Key Takeaways
- The 429 error is triggered when a user, bot, or script sends too many requests to your server in a short time.
- Brute force login attempts on wp-admin are one of the most frequent causes in WordPress.
- A faulty plugin or poorly coded theme can generate excessive requests and trigger the error.
- You can fix it without dashboard access by renaming plugin or theme folders via FTP.
- If none of the fixes work, the issue may be server-side and your hosting provider needs to resolve it.
Is your WordPress website running into the frustrating 429 Too Many Requests error? And are you unable to find the reason causing it? You’re in the right place.
Error 429 Too Many Requests is difficult to troubleshoot, as the page doesn’t offer much insight into what’s causing it. Depending on the underlying reason, you might need to try out more than one troubleshooting fix to resolve it.
In this article, I’ll discuss what the 429 Too Many Requests error is, its underlying causes, and how you can fix it on your WordPress website.
What is the HTTP 429 Too Many Requests Error?
HTTP error codes in the 400 to 499 range are client-side errors. They indicate a problem in the communication between your browser and the server, and they are how servers block suspicious or excessive behavior before it becomes a security threat.
The 429 Too Many Requests error specifically means that a user or script has sent more requests than the server allows within a defined time window. When this threshold is crossed, the server activates rate limiting, which temporarily blocks further requests from that source.
Rate limiting serves an important protective function. It defends your site against Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks, and brute force login attempts that can overwhelm your server resources.
The error typically appears as:
429 Too Many Requests
Or in some cases:
HTTP Error 429 Retry later
What Causes the 429 Too Many Requests Error in WordPress?
WordPress is built on PHP. Every action on your site, from loading a page to submitting a form, triggers a PHP script that sends a request to your server. When too many of these requests are fired in a short period, rate limiting kicks in and returns a 429 error.
The most common causes in WordPress include:
Brute force login attacks: Attackers repeatedly attempt to access your WordPress admin panel at the default wp-admin URL by trying thousands of username and password combinations in rapid succession. This generates a high volume of requests in a very short time and is one of the leading triggers of 429 errors.
A rogue or poorly coded plugin: Some plugins make frequent calls to external APIs or generate repeated internal requests. If a plugin is not optimized or has a bug that causes it to fire requests in a loop, it can hit the server’s rate limit quickly and trigger the 429 error for all users.
A poorly coded theme: Themes that make excessive external requests or contain inefficient code can produce the same effect as a problematic plugin, flooding the server with more requests than it is configured to handle.
Server-level rate limiting: Sometimes the issue originates from the hosting environment itself. Web hosts impose rate limits to protect shared infrastructure. If a third-party service or your own scripts generate unusually high traffic, the host may block requests and return a 429 before they even reach WordPress.
How to Fix the 429 Too Many Requests Error (4 Methods)
Now, it’s time to learn how you can fix 429 Too Many Requests errors. In this section, I’ll cover the four most common methods to fix Error 429, so you can get your site back up and running quickly.
Method 1: Change Your WordPress Website’s Default Login URL
Brute-force login attempts are one of the biggest causes of 429 errors on WordPress websites. These attacks use a trial and error method to determine all possible combinations of passwords, encryption keys, or any login information.
Anyone can easily find the default login page by adding the wp-admin (https://example.com/wp-admin) at the end of your site’s domain. To prevent this, change the default login URL of your WordPress website so attackers can’t find it in the first place.
There are multiple ways to change your default WordPress URL. The easiest is to use the WPS Hide Login plugin. This lightweight plugin with 1+ million active installations lets you safely and quickly change the URL.
First, install and activate the plugin. Go to the WordPress Dashboard > Settings > WPS Hide Login. Here, you can set the Login URL. Change the login URL to prevent access to the wp-login.php page and the wp-admin directory to non-connected people.
Also, you can set the Redirect URL so when someone who’s not logged in tries to access the wp-login.php page and the wp-admin directory, they’ll be redirected to the particular page that you set in the Redirect URL field.
Method 2: Temporarily Deactivate WordPress Plugins
If the method above doesn’t resolve your case, try disabling all your WordPress plugins. Any plugin could have caused the 429 error if it made too many external requests.
With 429 Too Many Request errors, you don’t have access to your dashboard, and you cannot find and disable the plugins in the usual way. You need to access your site’s files via FTP, such as with Filezilla. Provide the Host, Username, Password, and Port to access your site files and navigate to the public_html folder.
- Now, double-click to open the wp-content folder and find a folder named plugins.
- Right-click on the plugin folder and rename it to plugin-deactivated.
- WordPress will now disable all the plugins automatically. It will no longer be able to find them.
- Now create an empty folder and name it plugin so WordPress functions normally.
- Go to your site and see if the 429 error is gone. If it is, you can assume that one of the plugins was the culprit.
- You need to narrow down and confirm which plugin caused the problem.
Follow these steps to uncover the culprit:
- Restore the plugin folder you renamed (plugin-deactivated), and delete the empty folder you created.
- Go into the plugin folder and start renaming the specific plugins folder like WooCommerce and wp-all-import.
- WordPress will deactivate only that specific plugin by renaming it.
- Try to access your website and see if the 429 error is gone.
- If the error persists, return to the plugin folder and restore that specific plugin’s original name.
- Repeat this process until you find out the real culprit.
By checking the plugin list, you eventually discover which one is the culprit. Once you uncover it, delete it to avoid 429 Too Many Requests.
Method 3: Switch to a Default WordPress Theme
If your site is still returning a 429 Too Many Requests error, it’s time to check your theme. Disable your active theme and switch your site to a default WordPress theme.
The process of disabling a theme is pretty similar to disabling plugins manually.
- Connect your website on an FTP client such as Filezilla, and go to public_html > themes directory.
- Here you will see a list of themes that are installed on your site.
- Rename the active theme folder to something like storefront_deactivated to deactivate it.
- Now access your site. The 429 Too Many Requests error should be gone. You’ll notice your design has changed and
- everything looks quite different.
- Reactivate the theme, and the theme customization will start showing again.
- If the 429 error returns after you reactivate the theme, you might need to contact the theme’s developers.
Method 4: Your Host Could Help You
It is possible that the 429 Too Many Requests originated from the server rather than from your website. If all three methods fail in your case, and you’re still facing issues, then contact your hosting provider and ask them to fix this issue.
Sometimes web hosts block requests from third-party services that generate large requests to your site. If that is the case, you can’t fully resolve the error on your end. Your hosting service support team can help you in that regard.
Cloudways users can discuss your case by contacting expert support through the live chat option that’s available 24/7.
Experience an Error-Free Hosting with Autonomous
No more annoying hosting and limitation errors. With Autonomous, you can enjoy effortless scalability with Kubernetes-based autoscaling, super-fast speeds, and high uptime, ensuring your website remains fast and responsive.
Summary
If you run into the 429 Too Many Requests error, you need to identify the source that’s generating all those requests. Encountering errors is always frustrating, but following the right methods can let you overcome these problems.
If you experience the 429 Too Many Requests error, try these four ways to troubleshoot it:
- Change Your WordPress Website Default Login URL
- Temporarily Deactivate WordPress Plugins
- Switch to a Default WordPress Theme
- Contact Your Host
Have a question on how to fix 429 application errors in WordPress? Let’s talk about them in the comments section below!
Q. What Does the 429 Too Many Requests Error Mean?
A. It means your server has received too many requests from a single source within a short time frame and has activated rate limiting to block further requests. It is a protective HTTP status code designed to prevent server abuse, brute force attacks, and DDoS activity.
Q. How Do I Fix the 429 Too Many Requests Error in WordPress?
A. Try these four methods in order: change your default WordPress login URL to block brute force attacks, deactivate all plugins via FTP to identify a rogue plugin, switch to a default WordPress theme, and contact your hosting provider if the issue persists.
Q. Will the 429 Error Go Away on Its Own?
A. Sometimes. If the error is caused by a temporary spike in requests, it may clear once the rate limit window resets. However, if it is caused by a rogue plugin, a brute force attack, or server-level rate limiting, it will keep recurring until the underlying issue is resolved.
Q. Can a WordPress Plugin Cause a 429 Error?
A. Yes. Plugins that make frequent or looping calls to external APIs, or that generate a high volume of internal requests, can trigger your server’s rate limiting and produce a 429 error for all visitors to your site.
Q. How Do I Deactivate Plugins Without Access to My WordPress Dashboard?
A. Connect to your server via FTP, navigate to public_html, then wp-content, then plugins, and rename the plugins folder. WordPress will automatically deactivate all plugins because it can no longer locate the folder.
Q. Is the 429 Error a Security Threat?
A. The error itself is not a security threat. It is actually a sign that your server’s security mechanisms are working. However, a high volume of 429 errors can indicate an active brute force or DDoS attack targeting your site, which is worth investigating further.
Q. What is the Difference Between a 429 Error and a 503 Error?
A. A 429 error means too many requests were sent in too short a time, triggering rate limiting. A 503 error means the server is temporarily unavailable, usually due to overload or maintenance. Both can result from high traffic, but they have different root causes and fixes.
Danish Naseer
Danish Naseer is a WordPress Community Manager at Cloudways. He is passionate about designing, developing, and engaging with people to help them. He also actively participates in the community to share his knowledge. Besides that, he loves to watch documentaries, traveling and spending time with family. You can contact him at [email protected]
