If you connect your WordPress website to Cloudflare, you may run into error 521. Many site owners connect their sites to Cloudflare, a free content delivery network (CDN) and security service for fast speed and increased security. Once connected, you can optimize your site’s speed with the CDN and secure it with SSL and bot protection, among other things.
It’s important to understand what leads to the issue and how to fix error 521. In this post, we’ll go over what this error message means and how to fix it so you can continue to reap the benefits of a Cloudflare integration — with none of the frustrations.
Table of Contents
What does error 521 mean?
Error 521 is an error message that indicates that, while the web browser was able to connect to Cloudflare, Cloudflare was not able to connect to the WordPress site's server. Since the web server is not returning the connection, this error message is displayed instead of the requested WordPress site.
Here’s how the error might appear on a user’s browser.
Best case scenario: Your website visitors would be frustrated by this error message and try to visit your site later. Worst case scenario: They exit out and never return to your site.
To avoid both these scenarios, you want to resolve a 521 error on your site as quickly as possible. To do so, it’s important to understand the primary causes of this error.
What causes error 521?
Error 521 is displayed when Cloudflare cannot connect to a WordPress site’s server. This connection may have been refused because:
- The server is offline.
- The server is blocking or throttling requests from Cloudflare because it thinks it’s a security threat.
- The server is refusing Cloudflare’s request on port 443.
- The server is not presenting a valid SSL certificate.
We’ll explain these potential causes in more detail below, as well as their respective solutions.
How to Troubleshoot Error 521
Before you jump into solving the error, you need to troubleshoot to get to the underlying issue. Here’s what you should consider before diving in.
1. Check if the error is Cloudflare-specific.
Visit your website without going through the Cloudflare CDN by accessing the direct server IP or by temporarily disabling the Cloudflare proxy.
2. Check your Cloudflare settings.
Ensure that your Cloudflare settings are correct. Verify that the DNS records for your domain are configured properly and are pointing to the correct server IP address. Double-check if the SSL settings, caching options, and security features in your Cloudflare dashboard are appropriate for your website.
3. Check server logs.
Examine the server logs on your web hosting platform to identify any errors or issues related to the connection between your server and the Cloudflare CDN. Look for any corresponding error messages around the same time you experienced error 521. We’ll explore this more below.
4. Check firewall settings.
Verify that your server's firewall is not blocking incoming connections from Cloudflare. Grant access to IP addresses used by Cloudflare in your firewall settings. You can find a list of Cloudflare IP ranges on their website.
5. Verify your hosting provider's firewall.
Some hosting providers have additional firewalls or security measures in place. Check if your hosting provider has any specific firewall settings that may be interfering with the connection to Cloudflare. Contact your hosting provider's support team for assistance.
6. Test connectivity.
Use the “wget” command or a similar tool to check if your server can establish a connection with the Cloudflare IPs. This helps identify any issues with the network connectivity and firewall configuration on your server.
7. Clear server cache.
If you are using any caching plugins or server-level caching, clear the cache. Sometimes, outdated or incorrect cache files can cause error 521. Clearing the cache will force the server to generate fresh files.
Remember to always make backups of your website before making any changes to settings or configurations. This allows you to revert to a previous working state if needed while troubleshooting. Now, let’s solve error 521.
How to Fix a 521 Error
- Check that your origin server is running.
- Check that your hosting provider isn’t throttling or blocking Cloudflare IP addresses and requests.
- Ensure that Cloudflare can connect to port 443.
- Check that you have installed a Cloudflare Origin Certificate.
- Temporarily disable firewalls.
- Contact Cloudflare support.
1. Check that your origin server is running.
To start, you want to double-check that your origin server (where your WordPress website is hosted) is running. If it is, check the server’s error logs to see what is causing the error. It’s possible there’s been a breakdown or outage that is causing the 521 error.
If you’re unable to complete either of these tasks, contact your hosting provider.
2. Check that your hosting provider isn’t throttling or blocking Cloudflare IP addresses and requests.
If you’re seeing the 521 error, it’s possible that your hosting provider is either throttling or blocking requests from Cloudflare IP addresses. That’s because Cloudflare is a reverse proxy. A reverse proxy acts as a gateway between clients and your origin server, so clients only communicate directly with the reverse proxy server, not your origin server.
That means your origin server will see all of the traffic coming from a small range of Cloudflare IP addresses, rather than unique IP addresses from individual visitors. Your web host might interpret these requests as an attack and block them. If that’s the case, then ask them to allow Cloudflare’s IP ranges.
3. Ensure that Cloudflare can connect to port 443.
If you recently set your Cloudflare SSL/TLS mode to Full or Full (Strict) and are seeing a 521 error, your origin server may not be configured properly to allow Cloudflare access to a particular network port.
By default, Cloudflare proxies traffic destined for a range of HTTP/HTTPS ports. When set to a Full or Full (Strict) SSL/TLS mode, it proxies traffic destined for the HTTPS port 443. If Cloudflare’s proxy is not enabled for this network port, then it may cause the 521 error.
If you can’t enable SSL and port 443 at your origin web server, then reach out to your hosting provider.
4. Check that you have installed a Cloudflare Origin Certificate.
If you have your SSL/TLS mode set to Full or Full (Strict) and Cloudflare’s proxy is enabled for port 443, then check that you have installed a Cloudflare Origin Certificate (or one issued by a publicly trusted certificate authority).
Your origin server may be configured to allow HTTPS connections on port 443, but only if it presents a valid certificate to Cloudflare. If it doesn’t, then that could cause the 521 error (or a 526 error).
In that case, you can install a Cloudflare Origin Certificate on your server.
5. Temporarily disable firewalls.
Some firewalls can incorrectly trigger a 521 error code if they are defective. Firewalls are meant to protect incoming and outgoing traffic based on defined security rules. The issue here is that the firewall can mistakenly block legitimate communications between Cloudflare and your origin server. If you disable the firewalls and the error no longer exists, you may have to allow Cloudflare’s IP addresses. Be sure to also check your firewall’s rules and verify that Cloudflare isn’t on their list of IP addresses to block.
To disable firewalls or plugins in WordPress, click on the plugins section on your WordPress dashboard. Just remember to reestablish your firewall settings correctly after troubleshooting the 521 error code.
6. Contact Cloudflare support.
Once you have exhausted all efforts of troubleshooting the error on your own, you may want to consider reaching out to Cloudflare support. They have a very informative Docs section that you can check out for free. They also have other methods of contact depending on your plan level.
Resolving the 521 Error
Resolving a 521 error keeps your website professional and legitimate. If your website shows error 521, follow the steps above to get back on track as quickly as possible.