How to fix the 429 Too Many Requests Error (as a user and site owner)

429 Too Many Requests is an HTTP status code that appears when a client, such as your browser, app, or automated tool, sends more requests to a server than the server allows in a set time.

This limit is in place to protect websites from overload, spam, or malicious activity, but it can also affect regular users trying to browse your site.

There are a few ways to deal with it depending on the situation:

• As a user: retry later, clear browser data, and flush the DNS cache.
• As a website owner: upgrade your hosting plan, disable WordPress plugins, switch to a default theme, and contact your hosting provider.
• For prevention: change the default WordPress login page, implement rate limiting, and limit login attempts to avoid future 429 errors.

What does 429 Too Many Requests mean?

The 429 Too Many Requests error occurs when a client sends too many requests to a server within a specified time. Servers use this error as a protection mechanism to avoid overloading from too many requests in a short period. This often happens when a website’s traffic exceeds its server capacity.

How to fix the 429 Too Many Requests error as a user

If you see a 429 Too Many Requests error while browsing, here are a few quick ways to fix it and get back online:

1. Wait and retry later

The easiest fix is to pause for a while before sending the request again. Think of it as letting the server “catch its breath” – once the limit resets, your request is more likely to go through.

Similarly, servers typically reset their request limits after a set period, so retrying after a few minutes could fix the error.

Sometimes, the HTTP 429 error message tells you exactly how long you have to wait:

HTTP/1.1 429 Too Many Requests

Content-type: text/html

Retry-After: 3600

In this example, the Retry-After header says 3600, which means 3600 seconds. In other words, you will have to wait an hour before you can send another request.

2. Clear browser data

Sometimes, the problem is not the website, but your browser. Over time, your browser stores temporary data (like cached files and cookies) to make loading websites faster.

However, this data can get outdated or corrupted, causing issues like the 429 error. Clearing your browser’s cache and cookies helps remove these outdated files and can resolve the problem.

Here’s how to do it on Google Chrome:

• Click the three dots icon on the top right corner of your browser and select Settings.
• On the left sidebar, click on Delete browsing data.
• Choose the Cached images and files and Cookies and other site data options.
• Open the dropdown menu to set the time range – we recommend All time.

• Click Delete data and restart Google Chrome to complete the process.

If you use other browsers, such as Firefox, Safari, or Microsoft Edge, read our guide on how to clear browser cache to follow along.

3. Flush the DNS cache

Flushing your DNS cache can also help resolve the issue. Your DNS (Domain Name System) cache stores information about previously visited websites to speed up future access.

But sometimes, outdated DNS information can interfere with your connection to websites, causing errors like 429. Flushing the DNS cache forces your system to fetch fresh data from the server, potentially bypassing the error.

How to fix the 429 Too Many Requests error as a website owner (WordPress)

As a website owner, you might encounter the 429 error when your server is overwhelmed by too many requests. This could happen if your website gets a sudden surge in traffic or if certain elements of your site are generating too many requests. Here’s what you can do to resolve the issue.

1. Upgrade your hosting plan

If your website is growing and receiving more traffic, your current hosting plan might not be enough to handle the increased load. Upgrading to a higher-tier plan can provide more resources (like CPU and memory) to manage higher traffic volumes and prevent the 429 error.

If you’re a Hostinger user, follow our guide on how to upgrade your hosting plan in hPanel.

Example: Imagine your small blog is getting more visitors after a viral post. If you’re on a shared hosting plan, you might experience the 429 error during traffic spikes. Upgrading to a virtual private server (VPS) or cloud hosting plan can provide the performance boost your site needs.

2. Disable your WordPress plugins

Certain WordPress plugins can overwhelm the server with requests, which may trigger a 429 error. If the problem started right after installing a new plugin, try disabling that one first.

If the error persists, deactivate all plugins temporarily and then reactivate them one by one to find the culprit. Plugins that add features like social sharing buttons or automated email tools are common sources of excessive requests.

Example: If you’re running a WordPress website and notice frequent 429 errors after installing a new plugin, disable that plugin first. If the issue continues, test other plugins – starting with those that run frequent background tasks, like social sharing or email automation tools.

3. Switch to a default WordPress theme

Custom WordPress themes are often designed to provide more features and flexibility. However, if they are not optimized, they can generate too many requests and lead to errors.

Switching to a default WordPress theme (like Twenty Twenty-One) can help identify whether your custom theme is responsible for the 429 error. Default themes are optimized for performance and can help ease the server load.

Example: If you recently switched to a custom theme and started seeing the 429 error, try switching back to a default theme to see if that resolves the issue. This helps isolate whether the theme is the cause of the server overload. Just remember to back up your website data.

4. Contact your hosting provider

If the 429 error continues despite your efforts, contacting your hosting provider should be your next step. They can adjust server settings, increase request limits, or recommend resources to better handle traffic on your site.

Example: A hosting provider might spot server-side issues you can’t see, such as misconfigured rate limits. They could suggest solutions like assigning a dedicated IP address, setting up a Content Delivery Network (CDN), or upgrading your hosting plan to manage higher traffic volumes.

What causes the 429 error?

Like other 4XX HTTP status codes, the 429 response appears because of client-side errors. This means something is wrong on your end, rather than the server itself.

Here are several common causes of an HTTP 429 error:

• Too many requests. A web server or API usually has a limit on how many requests you can make per minute to prevent overload and DDoS attacks. When you exceed the limit, the 429 error shows up.
• Server resource limits. You’ve used more server resources (CPU, RAM, and storage) than what your web hosting provider allows.
• Cyber attacks. The server detects malicious activity, like brute force attacks (forced logins), from a specific IP address.
• Third-party software. Faulty plugins or themes can also cause the 429 error on WordPress sites.

How to prevent the 429 error in the future

It’s possible to significantly reduce the likelihood of running into the 492 error on your site. Here are some effective methods to prevent the 429 error from recurring, especially if you have a WordPress website.

1. Change the default WordPress login page

One of the main causes of the 429 error is brute-force attacks, where bots repeatedly try to guess login credentials. Changing the default WordPress login page reduces the chances of these attacks, which can overwhelm your server and trigger a 429 error.

Every WordPress website has a default login URL, such as:

• domain.com/wp-admin
• domain.com/wp-login

And since it’s generic, hackers can easily guess the WP login URL of any website. All they have to do is to add /wp-admin or /wp-login to the domain they want to breach.

One easy way to avoid brute-force attacks is to change your default login URL. You can use a plugin like WPS Hide Login to create an alternate login page and prevent hackers from accessing your website. Simply install and activate the plugin from the WordPress dashboard, then go to Settings → WPS Hide Login. Enter your new login page address in the Login url field.

Don’t forget to click Save Changes once done.

2. Implement rate limiting on your site

Rate limiting is a technique for restricting the number of requests a user can make to your website within a given timeframe. By enforcing rate limiting, you can control traffic to your site and prevent overloads that lead to the 429 error.

For this tutorial, we’ll show you how to enable rate limiting using Wordfence:

• Install Wordfence and follow the instructions to get a free license.
• Once activated, go to Wordfence → All options.
• Under Firewall Options, click on Rate Limiting and toggle on the button to enable it.

After that, you will need to adjust the default rate limits (they’re currently set to unlimited). Here are the recommended rate-limiting settings according to the Wordfence support team:

• If anyone’s requests exceed – 240 per minute, then throttle it
• If a crawler’s page views exceed – 120 per minute, then throttle it
• If a crawler’s pages not found (404s) exceed – 60 per minute, then throttle it
• If a human’s page views exceed – 120 per minute, then throttle it
• If a human’s pages not found (404s) exceed – 60 per minute, then throttle it
• How long is an IP address blocked when it breaks a rule – 30 minutes

But these settings are not set in stone – you can always adjust them based on your specific needs.

3. Limit login attempts

Limiting login attempts is another crucial step in preventing the 429 error.

By limiting how many times a user can attempt to log in within a set period, you can prevent bots from repeatedly trying to break into your site. This will reduce excessive requests and protect your server from overloading.

In Wordfence, this feature is called Brute Force Protection, and it’s located just above Rate Limiting:

While there’s no right or wrong set of rules, you can follow these suggestions:

• Lock out after how many login failures – 3 to 5
• Lock out after how many forgot password attempts – 3 to 5
• Count failures over what time period – 4 hours
• Amount of time a user is locked out – 30 minutes or longer

Another effective way to protect your site from malicious bots is to enable reCAPTCHA on the login page. To do so, you need to create Google reCAPTCHA v3 keys first. After that, head back to Wordfence → Login Security → Settings, and enter your reCAPTCHA v3 Site Key and reCAPTCHA v3 Secret.

What impact does the 429 Too Many Requests error have on my website?

The 429 Too Many Requests error can have a significant negative impact on your website. For example:

• SEO impact. Repeated 429 errors can cause search engines to see your website as unreliable. If Google or other search engines cannot access your site, it could affect your ranking.
• User experience. A 429 error creates a frustrating experience for visitors, especially if they are unable to access your content quickly. A bad user experience often leads to increased bounce rates and decreased engagement.
• Brand reputation. Constant server issues can harm your brand’s reputation. Visitors may associate slow or inaccessible websites with poor service, reducing trust in your brand.

To mitigate these issues, maintaining server health and implementing preventive measures like rate limiting and login attempt restrictions are essential for keeping both users and search engines satisfied. For more insights, check out our WordPress maintenance tips.

All of the tutorial content on this website is subject to Hostinger's rigorous editorial standards and values.