How To Fix HTTP 429 Too Many Requests Error

Summarize with:

ChatGPT

Claude

Perplexity

The 429 Too Many Requests error is an HTTP response from a website’s server that says you’re sending too many requests too quickly. In simple terms, the server is overwhelmed and requests that you slow down and try again later.

Sometimes, this error goes away on its own if you wait a few minutes. However, if it persists, there may be another reason, either on your end or on the website itself.

In this tutorial, we’ll learn what the 429 error is, why it occurs, and how to fix it as a website user and owner.

KEY TAKEAWAYS

• The 429 Too Many Requests error tells us the server has received many requests from a user or bot in a short period.
• This error often appears when you’re refreshing too much, using faulty plugins, or when bots attack your site.
• If you’re a visitor, try waiting a few minutes, clearing your browser data, or flushing your DNS cache.
• If you own the site, check your hosting limits, disable plugins, or switch to a default WordPress theme.
• Upgrading your hosting plan or using a CDN can help reduce server overload.
• To prevent this issue, change your WordPress login URL, add rate limiting, limit failed login attempts, and implement reCAPTCHA on your login page to block bots from spamming requests.
• Additionally, sort internal HTTPS redirect issues by updating links and adding proper .htaccess rules.
• If the issue persists, contact your hosting provider to check for server-level blocks or firewall rules.

What Does 429 Too Many Requests Mean?

The 429 Too Many Requests is an HTTP status code that appears when a user, bot, or script sends many requests to a server within a short period. This response is part of a system called rate limiting, which helps protect the server from overload, abuse, or possible attacks.

Every website server has limits on the number of requests it can handle simultaneously. When a user or process sends more requests than the server allows, whether it’s loading web pages, submitting forms, making API calls, or refreshing too frequently, the server blocks further requests for a set period. This is when you’ll see the status 429.

Here’s a simple way to understand it:

Imagine you’re at a ticket counter, and you keep asking the clerk the same question every few seconds. At some point, the clerk will stop answering and ask you to wait. That’s exactly how rate limiting works. The hosting server tells you to back off and try again later.

In many cases, the server also sends a Retry-After header along with the error. This tells you how long to wait before making another request.

EXAMPLE:
HTTP/1.1 429 Too Many Requests 
Retry-After: 60

This means the server wants you to wait 60 seconds before trying again.

You may also see this error displayed in different formats depending on your browser or platform. Here are some common variations:

• 429 Error
• HTTP 429
• HTTP Error 429
• Error 429 (Too Many Requests)

While the message may look different, they all mean the same thing:

The server is limiting access to protect itself. If you’re a visitor, it may be a temporary block. However, if you’re the site owner, it could indicate a deeper problem, such as a faulty plugin, a bot attack, or a poorly coded theme that sends repeated requests behind the scenes.

Now that you understand the error and why it appears, let’s consider the possible causes of this issue.

What Causes a 429 Error?

The 429 Too Many Requests error occurs when a server receives several requests in a short period. It’s the server’s way of saying, “That’s too much right now, please slow down”. But why does this happen in the first place? Let’s look at the most common causes.

Too Many Requests Too Quickly

Servers set a limit on the number of requests they can handle from a single user, IP address, or browser session. If you refresh pages too fast, make repeated login attempts, or send multiple API calls without delay, you may trigger this limit. After this, the server blocks further requests for a set time.

Lack of Server Resources

Sometimes, the error occurs because your hosting plan lacks sufficient resources. If your website consumes excessive CPU power, RAM, or PHP workers, your server may stop handling additional requests. This is common on shared hosting, where multiple websites share the same server space. When your site is busy, limits can be reached, causing 429 errors.

Security Tools Block Suspicious Activity

Many sites use firewalls or security plugins to block unusual traffic patterns. If your site receives a large number of login attempts or requests from a single IP address, the system may consider it a brute force or DDoS attack and block access. This can be good for protection, but it can also block legitimate users if not managed correctly.

A Faulty Plugin or Theme is Making Too Many Requests

If you’re using WordPress, a poorly built plugin or theme could be sending too many requests to the server in the background. For example, it may call external APIs too often or refresh data without limits. This behavior can overwhelm your server and cause the 429 error to appear.

These causes are tied to how the server handles and limits requests. Understanding the 429 Too Many Requests error makes it easier to fix and helps prevent it from recurring.

How to Fix 429 Error as a User

If you’re accessing a website as a user or visitor, you can try the following solutions:

Wait & Retry

One of the simplest things you can do when you see a 429 Too Many Requests error is to wait. The server needs a break before it can accept more from you.

In many cases, just stepping away for a few minutes is enough. After that, refresh the page, and the site may load normally again. Some servers also include the Retry-After header.

It tells your browser how long to wait before retrying. For example, if it says Retry-After: 3600, that means you should wait 3,600 seconds before sending another request.

If you’re seeing the error on a public site and you’re not doing anything strange, the problem may not even be your fault. It could be caused by something running in the background, such as an extension or script, making requests without you knowing.

Either way, giving it time is the first step. If the problem continues, find other methods to sort it on your end.

Clear Browser Data

If waiting doesn’t solve the 429 Too Many Requests error, try clearing your browser data. Sometimes, saved cache or cookies can cause the browser to send outdated or repeated requests, which may lead to this error.

Here’s how to empty cache and cookies in Google Chrome:

1. Press Ctrl + Shift + Del from your keyboard.
2. Set the time range to All time to ensure you leave nothing old behind.
3. Mark the following options: Browsing Cookie, Cookies and other site data, & Cached images and files.
4. Then, click Delete data.

Once you’ve done this, restart your browser and revisit the website. If the error was related to stored data, this should resolve the issue. Clearing your browser data helps you start fresh and avoids any conflicting or repeated requests that may be triggering the 429 error.

Flush DNS Cache

Another way to fix the http 429 Too Many Requests error is by flushing your DNS cache. DNS stands for Domain Name System. It helps your computer match website names (domain names) with their IP addresses. To speed things up, your system stores these matches in a local cache.

Sometimes, this cache gets outdated or corrupted. When that happens, your browser may reach the wrong IP or send repeat requests that the server doesn’t like. In this case, flushing the DNS cache clears these old records and forces your system to get fresh ones.

Here’s how to do it on Windows:

Open the Command Prompt as Administrator. Type this command and press Enter:

ipconfig /flushdns

After flushing the DNS, try opening the website again. This clears out any bad records that may have generated the 429 Too Many Requests error and provides a clean connection to the server.

How to Fix 429 Error as a Website Owner (WordPress)

If you own the website, go through the following methods:

Upgrade Your Hosting Plan

If you’re running a WordPress site and keep seeing the 429 Too Many Requests error, your hosting plan may be the reason. Every hosting plan comes with limited resources, such as:

• CPU power
• Memory (RAM)
• PHP workers

These control how many tasks your server can handle at one time.

As your site grows and attracts more visitors, it can use those resources quickly. Once you hit the limit, the server may start blocking extra requests, which can trigger the 429 error.

To sort this, first log in to your hosting dashboard and check your resource usage. Most good hosts show charts or numbers for how much CPU, memory, and server processes you’re using.

If you’re a Hosted®client, follow the given steps to see Resource Usage:

Login to the Hosted® account. Navigate to Manage Services → WordPress Hosting. It may differ if you’re using a different hosting package. For this tutorial, we’re using WordPress hosting.

Then, click Manage next to your domain name.

Now, locate Resource Usage to see if you’re close to hitting the limit.

If you see that you’re close to or over the limit, it’s a sign you’ve outgrown your current plan. So, upgrading to a higher plan (e.g., moving from shared hosting to cloud hosting) gives your site more power and flexibility.

If you’re hosting your site with Hosted®, you can read our step-by-step guide on how to upgrade your WordPress plan: How to Upgrade WordPress Hosting Plan on Hosted®

Additionally, adding a Content Delivery Network can also help by offloading traffic and spreading the load across multiple servers. This small upgrade can make a difference in how well your site handles traffic and prevents the 429 error from appearing again.

Disable WordPress Plugins

Sometimes, the 429 Too Many Requests error is caused by a plugin that’s sending too many requests in the background. This can occur if the plugin is poorly coded, making repeated API calls, or attempting to connect to external services too frequently.

To find if a plugin is the problem, start by disabling your plugins one at a time. To do that:

1. Log in to your WordPress Admin Dashboard.
2. Go to Plugins → Installed Plugins and click Deactivate to temporarily disable the desired plugin.
3. After that, reload your site to see if the error disappears.
4. If it doesn’t, activate that plugin and repeat steps 2-4 for another one.
5. Try this process for all the plugins you’ve installed. This helps you find which one might be causing the issue.

But what if you’re locked out of the dashboard because of the error? In that case, you can disable all plugins at once using an FTP client. Here’s how:

1. Connect to your website using an FTP client, such as FileZilla (or your hosting File Manager if you have access).
2. Go to the wp-content folder.
3. Find the folder named plugins and rename it to plugins-disable.

Renaming the folder tells WordPress to stop loading any plugins. If your site starts working again after this, you’ll know the problem was related to a plugin. You can then rename the folder back to plugins, reactivate plugins one by one from your WordPress admin panel, and test until you find the one responsible for the error.

Once you find it, look for a trusted alternative or contact your plugin developer for support. Avoid reactivating it until the issue is solved.

Switch to a Default WordPress Theme

Just like plugins, your WordPress theme can also trigger the 429 Too Many Requests error. Some themes make too many calls to external scripts or load unnecessary resources in the background. This can result in an excessive number of requests being sent to the server simultaneously.

To check if your theme is the issue, switch to a default WordPress theme (e.g., Twenty Twenty-One or Twenty Twenty-Three). These themes are lightweight and built to work well with most WordPress setups. Before switching, it’s always a good idea to back up your website, just in case you want to roll back.

If the error stops you from logging into your WordPress dashboard, you can change the theme manually using phpMyAdmin and Softaculous. Let’s look at both approaches below:

• CHANGE TO DEFAULT THEME USING PHPMYADMIN

Open your hosting control panel and go to phpMyAdmin. Select your WordPress database. Then, click on the wp_options table (note that the table name may vary slightly depending on your table prefix).

Now, locate the rows called template and stylesheet (usually on page 2). Click Edit next to each one and change their values to the folder name of the theme you wish to use (e.g., twentytwentytwo, found in /wp-content/themes/), then click Go to save.

This will switch your theme instantly.

• SWITCH TO DEFAULT THEME USING SOFTACULOUS

If you’re using one of Hosted®’s cPanel Web Hosting plans, you can change the theme using Softaculous. Here’s how:

Sign in to cPanel. Then, navigate to Popular Applications → WordPress.

Click WordPress Manager.

Click the downward arrow next to your domain, then Manage Themes.

Enable your desired theme and click Close.

Once you do this, your site will load using the default theme, which can help you confirm whether your original theme is the cause of the problem.

Contact Your Hosting Provider

If you’ve tried everything but still see the 429 Too Many Requests error, contact your hosting provider. Your host can check deeper settings, including rate limits, server logs, and firewall rules that you can’t see from your end. They may find that your IP address is blocked, your plan is exceeding the PHP requests limit, or a bot is attacking your site.

If you’re using Hosted®, you can contact our support team through Hosted’s live chat system and Support Tickets feature. They will guide you step by step and help fix the issue from the server side.

How to Prevent 429 Error in Future

You may try following preventive measures to avoid the 429 Too Many Requests error in the future:

Change Default WordPress Login URL

One effective way to reduce the chances of encountering a 429 Too Many Requests error is by modifying your WordPress login URL. By default, WordPress uses /wp-admin or /wp-login.php for the login page.

Hackers and bots are aware of this, so they frequently target these pages with repeated login attempts. This causes an excess of requests to the server at once.

When too many of these requests pile up, your server may respond with a 429 error, even for legitimate users. However, changing the login URL makes it more difficult for bots to locate the login page, which helps reduce traffic spikes and protects your site from brute-force attacks.

To simplify this for you, we have written an article, which you can find at the following link: WordPress Login URL: How to Find, Protect & Change it

Once your login URL is set, anyone who tries to access the old one will be automatically blocked. Making this small change keeps bots away from your login area, protects your site, and helps your server stay under its request limits.

Implement Rate Limiting on Your Site

Another good way to prevent the 429 error is to set up rate limiting on your WordPress site. It controls the number of requests a user, bot, or program can make within a short period. It keeps your server from being overwhelmed by too many actions at once.

You can set this up easily using a security plugin, for example, Wordfence. It comes with built-in tools that help monitor traffic and block anything suspicious before it becomes a problem. So, if a visitor or a bot starts loading too many pages too fast, Wordfence can slow them down or even block them for a while.

Here’s how you can do it:

First, install and activate the Wordfence plugin. Then, go to Wordfence → All Options → Firewall Options and expand the Rate Limiting section.

Here, you can apply limits to various actions according to your preferences.

While you can adjust the settings to fit your needs, the Wordfence team recommends a few helpful guidelines:

• Limit general user requests to 60 or fewer per minutes.
• For crawlers, keep page views at 60 or fewer per minute.
• Block crawlers that generate more than 30 page not found (404) errors per minute.
• For human visitors, limit page views to 60 or fewer per minute.
• If a human user triggers over 30 page not found errors per minute, consider blocking them.

You can choose to set even lower thresholds for 404 errors from crawlers or human users. Doing so may help protect your site from unnecessary load or suspicious activity. They also keep your server stable, so legitimate users don’t get blocked by a 429 error.

Limit Login Attempts

Too many failed login attempts can trigger the 429 Too Many Requests error, especially if bots are trying to guess your password. To prevent this from happening, it’s a good idea to limit the number of times someone can attempt to log in.

You can set a rule that blocks access after 3 to 5 failed login attempts within 4 hours. Once that limit is reached, the user gets locked out for at least 30 minutes. This gives your server a break and helps keep your site safe from brute-force attacks.

To make your login page even more secure, add reCAPTCHA, which asks users to prove they’re human by clicking a checkbox or solving a simple test. This blocks bots from flooding your login page with repeated requests.

Together, these 2 steps (limiting login tries and adding reCAPTCHA) can stop unwanted traffic, reduce server stress, and prevent the 429 error from appearing again.

Check & Fix HTTPS And Internal-Link Problems

Sometimes, the 429 Too Many Requests error happens because your website keeps redirecting between different versions of the same page. This often happens when you’re using an SSL plugin (e.g., Really Simple Security) that forces all links to load over HTTPS.

If things aren’t set up properly, your site can become stuck in a loop of redirects, which sends too many requests to the server. To sort this, deactivate the SSL plugin.

Next, ensure all your internal links use HTTPS. You can do this simply with the Better Search Replace plugin, which allows you to scan your site’s database and replace all old http:// links with https://.

IMPORTANT:

The above is necessary, so that you don’t rely on a plugin to handle HTTPS redirects.

Finally, set up a clean, site-wide redirect in your .htaccess file to send all traffic to the HTTPS version.

This setup ensures your site loads securely without causing endless redirects. It also helps lower the number of requests hitting your server, which stops the 429 error from returning.

FAQS

Other Related Tutorials

– How To Fix DNS Server Not Responding Error

– How To Fix The HTTP 303 Status Code: 4 Easy Methods

– How To Create A 301 Redirect In WordPress: 4 Easy Ways

– How To Fix 400 Bad Request: Request Header Or Cookie Too Large

– How to Fix ERR_TOO_MANY_REDIRECTS Error