4 Ways to Fix the Cloudflare Error 521 on a WordPress Site

Anna Fitzgerald
Anna Fitzgerald


If you manage a WordPress website, you want it to be fast and secure. That’s why many site owners connect their site to Cloudflare, a free content delivery network (CDN) and security service. Once connected, you can optimize your site’s speed with the CDN and secure it with SSL and bot protection, among other things.

WordPress site owner fixing Cloudflare 521 error

However, this setup can lead to an error 521. In this post, we’ll go over what this error message means and how to fix it so you can continue to reap the benefits of a Cloudflare integration — with none of the frustrations.

Grow Your Business With HubSpot's Tools for WordPress Websites

Here’s how the error might appear on a user’s browser:

error 521

Image Source

Best case scenario: your website visitors would be frustrated by this error message and try to visit your site later. Worst case scenario: they exit out and never return to your site.

To avoid both these scenarios, you want to resolve a 521 error on your site as quickly as possible. To do so, it’s important to understand the primary causes of this error.

What causes a 521 error?

A 521 error is displayed when Cloudflare cannot connect to a WordPress site’s server. This connection may have been refused because:

  • The server is offline.
  • The server is blocking or throttling requests from Cloudflare because it thinks it’s a security threat.  
  • The server is refusing Cloudflare’s request on port 443.
  • The server is not presenting a valid SSL certificate.

We’ll explain these potential causes in more detail below, as well as their respective solutions.

1. Check that your origin server is running.

To start, you want to double check that your origin server (aka where your WordPress website is hosted) is running. If it is, check the server’s error logs to see what is causing the error. It’s possible there’s been a breakdown or outage that is causing the 521 error.

How to Fix a 521 Error: open error log on server

Image Source

If you’re unable to complete either of these tasks, contact your hosting provider.

2. Check that your hosting provider isn’t throttling or blocking Cloudflare IP addresses and requests.

If you’re seeing the 521 error, it’s possible that your hosting provider is either throttling or blocking requests from Cloudflare IP addresses. That’s because Cloudflare is a reverse proxy. A reverse proxy acts as a gateway between clients and your origin server so clients only communicate directly with the reverse proxy server, not your origin server.

How to Fix a 521 Error: ensure traffic from cloudflare reverse proxy is allowed by server

Image Source

That means your origin server will see all of the traffic coming from a small range of Cloudflare IP addresses, rather than unique IP addresses from individual visitors. Your web host might interpret these requests as an attack and block them. If that’s the case, then ask them to allowlist Cloudflare’s IP ranges.

3. Ensure that Cloudflare can connect to port 443.

If you recently set your Cloudflare SSL/TLS mode to Full or Full (Strict) and are seeing a 521 error, your origin server may not be configured properly to allow Cloudflare access to a particular network port. By default, Cloudflare proxies traffic destined for a range of HTTP/HTTPS ports. When set to a Full or Full (Strict) SSL/TLS mode, then it proxies traffic destined for the HTTPS port 443. If Cloudflare’s proxy is not enabled for this network port, then it may cause the 521 error.

How to Fix a 521 Error: enable SSL certificate and port 443 on server

Image Source

If you can’t enable SSL and port 443 at your origin web server, then reach out to your hosting provider.

4. Check that you have installed a Cloudflare Origin Certificate.

If you have your SSL/TLS mode set to Full or Full (Strict) and Cloudflare’s proxy is enabled for port 443, then check that you have installed a Cloudflare Origin Certificate (or one issued by a publicly trusted certificate authority). Your origin server may be configured to allow HTTPS connections on port 443 but only if it presents a valid certificate to Cloudflare. If it doesn’t, then that could cause the 521 error (or a 526 error).

In that case, you can install a Cloudflare Origin Certificate on your server.

How to Fix a 521 Error: install Cloudflare Origin Certificate on web server

Image Source

Resolving the 521 Error

A 521 error means that your origin server (the server that hosts your WordPress site) is refusing to connect with Cloudflare. Since Cloudflare is unable to connect to your server, it presents an error message to your website visitors. This negatively impacts the user experience and can make your site look less professional and credible. Follow the steps above to mitigate these negative effects as quickly as possible.

Use HubSpot tools on your WordPress website and connect the two platforms  without dealing with code. Click here to learn more.

Related Articles

Capture, organize, and engage web visitors with free forms, live chat, CRM, analytics, and more.