросов в секунду с одного IP-адреса;
- количество одновременных запросов с одного IP-адреса (то есть запросов, посылаемых до получения ответа на предыдущий идентичный запрос);
- общее количество одинаковых запросов с IP-адреса.
Что делать пользователю, когда в браузере появляется код ошибки «429 too many requests»
Если такое сообщение появилось явно по ошибке, свяжитесь с технической поддержкой сайта. Зачастую виновником выступает некорректно работающий плагин CMS WordPress. Если вы являетесь владельцем сайта, а ваши пользователи регулярно жалуются на возникновение ошибки 429, для того, чтобы понять, так ли это, отключите все плагины на вашем сайте и проверяйте их работу по очереди.
Причины возникновения кода «429»
Причина практически всегда состоит в том, что сайт пытаются атаковать с помощью DDoS. Изредка возможно возникновение подобной ошибки из-за некорректной работы компонентов сайта.
Вас также может заинтересовать
If you own a website or frequently browse the internet, you may have come across the HTTP 429 Too Many Requests error. This error occurs when a server detects that a client has exceeded the rate limits or has made too many requests in a given period of time.
It is a client-side error, meaning that it is caused by actions taken by the user or client and not by the server hosting the website.
In this article, we will discuss what HTTP 429 is, what causes the HTTP 429 Too Many Requests error, provide examples of the error message, and offer 11 proven solutions to fix it.
What Is the Error 429 Too Many Requests?
HTTP error 429 technically is not an error but is an application-level response that a server is sending to a client (browser) which exceeds the limit of requests for a specified period of time
The error code HTTP 429 Too Many Requests is one of the many 4.x.x HTTP status codes that indicate errors from the client side and not the server.
It’s typical for web servers to set a limit of possible HTTP requests for a given time frame. They impose this security measure to prevent overload and downtime. The error usually occurs when a client sends too many requests and hits that limit. As a result, the server stops the connection and sends the HTTP 429 response to the client.
Depending on which browser you are using, different variations of the error message may appear:
- 429 Too Many Requests
- 429 Error
- HTTP 429
- Error 429 (Too Many Requests)
- There was a problem with the server 429
- 429. That’s an error.
- 429 server error
Here is an example of the 429 HTTP status code on Google Chrome.
Apart from websites, you may see the error code in online tools such as SSL installers. Below is an example of SiteGround’s Let’s Encrypt SSL installer in Site Tools, producing the error 429 Too Many Requests when you reach the rate limit of certificate requests.
What Causes the HTTP 429 Error?
The HTTP 429 Too Many Requests error occurs when the server receives too many requests from a client within a given period of time. Thus, the client exceeds the rate limits set by the server. This can happen due to various reasons, such as:
- Server Resource Limits – Every web server has certain resource limits in terms of CPU usage, memory, and other server resources. If your website exceeds these limits, it can trigger the 429 Too many requests error. This can happen if your website receives a sudden surge in traffic or if you are on a shared hosting plan with limited resources.
- Brute-Force Login Attempts – Brute-force attacks are a type of malicious attack where an attacker tries to gain unauthorized access to your website by systematically trying different username and password combinations. This can result in multiple requests being sent to the server within a short period of time, triggering the 429 error.
- High Traffic Volume – If your website experiences a high volume of traffic, especially during peak times, it can result in multiple requests being sent to the server simultaneously, causing the server to exceed its rate limits and trigger the 429 error.
- Numerous requests to the website server – A user may be sending a large number of requests to the website server. In such a case, the server may respond with the 429 Too Many Requests code in such a case.
- Unoptimized database – Your website’s database may not be in optimal shape. It may be full of junk content, transient data, or leftover tables, bloating its size. This can make the execution of database queries longer, exhausting the server resources. As a result, the website may produce an HTTP 429 error.
- WordPress plugins – Occasionally, a WordPress plugin may stop working as expected and create conflicts with other parts of your website. This may lead to timeouts or a large number of executions consuming substantial web server resources.
- WordPress themes – Like plugins, themes may also stop working normally, leading to the 429 Too many requests error.
Now that we know what causes the HTTP 429 Too Many Requests error, let’s look at an example of the 429 Status Code.
429 Status Code Example
When you encounter a 429 Too Many Requests error, you will typically see a message on your screen. The exact wording may vary depending on the server and the application you are using. Nevertheless, it usually includes a 429 status code indicating that too many requests have been made.
The HTTP error may also provide additional details explaining why the error occurred and how to resolve it. Here’s an example of what an HTTP 429 error message might look like:
HTTP/1.1 429 Too Many Requests
Retry-After: 3600
Content-Type: application/json
{
"error": {
"code": 429,
"message": "Too Many Requests: You have exceeded the rate limit. Please try again after 1 hour.",
"details": "You have made 500 requests within the past 10 minutes. The rate limit is 100 requests per 10 minutes. Please reduce the frequency of your requests.",
"retry_after": 3600
}
}In this case, the server has set a rate limit of 100 requests per 10 minutes. However, the client has made 500 requests within the past 10 minutes, exceeding the limit. The server has specified a Retry-After header indicating that the client should wait for 1 hour before making further requests.
How to fix the HTTP 429 error?
The HTTP 429 error, commonly called the ‘Too Many Requests’ error, occurs when a user exceeds the rate limits set by a server or API. It usually results from sending an excessive number of requests within a specified time frame.
This error can disrupt the normal functioning of an application or service that relies on the server or API, but fortunately, there are several solutions that can resolve it.
We will explore some practical steps to fix the HTTP 429 error, including adhering to rate limits, optimizing request frequency, and more.
Use a Content Delivery Network (CDN)
A content delivery network (CDN) is a network of servers that are distributed across multiple locations worldwide. When a user visits your website, the CDN serves the static assets (such as images, CSS, and JavaScript files) from the server closest to the user’s location. This helps to reduce the load on your web server and prevent the 429 error.
You can use a CDN service, such as SiteGround CDN, to distribute your static assets across multiple servers and serve them to users from the nearest server. This can greatly improve your website’s performance and reliability, especially during high traffic.
All SiteGround users can benefit from using the SiteGround CDN, available on all plans. You can activate it from Site Tools > Speed > CDN. Choose between the Free and Premium plan by pressing the corresponding Activate button of either option.
Learn more about SiteGround CDN in this tutorial on how to manage your CDN through the CDN tool in Site Tools.
Optimize Your Database
A poorly optimized database can increase the load on your server. Consequently, your website may suffer from slow performance and high resource usage, leading to the 429 error. To fix this issue, you can optimize your database to reduce its size and improve its performance.
You can use plugins for your WordPress website to clean up your database. They can remove unnecessary data, such as post revisions, spam in the comments section, and transient options. We recommend the SiteGround Optimizer plugin available to all users. It has the Scheduled Database Maintenance option, which cleans your database of junk data weekly.
To activate it, open the SiteGround Optimizer menu in your WordPress dashboard. Navigate to the Environment section and press EDIT for Scheduled Database Maintenance.
In the following pop-up window, select the actions the maintenance should perform and press CONFIRM.
Additionally, you can repair and optimize your database tables using the built-in database optimization features in phpMyAdmin. For more information, read this guide on how to optimize a MySQL database.
Use Rate Limiting on the Client Side
One effective way to prevent the HTTP 429 error is to implement rate limiting on the client side. Rate limiting is a technique that limits the number of requests a client can make within a specified time period. Using this method, you can prevent clients from making too many requests and exceeding the rate limits set by the server.
You can implement rate limiting by using libraries or frameworks that provide rate-limiting features or custom rate-limiting logic in your code. For example, you can set a limit on the number of requests a client can make within a certain time period (e.g., 100 requests per 10 minutes) and block or delay further requests from the client if the limit is exceeded. This can help prevent the 429 error and ensure that clients do not overload your server with too many requests.
Change Your Default WordPress Login URL
Brute-force attacks often cause the 429 error. In these attacks, automated bots repeatedly attempt to log in to your website using different combinations of usernames and passwords. Hiding your login URL or moving your default WordPress login page, you can add an additional layer of security and protect your WordPress admin area.
You can easily change the login URL to something custom with WordPress plugins like SiteGround Security. By doing so, bots will have a harder time finding and targeting your login URL. This can reduce the number of unauthorized login attempts and help prevent the 429 error.
Learn more about this feature in the SiteGround Security tutorial about Login Security.
Switch to a Default WordPress Theme
If you recently installed a custom theme or made changes to your theme’s code, it’s possible that it could be causing conflicts or overloading user or server resources, resulting in the 429 error. In such cases, reverting to a default WordPress theme can help isolate and fix the issue.
You can switch to a default WordPress theme, such as Twenty Twenty-One or Twenty Twenty, to see if the error persists. If the error goes away, your previously active theme was most likely causing the issue. You can then investigate and fix any conflicts or performance issues related to your custom theme. Consider contacting the theme’s support or using a different theme altogether.
If the error doesn’t stop you from accessing your website’s backend, log into your WordPress dashboard. Navigate to Appearance > Themes. Here you can choose the active theme between all installed themes on your website. To switch the theme, press the Activate button on one of your default themes.
The error “Too many requests” may prevent you from logging into the WordPress dashboard where you can change the theme. In this case, you can change the active theme from the wp_options table in the website’s database. Check this guide on how to change the WordPress theme from the database for detailed instructions.
Clear Your Browser’s Cache
Sometimes, your browser can store outdated or corrupted cached data triggering errors when loading web pages, including the 429 HTTP status code. Clearing cached browsing data can help resolve such issues and ensure that you are loading the latest version of your site.
You can typically clear the cache from your browser’s settings menu. Read the following guides to find the steps for your browser or device.
- How to clear cache on desktop browsers
- How to clear cache on Android
- How to clear cache on iPhone
Flush Your DNS Cache
Computers store local DNS (Domain Name System) cache that keeps the information about domain name to IP address mappings. If the DNS cache becomes outdated or corrupted, it can result in issues with connecting to your website and trigger the 429 error.
Flushing your DNS cache will force your computer to fetch the latest DNS information and can help resolve DNS cache-related issues. Read the following guides to clear the DNS cache on your particular operating system (OS):
- How to clear the DNS cache on Mac
- How to clear the DNS cache on Windows
- How to clear the DNS cache on Linux
Limit Brute-Force Attacks
Brute-force attacks can trigger the HTTP error 429 by sending multiple requests to your server within a short period of time. To prevent brute-force attacks, you can implement measures to detect and block suspicious login attempts.
One common technique is to implement a CAPTCHA or reCAPTCHA system on your website’s login page. CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) is a security measure that requires users to complete a challenge (such as typing a series of distorted characters) to prove that they are human and not bots. reCAPTCHA is a more advanced version of CAPTCHA that uses machine learning algorithms to detect and block suspicious login attempts.
If your website is WordPress-based, you can easily protect your pages with reCAPTCHA with a plugin. One of the most popular ones is reCaptcha by BestWebSoft. Download the plugin and activate it from Plugins > Add New in your dashboard.
Read the manual for configuring the plugin with Google reCAPTCHA. You can select which sections of your website will be protected by reCAPTCHA. It’s recommended to secure your login page and comments section, which are commonly targeted by bots. Once the reCAPTCHA is active, users will have to complete a visual challenge in order to log in or post a comment to your website.
Check for Server Resource Limits
The error 429 “Too many requests” can also occur if your site exceeds the resource limits set by your hosting provider. These limits may include CPU usage, memory usage, and a maximum number of concurrent connections. Checking for server resource limits and increasing them if necessary can help resolve the error.
You can contact your hosting provider or check your hosting account’s control panel for information on resource limits. SiteGround users can monitor their resource usage from their Client Area > Services > Hosting. Click on the Manage button of the hosting plan.
Select the Statistics tab to check the various resources used on your plan.
If you are on a shared hosting plan, you may need to upgrade to a higher plan to ensure sufficient resources for your WordPress website.
Check the access logs and block suspicious IP addresses
In many cases, the HTTP error 429 is caused by bots or malicious visitors with a specific IP address. Their activity should be recorded in the server access logs. Usually, you should be able to inspect the access logs in your account’s control panel. After you identify the offending IP, you can block it from spawning new requests.
SiteGround users can check the logs in Site Tools > Statistics > Access Log. The logs show all requests to your website and from which IP addresses they originate.
After you identified a suspicious IP, you can block it from accessing your website. In Site Tools, you can use the tool Security >Blocked Traffic. Type the IP address in the field IP/IP Range and confirm with the Block button.
Learn more about the tool in this guide on how to block an IP and remove an IP block in Site Tools.
Temporarily Deactivate All of Your WordPress Plugins
A misconfigured WordPress plugin could be also causing the HTTP error 429 “Too many requests.” Your primary goal should be to access your dashboard and see if a plugin is triggering the error.
If the HTTP error 429 doesn’t prevent you from accessing the backend, log in and navigate to Plugins > Installed Plugins. Check the box Plugin to select all plugins, choose Deactivate from the Bulk actions menu and press Apply.
If one of your plugins is the culprit, the HTTP error should seize. Enable the plugins one by one by pressing the Activate button for each plugin until the HTTP error returns. This way, you will identify the problematic plugin.
Unfortunately, the error often persists even on the login page, preventing you from logging into your dashboard. In this case, you’ll have to use an alternative method to disable the plugins. For the sake of easier WordPress management, SiteGround has developed a feature to quickly disable all plugins with one click.
Go to Site Tools > WordPress > Install & Manage. Click on the Actions (kebab) menu and select Disable all plugins.
Once you have disabled the plugins, you should be able to access your WordPress dashboard. Proceed with activating the plugins one by one to find the problematic plugin.
If the options above are not available to you, you can disable the plugins directly from the database. Learn more about this option from this guide on how to disable the WordPress plugins from the database using phpMyAdmin.
As a last resort, you can also deactivate the plugins by renaming the plugins folder of your WordPress files via File Manager or FTP. The folder path is:
yourwebsite.com/public_html/wp-content/pluginsRename the folder to anything else, for example – plugins.deactivated or plugins1.
If you can access your site normally after disabling your plugins, your next move should be to restore the plugins directory to its original name. Once you do that, open the folder via FTP or File Manager and start working your way down the list of active plugins. For each plugin, you’ll want to change its individual folder name, which will disable it. Then check to see if the error persists. Once you identify which plugin was causing the problem, you can keep it disabled, report the plugin authors and ask for a solution, or find a substitute plugin.
Summary
Encountering the status code HTTP 429 Too Many Requests error is a common occurrence for websites of all types. This error can stem from various causes, such as:
- database optimization issues,
- server resource limits,
- brute-force attacks,
- clients that send too many requests.
Resolving this error may involve taking measures such as optimizing the database, monitoring and adjusting server resource limits, and implementing security measures against brute-force attempts.
Seeking professional help or consulting with your hosting provider is recommended if you’re uncertain about implementing these solutions. By addressing the underlying issues, you can ensure the smooth operation of your website and provide a better user experience to your visitors.