HTTP error codes such as 429 are a challenge because they often block you from accessing a website. To make sure you understand and can fix this problem, we’ll go over what “HTTP error 429: Too many requests” means and how to fix it.
HTTP Error 429
HTTP Error 429 is an HTTP response status code that indicates the client application has surpassed its rate limit, or number of requests they can send in a given period of time. Typically, this code will not just tell the client to stop sending requests — it will also specify when they can send another request.
As a website owner, you’ll run into an error message from time to time. Some of these errors will be relatively simple to solve, while others will be more intricate. Take the HTTP error 429 for example.
Troubleshooting this error is complicated because it provides few details on what it is or how to solve it. You know something’s wrong and you need to fix it — but you’re not exactly sure what happened or why.
Causes of HTTP Error 429: Too Many Requests
A 429 response is not technically an error — it’s a response from a server, application programming interface (API), or plugin that tells the client application to stop sending requests because they simply don’t have enough resources to accept it at this time.
The client application usually refers to a website or app, but can also refer to individual users like the site admin or a site visitor or hacker.
A 429 error may appear the following ways, with or without the phrase “too many requests”:
HTTP error 429
HTTP code 429
HTTP error code 429
HTTP status code 429
HTTP response code 429
Response code 429
429. That’s an error.
429 server error
There was a problem with the server 429
Problem with the server 429
Here are some of the potential causes:
Repeated Requests to the Server
A 429 is often triggered by repeated requests. For instance, if a user is trying to access a page on your website too often in a short period of time, your server may send a 429 error.
Any website or app could experience this error, including Facebook, Etsy, Doordash, Venmo, YouTube, PayPal, Airbnb, Google Search Console, and — of course — WordPress websites (more on how to fix WordPress 429 errors below).
Brute-Force Login Attempts
In the case of a brute-force login attempt, in which a hacker repeatedly tries to log into your site, the 429 error code is an important security measure. It sets a rate limit for additional requests, preventing the brute-force attacker from being successful.
Server Resource Limits
You might also get a 429 error if your website is using up too many resources on a shared hosting server or service. If, for example, more than 50 requests are received from an IP address within one minute, PayPal Sandbox will block that IP for the next five minutes.
While the 429 response may seem punitive, it’s actually a protective measure against users intentionally or accidentally abusing server resources (or an API, plugin, or another service). It’s designed to prevent a backup or overflow of requests that would strain a server, or other service, that is meant to be shared and consumed by many websites and apps. So, by controlling the number and timing of requests, rate limits prevent problems before they arise.
If you are seeing the HTTP 429 error on your site for other reasons, you may need to reduce the number of server requests or API calls you’re making.
How to Fix an HTTP 429 Error
- Wait to send another request.
- Clear your browser’s cache.
- Flush your DNS cache.
- Implement exponential backoff.
Most of the steps below focus on avoiding, rather than retroactively fixing, an HTTP 429 error. Take a look.
1. Wait to send another request.
The simplest way to fix an HTTP 429 error is to wait to send another request. Often, this status code is sent with a “Retry-after” header that specifies a period of time to wait before sending another request. It may specify only a few seconds or minutes.
Here’s an example that asks the client to wait an hour before sending another request.
HTTP/1.1 429 Too Many Requests
<title>Too Many Requests</title>
<h1>Too Many Requests</h1>
<p>Only 100 requests per hour per logged in user is allowed on this website. Try again soon.</p>
2. Clear your browser’s cache.
If waiting doesn’t work, try clearing your browser’s cache, which stores your browsing data as well as requests. If you no longer have this data stored in your browser, your next request may go through.
To do so in Chrome:
Click CMD + Shift + Delete on Mac or Control + Shift + Delete on Windows.
The “Clear browsing data” analog pop up.
Click on the Advanced tab.
Select the time range and the data you’d like to delete.
Click Clear data.
To find instructions for your specific browser, click here.
3. Flush your DNS cache.
Flushing your DNS cache is another option if clearing your browser’s cache doesn’t work. Your computer’s DNS cache saves your domain name server requests so that it can load websites more quickly the next time you access them. Unfortunately, this may result in HTTP error 429 if you’ve made numerous requests before the DNS cache’s time-to-live naturally expires.
To clear your DNS cache on Mac, take the following steps:
Scroll down to the Utilities folder and click it.
In the Terminal window, enter the following command string: sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder
Click enter, then input your admin password.
Click enter again.”
Find instructions for more operating systems here.
4. Implement exponential backoff.
If waiting, clearing your cache, or flushing your DNS cache don’t work, look for a “Retry-after” header again. If one is not sent and you don’t know how long to wait before trying, you should implement retries with exponential backoff.
Using this approach, you will not immediately repeat a failed request; instead, you will perform a series of retries with progressively longer wait times between each attempt. When the request is finally accepted, then you will know what wait time or rate is acceptable.
You can do this manually by using an exponential backoff calculator. Here’s how:
Access a calculator such as exponentialbackoffcalculator.com.
Input a time interval, such as 2 seconds.
Input the maximum number of retries or requests you’d like to make.
Input an exponential for subsequent requests.
Use a manual alarm or timekeeper to make new requests at the resulting timestamps.
Alternatively, if you’re a developer or advanced user, you can add code to implement this approach. For instance, you can use a framework like Celery that comes with a built-in exponential backoff module.
The steps discussed above are general fixes for the 429 “Too Many Requests” Error. If you have a WordPress site, then you may need a WordPress-specific solution.
How to Fix HTTP 429 Error on WordPress
1. Wait before re-accessing your website.
Your WordPress hosting provider may be receiving too many requests to load your website, resulting in an HTTP 429 error. This is especially likely if you use shared hosting, where your website is only allotted a limited number of resources on the host’s server.
In that case, be patient — the error will resolve on its own. If it keeps happening, however, you might want to upgrade to a dedicated hosting or VPS hosting plan.
You can also try clearing you cache, flushing your DNS cache, and trying exponential backoff during this step.
2. Hide or move your default WordPress login page.
Sometimes, HTTP 429 errors can arise due to cybersecurity attacks such as brute-force attacks on your WordPress login page. You can determine whether you’re under a cybersecurity attack in several ways:
Check your traffic sources using a WordPress traffic plugin or a tool such as Google Analytics. If you’re seeing a spike in traffic without a valid reason (such as a marketing or advertising campaign), then you may be under attack.
If the traffic source is from an unfamiliar country, that may also be a sign that someone from that location is trying to hack you.
If the traffic source is from one specific IP address, that may a sign that a single attacker is trying to login to your backend.
To move your default login page, you only need to change its URL. That can be easily done using the WPS Hide Login plugin.
Here’s how to use it:
Install the plugin through your WordPress admin dashboard.
Access the plugin’s Settings page.
Next to Login URL, add the new slug for your login page.
Click Save Changes.
Save the new URL somewhere for safekeeping — the last thing you want is to forget where to login!
3. Deactivate your plugins one-by-one.
If you’re still getting HTTP error 429 after waiting, clearing your cache, and checking for brute force attacks, it’s time to look at the next likely culprit: WordPress plugins.
WordPress plugins offer a wealth of functionality to WordPress website owners, but they can also cause performance issues, including HTTP errors such as 429.
Rather than deactivating them all at once, do so one-by-one so that you can isolate the culprit. Here’s how:
On your WordPress dashboard’s sidebar, tap Plugins > Installed Plugins.
Click Deactivate on the first plugin.
Check to see if this resolves the issue by accessing your website through an incognito window.
If not, deactivate the next one until all plugins are deactivated.
Activate them one-by-one once you’re finished.
4. Uninstall your custom theme.
If you’re using a custom WordPress theme from a marketplace such as ThemeForest or Envato, that may be the culprit. Make sure you save a backup of your website prior to deactivating the custom theme and temporarily installing a default WordPress theme.
5. Set your own throttling limit for any APIs.
An advanced technique you can try is to set a throttling limit if you’re using APIs on your website. Throttling is the process of limiting the number of requests an application can submit in a given amount of time. If this limit is exceeded, the server or API requests will typically be dropped or fulfilled with cached data.
While this approach is most often used by third-party APIs or platforms to prevent client apps from exceeding their limits, it can also be useful for restricting your own consumption of third-party APIs or server resources.
In fact, you can implement a stricter throttling limit for yourself to prevent going over the limits of a server, API, or other service you’re using. This is an especially good idea if you’re using a costly API, like the Twitter API, and don’t want to exceed your usage policy.
6. Contact your hosting provider.
Contacting your hosting provider is always an option for any error on your website, but it should be one of the last options you try.
If you’ve tried the steps above and are still seeing the 429 error, it’s possible that the cause originated from your server and not your website. It’s also possible that your host blocks requests from specific third-party services or platforms, like Google Search Console, which makes lots of requests to websites. By reaching out to your provider, they may be able to solve the issue or provide valuable insight.
How to Avoid an HTTP 429 Error
The most simple way to avoid this error is to reduce the number of requests made in a short period of time. The server is keeping track of how many requests per time unit you make and will enforce it — leading to a temporary block if exceeded. Some servers send this information in the header, on rare occasions.
And remember, receiving a 429 is not necessarily an error, it’s the server’s way of telling you your rate of requests is too high and not willing to accept those actions.
Though in some instances, the reason for the error may be your server rather than with your website. If that’s the case, nothing you will do from your side will help and you should contact your hosting provider for a resolution.
Resolving the HTTP 429 Error
An HTTP 429 error is common, but can be avoided by paying attention to rate limits set by your server, API, plugin, or more. If you exceed those limits, there are steps you can take to resolve a 429 error. By doing so, you’ll continue to provide visitors with a seamless user experience on your site.
This article was originally published in December 2020 and has been updated for comprehensiveness.